时间戳

首页 > 解决方案 > 我在身份服务器 4 .Net Core 中的外部授权请求不支持默认请求的状态参数值长度

c# - 我在身份服务器 4 .Net Core 中的外部授权请求不支持默认请求的状态参数值长度

问题描述

1. Tried to customize the state parameter with the below code



options.Events = new OpenIdConnectEvents
                    {
                        OnRedirectToIdentityProvider = (RedirectContext context) =>
                        {
                            //context.ProtocolMessage.SetParameter("CustomParameter", "Test");
                            //context.Properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, context.ProtocolMessage.RedirectUri);
                            //context.ProtocolMessage.State = context.Options.StateDataFormat.Protect(context.Properties);
                            context.ProtocolMessage.State = Guid.NewGuid().ToString();
                            context.Response.Redirect(context.ProtocolMessage.CreateAuthenticationRequestUrl());
                            context.HandleResponse();
                            return Task.CompletedTask;
                        }

使用外部登录屏幕进行身份验证后出现以下错误。

2021-08-25 15:17:52.713 +00:00 [ERR] An unhandled exception has occurred while executing the request.
System.Exception: An error was encountered while handling the remote login.
 ---> System.Exception: Unable to unprotect the message.State.
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext

上下文)在 IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext 上下文)在 Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware 中间件,HttpContext 上下文,任务任务)

Q1: Is there any way to customize the state parameter value? Default generated value length is my only concern. 
Q2: Is it possible to set guid as status param value?

Please advise.

标签: c#identityserver4

解决方案

默认情况下,上下文身份验证属性由OnRedirectToIdentityProvider中的 Protect 方法加密,然后从成功的身份验证状态开始,将由 OnMessageReceived 中的 UnProtect 方法解密。我们必须在稍后将自定义 guid 的数据和受保护的字符串映射到取消保护身份验证属性之间进行转换。

    options.Events = new OpenIdConnectEvents
                        {
                            OnRedirectToIdentityProvider = (RedirectContext context) =>
                            {
                                //context.ProtocolMessage.SetParameter("CustomParameter", "Test");
                                context.Properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, context.ProtocolMessage.RedirectUri); ;
                                context.ProtocolMessage.State = CacheHelper.SetMemoryCache(Guid.NewGuid().ToString(), context.Options.StateDataFormat.Protect(context.Properties));
                                context.Response.Redirect(context.ProtocolMessage.CreateAuthenticationRequestUrl());
                                context.HandleResponse();
                                return Task.CompletedTask;
                            },
                            OnMessageReceived = (MessageReceivedContext context) =>
                            {
                                context.ProtocolMessage.State = CacheHelper.GetMemoryCache(context.ProtocolMessage.State);
                                context.Properties = context.Options.StateDataFormat.Unprotect(context.ProtocolMessage.State);
                                return Task.CompletedTask;
                            },
                            OnAuthorizationCodeReceived = (AuthorizationCodeReceivedContext context) =>
                            {
                                return Task.CompletedTask;
                            }
                        };

推荐阅读