首页 新闻 搜索 专区 学院

mvc客户端登录验证回调异常,服务端使用Identityserver4认证

0
悬赏园豆:15 [已解决问题] 解决于 2019-05-22 12:22

我有一个mvc客户端,使用的是混合模式认证,本地运行没有问题,但是部署到服务器以后,is4认证通过后回调,就直接跳转到/signin-oidc,提示该网页无法正常运作,如果问题仍然存在,请与网站所有者联系。HTTP ERROR 400,查看日志也没有看到错误日志输出。

 

以下是客户端的代码:

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                
                options.Authority = “http://192.168.10.100:8080”;
                options.RequireHttpsMetadata = false;

                options.ClientId = “mvc”;
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";

                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Clear();
                options.Scope.Add("openid");
                options.Scope.Add("profile");

            });
            app.UseCookiePolicy();
            app.UseAuthentication();
            app.UseStaticFiles();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });

从代码上看,我也发现不了什么问题,使用同样的方法部署了多个站点,其它的都可以,就是这个不行,服务器验证成功以后,就直接跳转到http://192.168.10.133/signin-oidc, 同时出现400错误。

客户端日志:

2019-05-11 10:51:24.283 +08:00 [WRN] Using an in-memory repository. Keys will not be persisted to storage.
2019-05-11 10:51:24.402 +08:00 [WRN] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
2019-05-11 10:51:24.530 +08:00 [WRN] No XML encryptor configured. Key "3c666a7d-6e97-4f97-8b52-861cb03f5347" may be persisted to storage in unencrypted form.
2019-05-11 10:51:26.492 +08:00 [INF] Cookies was not authenticated. Failure message: Unprotect ticket failed
2019-05-11 10:51:27.104 +08:00 [INF] AuthenticationScheme: oidc was challenged.

 

