时间戳

首页 > 解决方案 > 身份服务器 4 无限循环

c# - 身份服务器 4 无限循环

问题描述

我正在开发一个 asp.net core 2.1 项目,其中安装了身份服务器 4,用户使用实体框架存储在 SQL 数据库中。登录成功后,Web 项目有一个登录页面和一个仪表板。

请在 Startup.cs 中的代码下方找到,

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        string connectionString = Configuration.GetConnectionString("DefaultConnection");
        var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

        services.AddMvc();

        services.AddDbContext<ApplicationDbContext>(builder =>
            builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));

        services.AddDbContext<SingleSignOn_dbContext>(builder =>
            builder.UseSqlServer(connectionString));

        services.AddIdentity<IdentityUser, IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>();

        services.AddIdentityServer(options =>
        {
            options.UserInteraction.LoginUrl = "/Master/Login"; // Set the default login page for Identity server.
        }).AddOperationalStore(options =>
                options.ConfigureDbContext = builder =>
                   builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))

            .AddConfigurationStore(options =>
                options.ConfigureDbContext = builder =>
                    builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
            .AddAspNetIdentity<IdentityUser>()
            .AddDeveloperSigningCredential();

        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Master/Error");
            app.UseHsts();
        }

        // Only need to run this once.
        InitializeDbTestData(app);

        app.UseIdentityServer();
        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Master}/{action=Login}/{id?}");
        });
    }

IDS 中的客户详细信息如下:

 new Client {
                    ClientId = "SingleSignOnInternalClient",
                    ClientName = "Example Implicit Client Application",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        "role",
                        "customAPI.write"
                    },
                    AllowedCorsOrigins = new List<string> {"192.168.6.112"},
                    RedirectUris = new List<string> {"https://localhost:44330/signin-oidc"},  // Configuration.GetSection("TestClient").GetSection("RedirectURL").Value
                    PostLogoutRedirectUris = new List<string> {"https://localhost:44330"},
                    RequireConsent = false,
                    AllowRememberConsent = false,
                    AccessTokenType = AccessTokenType.Jwt
                },

我使用 asp.net core 2.1 创建了一个客户端项目,并在联系页面(主页控制器)中授权属性。当我们点击联系页面时,它会重定向到另一个安装了身份服务器的项目的登录页面,并且当用户授权成功时。页面被重定向到无限循环。

客户端启动文件:

 public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

        // Use cooking authentication for signing in users.
        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "cookie";
            options.DefaultChallengeScheme = "oidc";
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        })
        .AddCookie("cookie")
        .AddOpenIdConnect("oidc", options =>
        {
            options.Authority = Configuration.GetValue<string>("Authority:EndPoint");    //services.Configure<"Authority">(Configuration.GetSection("EndPoint"));
            options.ClientId = "SingleSignOnInternalClient";
            options.SignInScheme = "cookie";
            options.SaveTokens = true;
            //options.GetClaimsFromUserInfoEndpoint = true;    
            options.RequireHttpsMetadata = false;
        });

        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => false;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(
                Configuration.GetConnectionString("DefaultConnection")));
        services.AddDefaultIdentity<IdentityUser>()
            .AddEntityFrameworkStores<ApplicationDbContext>();

        services.AddMvc(options =>
        {
            ///options.Filters.Add

        }).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }
}

客户端输出日志(无限重定向循环):

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: 请求开始 HTTP/1.1 POST http://localhost:44330/signin-oidc application/x-www-form-urlencoded 1473 Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information : AuthenticationScheme: cookie 登录。 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: 请求在 5.4353 毫秒内完成 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: 请求开始 HTTP/1.1 GET http://localhost:44330 /首页/联系方式
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:信息:路由与 {action = "Contact", controller = "Home", page = "", area = ""} 匹配。在控制器 IdentityTestClient.Controllers.HomeController (IdentityTestClient) 上执行带有签名 Microsoft.AspNetCore.Mvc.IActionResult Contact() 的控制器操作。Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:信息:授权失败。Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:信息:过滤器“Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter”处的请求授权失败。Microsoft.AspNetCore.Mvc.ChallengeResult:信息:使用身份验证方案执行 ChallengeResult ()。Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:信息:AuthenticationScheme:oidc 受到质疑。Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:信息:在 8.3527 毫秒内执行操作 IdentityTestClient.Controllers.HomeController.Contact (IdentityTestClient) Microsoft.AspNetCore.Hosting.Internal.WebHost:信息:请求在 17.5244 毫秒内完成 302

无限循环的Url如下,

https://localhost:44307/connect/authorize?client_id=SingleSignOnInternalClient&redirect_uri=https%3A%2F%2Flocalhost%3A44330%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636969892902312620.YzUzMWRiNTktN2Q5Mi00NzZiLWJhMjQtNzEzMjI5Mzk1MTE2ZjM5NWQ2NTEtOTQ4Yi00MDljLWIyYzQtNWE5OTA3YWZkMDFj&state=CfDJ8HSRls71XI5DkQoP2L7ypNS9cYyKsLJm7m1dhd3hXQldeb3Esa0g7uZHU6MiqjlsqTk6h7QaqxXsFuMk05KZfdVdN2qJ9j9v5zVg-BeAFNT5rH_Suq8NUl47VUSfTl6zyrBLxYYgeLn8gfdaQpbmwsynpBuMZ9FR8C8eoVNxyPyQ0nGdBryxybey4QFO1xnwiENQtddWxPexgDBNsAGFNd5l6IYhdHaunWz9Ab7NHS68xdfwORdsNFMJRHtUxAGGhQ08U1WP_-TD2xm1rctVfUFZ_GqoNyc_KDanEmp4AVo5eEF0KgQl6mx4kH0PRMPHeDh3KjZTddKEVQglT0J2Kjo&x-client- SKU=ID_NETSTANDARD1_4&x-client-ver=5.2.0.0

这两个项目都将 SSL 配置为在本地运行 https。

我正在尝试实现单点登录解决方案,该解决方案在不同域中有多个网站并使用身份服务器进行登录。任何输入将不胜感激。

标签: c#asp.net-mvcasp.net-coresingle-sign-onidentityserver4

解决方案

services.AddDefaultIdentity<IdentityUser>().AddEntityFrameworkStores<ApplicationDbContext>();

不需要客户端。除了其他事情之外,只有您的 IdP 应该有权访问,它会重新配置您的身份验证方案参数。您可以随时将您的配置与官方存储库中的最低工作配置进行比较。

推荐阅读