使用Owin进行Twitter外部登录可提供HTTP 403(禁止访问) [英] Twitter external login with Owin gives HTTP 403 (Forbidden)
问题描述
ASP.NET MVC 5项目.
Owin版本4.0.0.0
ASP.NET MVC 5 Project.
Owin Version 4.0.0.0
Startup.Auth
app.UseTwitterAuthentication(
consumerKey: "somekey",
consumerSecret: "someSecretKey");
ExternalLogin
方法中发生了异常
The exception happened in the ExternalLogin
method
响应状态代码不指示成功:403(禁止).
Response status code does not indicate success: 403 (Forbidden).
这是回调URL
仅供参考:该网站是真实的,并且可以正常运行,Twitter登录已在几周前运行,但现在突然开始因先前的错误而失败.
FYI: the website is real and it is working without problem, The Twitter Login was working a couple of weeks ago, but Now, suddenly, started to fail with the previous error.
StackTrace
[HttpRequestException: Response status code does not indicate success: 403 (Forbidden).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +121834
Microsoft.Owin.Security.Twitter.<ObtainRequestTokenAsync>d__23.MoveNext() +2387
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Twitter.<ApplyResponseChallengeAsync>d__12.MoveNext() +1091
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +376
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +475
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +215
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +968
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +184
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
System.Web.<>c__DisplayClass11_0.<InvokeEndHandler>b__0() +41
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +151
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +156
推荐答案
在过去的一两周中,我们遇到了类似的问题,发现Twitter以前没有验证回调URL,但已经开始对其进行检查.
We had a similar issue in the past week or two and found that Twitter, while previously not validating the callback URL, have started checking it.
Twitter的登录流程如下:
The login flow for Twitter is like this:
- 客户致电您的后端.
- 后端使用回调URL,密钥等调用Twitter API.
- Twitter发出登录URL.
- 由于挑战,后端将客户端重定向到登录URL.
- 客户端登录Twitter(并授权该应用)
- Twitter重定向到回调URL(通常为
https://www.example.com/signin-twitter
,除非您指定备用callbackPath
) - 后端接收Twitter令牌.
- Client calls your backend.
- Backend calls Twitter API with callback URL, keys, etc.
- Twitter issues a login URL.
- Backend redirects client to login URL as a result of the challenge.
- Client logs in on Twitter (and authorises the app)
- Twitter redirects to the callback URL (usually
https://www.example.com/signin-twitter
unless you specify an alternativecallbackPath
) - Backend receives Twitter tokens.
回调URL验证发生在#2,如果失败,它将向客户端返回403.
The callback URL validation happens at #2 and will return a 403 to the client if it fails.
我在您的图像中注意到您的callbackPath是/twittersignin
,但是您没有在ASP.NET端进行配置,因此ASP.NET使用的是/signin-twitter
.您应该在Twitter上(通过开发人员门户)更新回调URL,以反映这一点.
I note in your image that your callbackPath is /twittersignin
but you're not configuring it on the ASP.NET side, so ASP.NET is using /signin-twitter
. You should update your callback URLs on Twitter (via the developer portal) to reflect this.
这篇关于使用Owin进行Twitter外部登录可提供HTTP 403(禁止访问)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!