c# - 我在身份服务器 4 .Net Core 中的外部授权请求不支持默认请求的状态参数值长度
问题描述
1. Tried to customize the state parameter with the below code
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = (RedirectContext context) =>
{
//context.ProtocolMessage.SetParameter("CustomParameter", "Test");
//context.Properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, context.ProtocolMessage.RedirectUri);
//context.ProtocolMessage.State = context.Options.StateDataFormat.Protect(context.Properties);
context.ProtocolMessage.State = Guid.NewGuid().ToString();
context.Response.Redirect(context.ProtocolMessage.CreateAuthenticationRequestUrl());
context.HandleResponse();
return Task.CompletedTask;
}
使用外部登录屏幕进行身份验证后出现以下错误。
2021-08-25 15:17:52.713 +00:00 [ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Unable to unprotect the message.State. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext
上下文)在 IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext 上下文)在 Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware 中间件,HttpContext 上下文,任务任务)
Q1: Is there any way to customize the state parameter value? Default generated value length is my only concern.
Q2: Is it possible to set guid as status param value?
Please advise.
解决方案
默认情况下,上下文身份验证属性由OnRedirectToIdentityProvider中的 Protect 方法加密,然后从成功的身份验证状态开始,将由 OnMessageReceived 中的 UnProtect 方法解密。我们必须在稍后将自定义 guid 的数据和受保护的字符串映射到取消保护身份验证属性之间进行转换。
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = (RedirectContext context) =>
{
//context.ProtocolMessage.SetParameter("CustomParameter", "Test");
context.Properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, context.ProtocolMessage.RedirectUri); ;
context.ProtocolMessage.State = CacheHelper.SetMemoryCache(Guid.NewGuid().ToString(), context.Options.StateDataFormat.Protect(context.Properties));
context.Response.Redirect(context.ProtocolMessage.CreateAuthenticationRequestUrl());
context.HandleResponse();
return Task.CompletedTask;
},
OnMessageReceived = (MessageReceivedContext context) =>
{
context.ProtocolMessage.State = CacheHelper.GetMemoryCache(context.ProtocolMessage.State);
context.Properties = context.Options.StateDataFormat.Unprotect(context.ProtocolMessage.State);
return Task.CompletedTask;
},
OnAuthorizationCodeReceived = (AuthorizationCodeReceivedContext context) =>
{
return Task.CompletedTask;
}
};
推荐阅读
- docker - 无法建立 TestCafe 与 docker chrome headless 的连接
- bash - TSHARK DNS 到 LOGFILE
- angular - 如何为小写创建我自己的指令
- python-3.x - 给定一个 valley_list。在python中找到给定谷列表中的整数键
- javascript - 向符号添加类使符号出现在下一行
- r - 我从数据子集的方差分析中得到的结果是否有效?
- jquery - 具有一个值的组合框的jquery选择事件
- python - Jupyter Notebook KernelRestarter 重新启动,然后 Notebook Killed
- typescript - 将数字类型转换为对应的字符串一
- c# - 使 MAF AddInProcess.exe “长路径感知”