c# - 例外:关联失败。在 C# 中使用 Okta 的未知位置
问题描述
因此,我正在构建一个 ASP.NET Core 2.2 应用程序,并尝试在该系统中实施 Okta 验证。我已经看到“异常:相关失败”的这个问题已经在许多留言板上的许多线程上进行了讨论,我已经尝试了这些解决方案,但我担心它们都没有奏效。
我很茫然,需要有一个新的角度来看待它。
因此,当我最初将其实现到代码中时,我按照 Okta it self 的文档中所述进行了操作。到现在为止,我添加了其他解决方案的一部分,所以它增长了一点。
启动.cs
public void ConfigureServices(IServiceCollection services)
{
// Some people had issues with this one being in here,
// but for me it "works" with and without
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
// here are some services.AddTransient and cors policies
services.Configure<OpenIdConnectOptions>(options =>
{
options.Events.OnRemoteFailure = RemoteAuthFail;
});
// Basicly here is where I added the boilerplate code made by okta.
// As I was looking into threads trying to solve the issue it grew into this
////////////////////////////////////
services.AddAuthentication(options =>
{
options.DefaultScheme = "somename";
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.MvcAuthenticationScheme;
})
.AddCookie(cookieAuthOptions =>
{
cookieAuthOptions.Cookie.Name = "chocolatechip";
cookieAuthOptions.AccessDeniedPath = "/error/accessdenied";
cookieAuthOptions.ExpireTimeSpan = new TimeSpan(0,2,0);
})
.AddOpenIdConnect("OpenIdConnect", option =>
{
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = redirectContext =>
{
if (Env.IsEnvironment("Debug"))
{
//Force scheme of redirect URI(THE IMPORTANT PART)
redirectContext.ProtocolMessage.RedirectUri = redirectContext.ProtocolMessage.RedirectUri.Replace("https://", "http://", StringComparison.OrdinalIgnoreCase);
}
return Task.FromResult(0);
}
};
option.ClientId = "SomeClientId";
option.ClientSecret = "SomeClientSecret";
option.CallbackPath = "TheCallbackPath";
option.Authority = "This is suppose to be some URI";
})
.AddOktaWebApi(new OktaWebApiOptions()
{
AuthorizationServerId = "anotherId",
OktaDomain = "TheDevDomain"
});
////////////////////////////////////
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddMvc(options => options.OutputFormatters.Add(new HtmlOutputFormatter()));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddLog4Net("log4net.config", false);
app.UseHttpStatusCodeExceptions();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors(CRSpecificOrigins);
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc();
}
解决方案
我很快就遇到了同样的问题。我使用下面的代码解决了这个问题。也许它有帮助。
在 AddOpenIdConnect("oidc or xxx") 的代码块中。
如果您使用 .net core > 2.*
options.NonceCookie.SameSite = (SameSiteMode) (-1);
options.CorrelationCookie.SameSite = (SameSiteMode) (-1);
如果您使用 .net > 3.*
options.NonceCookie.SameSite = SameSiteMode.Unspecified;
options.CorrelationCookie.SameSite = SameSiteMode.Unspecified;
推荐阅读
- training-data - KITTI 数据集裁剪标记点云
- haskell - 无法从实例声明的超类中推断出(半群(可选 a))
- mysql - customer_code '在where子句中不是明确的吗?
- python - Python - 抓取 IMDb 网站时出现 XPath 问题
- html - 导航栏中的下拉菜单未显示元素列表(Angular 6)
- c# - await SendAsync 不在 TPL 数据流 BatchBlock 上等待
- keras - 如何设置正确的 classLabels 数量?
- shell - 变量在 .sh 中被打乱
- java - 为什么在 Kotlin 中启动新的 Android 活动需要 Java 类?
- database - 使用条目更改数据库架构