is4服务器端也没有报错的日志

2019-05-11 10:51:27.022 +08:00 [DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2019-05-11 10:51:27.022 +08:00 [DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019-05-11 10:51:27.022 +08:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2019-05-11 10:51:27.022 +08:00 [DBG] Start discovery request
2019-05-11 10:51:27.028 +08:00 [DBG] Found ["openid","profile","school","api1"] as all scopes in database
2019-05-11 10:51:27.078 +08:00 [DBG] Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
2019-05-11 10:51:27.078 +08:00 [DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
2019-05-11 10:51:27.078 +08:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
2019-05-11 10:51:27.078 +08:00 [DBG] Start key discovery request
2019-05-11 10:51:27.128 +08:00 [DBG] Request path /connect/authorize matched to endpoint type Authorize
2019-05-11 10:51:27.128 +08:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019-05-11 10:51:27.128 +08:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
2019-05-11 10:51:27.128 +08:00 [DBG] Start authorize request
2019-05-11 10:51:27.129 +08:00 [DBG] User in authorize request: 8cd82630f81a
2019-05-11 10:51:27.129 +08:00 [DBG] Start authorize request protocol validation
2019-05-11 10:51:27.134 +08:00 [DBG] CLIENT found in database: true
2019-05-11 10:51:27.134 +08:00 [DBG] client configuration validation for client CLIENT succeeded.
2019-05-11 10:51:27.134 +08:00 [DBG] Checking for PKCE parameters
2019-05-11 10:51:27.134 +08:00 [DBG] No PKCE used.
2019-05-11 10:51:27.136 +08:00 [DBG] Found ["openid","profile"] identity scopes in database
2019-05-11 10:51:27.141 +08:00 [DBG] Found ["api1"] API scopes in database
2019-05-11 10:51:27.142 +08:00 [DBG] Found ["openid","profile"] identity scopes in database
2019-05-11 10:51:27.146 +08:00 [DBG] Found ["api1"] API scopes in database
2019-05-11 10:51:27.146 +08:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019-05-11 10:51:27.146 +08:00 [INF] ValidatedAuthorizeRequest
{"ClientId":"CLIENT","ClientName":"CLIENT","RedirectUri":"http://192.168.10.133:8080/signin-oidc","AllowedRedirectUris":["http://192.168.10.133:8080/signin-oidc","http://localhost:29111/signin-oidc"],"SubjectId":"8cd82630f81a","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"systemapi pmapi basicapi offline_access openid profile","State":"4UgFIk6n4JAz_AJ1pwfbY0T57p00Dq2XlFiV3BJ6_oM649ZRVQZvSwVcft4wYrU8C3iBa8VWOoCrwTl3orAV45jjQIsQdG0sVdBtFhVHp8upsAE1waRfSu3eibU6M9_tm2m3DwG-EEqKE5h-k2fDOmYqP5cjab5SWRJtjjoDIGzjPwIReNk7lnAOquyMUtarJz_sUdC3qhyMoJvPaNmkGpoXLUxs0kIh8Efxu0S_ecIfD4N3X1hesEDtP6ScQ0lV7QmuS4BBNlvtKuPaZBP0EKnNf0cxyLORneSDX_4Y1SY8VF83JzI4Ayi0_N4","UiLocales":null,"Nonce":"636931398870976449.YjAzYmJjODEtNGVkMi00MTRiLWIwM2QtMTUyZjZjNGJmMDFkNzJlY2U5OTYtZGY3OS00ZmE3LWEyNzAtNjNiMjBmOWZiMmRl","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":"2e8794e302771caf27710bb9916dbbcd","Raw":{"client_id":"CLIENT","redirect_uri":"http://192.168.10.133:8080/signin-oidc","response_type":"code id_token","scope":"systemapi pmapi basicapi offline_access openid profile","response_mode":"form_post","nonce":"636931398870976449.YjAzYmJjODEtNGVkMi00MTRiLWIwM2QtMTUyZjZjNGJmMDFkNzJlY2U5OTYtZGY3OS00ZmE3LWEyNzAtNjNiMjBmOWZiMmRl","state":"4UgFIk6n4JAz_AJ1pwfbY0T57p00Dq2XlFiV3BJ6_oM649ZRVQZvSwVcft4wYrU8C3iBa8VWOoCrwTl3orAV45jjQIsQdG0sVdBtFhVHp8upsAE1waRfSu3eibU6M9_tm2m3DwG-EEqKE5h-k2fDOmYqP5cjab5SWRJtjjoDIGzjPwIReNk7lnAOquyMUtarJz_sUdC3qhyMoJvPaNmkGpoXLUxs0kIh8Efxu0S_ecIfD4N3X1hesEDtP6ScQ0lV7QmuS4BBNlvtKuPaZBP0EKnNf0cxyLORneSDX_4Y1SY8VF83JzI4Ayi0_N4","x-client-SKU":"ID_NETSTANDARD2_0","x-client-ver":"5.3.0.0"},"$type":"AuthorizeRequestValidationLog"}
2019-05-11 10:51:27.146 +08:00 [DBG] Client is configured to not require consent, no consent is required
2019-05-11 10:51:27.146 +08:00 [DBG] Creating Hybrid Flow response.
2019-05-11 10:51:27.148 +08:00 [DBG] yTrOyFNaDGDdjoCALDkxbh46YqQstu0Kn5xz1xtdLzY= not found in database
2019-05-11 10:51:27.150 +08:00 [DBG] Creating Implicit Flow response.
2019-05-11 10:51:27.150 +08:00 [DBG] Getting claims for identity token for subject: 8cd82630f81a and client: CLIENT
2019-05-11 10:51:27.151 +08:00 [DBG] Claim types from profile service that were filtered: ["sub","idp","amr","auth_time"]
2019-05-11 10:51:27.153 +08:00 [INF] Authorize endpoint response
{"SubjectId":"8cd82630f81a","ClientId":"CLIENT","RedirectUri":"http://192.168.10.133:8080/signin-oidc","State":"4UgFIk6n4JAz_AJ1pwfbY0T57p00Dq2XlFiV3BJ6_oM649ZRVQZvSwVcft4wYrU8C3iBa8VWOoCrwTl3orAV45jjQIsQdG0sVdBtFhVHp8upsAE1waRfSu3eibU6M9_tm2m3DwG-EEqKE5h-k2fDOmYqP5cjab5SWRJtjjoDIGzjPwIReNk7lnAOquyMUtarJz_sUdC3qhyMoJvPaNmkGpoXLUxs0kIh8Efxu0S_ecIfD4N3X1hesEDtP6ScQ0lV7QmuS4BBNlvtKuPaZBP0EKnNf0cxyLORneSDX_4Y1SY8VF83JzI4Ayi0_N4","Scope":"openid profile systemapi pmapi basicapi offline_access","Error":null,"ErrorDescription":null,"$type":"AuthorizeResponseLog"}

denli的主页 denli | 初学一级 | 园豆:27
提问于:2019-05-11 11:44
< >
分享
最佳答案
0

服务器的配置问题导致

denli | 初学一级 |园豆:27 | 2019-05-22 12:20
其他回答(4)
0

options.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;添加这个试试??

收获园豆:15
Jeffcky | 园豆:2563 (老鸟四级) | 2019-05-11 14:31

谢谢!!

但是还是不行,这个错误确实挺烦人的。

 

支持(0) 反对(0) denli | 园豆:27 (初学一级) | 2019-05-11 17:26
0

授权服务器里 Client实例要配置属性RequireConsent=true;

ylonchou | 园豆:202 (菜鸟二级) | 2019-12-09 17:17
0

请问楼主如何解决这个问题的?

BravoBQW | 园豆:202 (菜鸟二级) | 2020-03-25 14:28
0

请问楼主如何解决这个问题的?

老张的哲学 | 园豆:2 (初学一级) | 2020-05-11 01:17
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册