时间戳

首页 > 解决方案 > 当 Azure AD 和身份服务器通过 cookie 进行消息交换时不可用?

asp.net-core - 当 Azure AD 和身份服务器通过 cookie 进行消息交换时不可用?

问题描述

我正在使用 IS4 作为 Azure AD 的联合网关进行设置。在发生某些事情之前一切正常,我不再收到来自 Azure AD 的 cookie。服务器设置如下:

 IdentityModelEventSource.ShowPII = true; //Add this line

        services.AddIdentityServer(options =>
         {
             options.Events.RaiseErrorEvents = true;
             options.Events.RaiseFailureEvents = true;
             options.Events.RaiseInformationEvents = true;
             options.Events.RaiseSuccessEvents = true;
             options.PublicOrigin = settings.PublicOrigin;
             options.Authentication = new AuthenticationOptions()
             {
                 CookieLifetime = TimeSpan.FromHours(1), // ID server cookie timeout set to 10 hours
                 CookieSlidingExpiration = true
                 ,
             };
         })
            .AddInMemoryApiResources(Config.GetApis())
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryClients(Config.GetClients())
            .AddDeveloperSigningCredential(persistKey: false)
            .AddCustomUserStore()
            .AddProfileService<ProfileService>();

        services
            .AddAuthentication(options =>
            {
            })
            .AddOpenIdConnect("aad", "Sign-in with Azure AD", options => Configuration.Bind("AzureAd", options))
            .AddCookie()
            .AddLocalApi(options => options.ExpectedScope = "api");

        services.Configure<OpenIdConnectOptions>("aad", options =>
                    {
                        options.Scope.Add("openid");
                        options.Scope.Add("profile");
                        options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                        options.SignOutScheme = IdentityServerConstants.SignoutScheme;
                        options.ResponseType = "id_token";

                    });

        // preserve OIDC state in cache (solves problems with AAD and URL lenghts)
        services.AddOidcStateDataFormatterCache("aad");

客户端如下:

new Client
            {
                ClientId = "implicit",
                ClientName = "Implicit Client",
                AllowAccessTokensViaBrowser = true,
                RequireConsent = false,

                RedirectUris = { "https://notused" },
                PostLogoutRedirectUris = { "https://notused" },

                AccessTokenType = AccessTokenType.Jwt,
                AccessTokenLifetime = 3600,
                AllowedGrantTypes = GrantTypes.Implicit,
                EnableLocalLogin=false,
                AllowedScopes = {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,
                    "api"},
            },

我从Quickstarts获得了样本,并根据我的需要对其进行了调整。一切正常,直到它没有。

它在这里失败:

result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);

因为它没有在上下文中找到任何 Cookie。如何解决此问题?什么时候(什么条件)Cookies 通常不存在于上下文中?(鉴于他们应该是)我没有使用 AspNet Identity。我只想要外部登录。

标签: asp.net-corecookiesazure-active-directorysession-cookiesidentityserver4

解决方案

推荐阅读