asp.net-core - 使用 reverseProxy 重定向到 signin-oidc 后的 Identity Server 4 显示“message.State 为 null 或为空”。
问题描述
我在尝试使用 IdentityServer4 进行身份验证时不断收到错误消息。
IS4: http ://dev.com/
小路:
1)通过访问http://dev.com/Account/security我被重定向到http://dev.com/login。
2)登录后,我被重定向到http://dev.com/Account/signin-oidc 并且我得到 Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty。
我的 IS4 配置:
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.IssuerUri = Configuration.GetIssuerUri();
options.PublicOrigin = Configuration.GetPublicOrigin();
options.UserInteraction.LoginUrl = "/Login/login";
options.UserInteraction.LogoutUrl = "/Login/logout";
})
.AddSigningCredential(Configuration.GetSigningCertificate())
.AddValidationKey(Configuration.GetValidationKeyCertificate())
.AddInMemoryIdentityResources(Config.Ids)
.AddInMemoryApiResources(Config.Apis)
.AddInMemoryClients(Config.Clients)
.AddAspNetIdentity<ApplicationUser>();
IS4 配置中的客户端:
new Client
{
ClientName = "Aplikacja do zarządzania kontem",
ClientId = "Account",
ClientSecrets = { new Secret("secret".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
RequirePkce = true,
// where to redirect to after login
RedirectUris = { "http://dev.com/Account/signin-oidc" },
// where to redirect to after logout
PostLogoutRedirectUris = { " http://dev.com/Account/signout-callback-oidc" },
AllowedScopes = new List<string>
{
...
},
AllowOfflineAccess = true
},
客户端启动:
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseNpgsql("XXX"));
services.AddXServices(Configuration);
services.AddXValidators();
services.AddXMappers();
services.AddXRepositories();
services.AddControllersWithViews();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultMapInboundClaims = true;
services.AddXentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.Xority = " http://dev.com/";
options.RequireHttpsMetadata = false;
options.ClientId = "Account";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.GetClaimsFromUserInfoEndpoint = false;
options.CallbackPath = "/Account/signin-oidc";
......
options.SaveTokens = true;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseSerilogRequestLogging();
app.UseStaticFiles();
app.UseRouting();
var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.All
};
app.UseForwardedHeaders(fordwardedHeaderOptions);
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
var prefix = Configuration.GetUrlPrefix();
endpoints.MapControllerRoute(
name: "default",
pattern: prefix + "{controller=Test}/{action=Index}")
.RequireHost(Configuration.GetRequiredHosts()).RequireAuthorization();
endpoints.MapControllerRoute(
defaults: new { controller = "security" },
name: "security",
pattern: prefix + "security/{action=security}")
.RequireHost(Configuration.GetRequiredHosts()).RequireAuthorization();
endpoints.MapControllerRoute(
name: "error",
pattern: prefix + "Error/",
defaults: new { controller = "Error", action = "Error" })
.RequireHost(Configuration.GetRequiredHosts());
});
}
本地没有反向代理工作
解决方案
推荐阅读
- ios - 更新后无法构建项目
- angular - 我想在行中显示数据,但在列中显示...如何更改它
- c# - C#:使用 Field 方法按数据表中的多列进行 LINQ 查询分组
- snmp - SNMP : snmpbulkget - 非重复和最大重复
- excel - 意外结果 - 使用 IF() 获取文本数据
- composer-php - 通过 Composer 提取 silverstripe/upgrader 的 zip 文件时出错
- visual-studio-2010 - 如何将 Xforms 转换为 Normal windows 窗体
- vuejs2 - 我需要将数据从组件传递到另一个?
- image - 如何使用 url src 图像作为 id 从文件夹中删除图像?
- mysql - InnoDB:innodb_system 数据文件 'ibdata1' 必须是可写的