使用Owin进行Twitter外部登录可提供HTTP 403(禁止访问) [英] Twitter external login with Owin gives HTTP 403 (Forbidden)

查看:123
本文介绍了使用Owin进行Twitter外部登录可提供HTTP 403(禁止访问)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

ASP.NET MVC 5项目.
Owin版本4.0.0.0

ASP.NET MVC 5 Project.
Owin Version 4.0.0.0

Startup.Auth 

app.UseTwitterAuthentication(
  consumerKey: "somekey",
  consumerSecret: "someSecretKey");

ExternalLogin方法中发生了异常

The exception happened in the ExternalLogin method

响应状态代码不指示成功:403(禁止).

Response status code does not indicate success: 403 (Forbidden).

这是回调URL

仅供参考:该网站是真实的,并且可以正常运行,Twitter登录已在几周前运行,但现在突然开始因先前的错误而失败.

FYI: the website is real and it is working without problem, The Twitter Login was working a couple of weeks ago, but Now, suddenly, started to fail with the previous error.


StackTrace 

[HttpRequestException: Response status code does not indicate success: 403 (Forbidden).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +121834
   Microsoft.Owin.Security.Twitter.<ObtainRequestTokenAsync>d__23.MoveNext() +2387
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Twitter.<ApplyResponseChallengeAsync>d__12.MoveNext() +1091
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +376
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +475
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +215
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +968
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.AspNet.Identity.Owin.<Invoke>d__0.MoveNext() +448
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +184
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
   System.Web.<>c__DisplayClass11_0.<InvokeEndHandler>b__0() +41
   System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +151
   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +156

推荐答案

在过去的一两周中,我们遇到了类似的问题,发现Twitter以前没有验证回调URL,但已经开始对其进行检查.

We had a similar issue in the past week or two and found that Twitter, while previously not validating the callback URL, have started checking it.

Twitter的登录流程如下:

The login flow for Twitter is like this:

  1. 客户致电您的后端.
  2. 后端使用回调URL,密钥等调用Twitter API.
  3. Twitter发出登录URL.
  4. 由于挑战,后端将客户端重定向到登录URL.
  5. 客户端登录Twitter(并授权该应用)
  6. Twitter重定向到回调URL(通常为https://www.example.com/signin-twitter,除非您指定备用callbackPath)
  7. 后端接收Twitter令牌.
  1. Client calls your backend.
  2. Backend calls Twitter API with callback URL, keys, etc.
  3. Twitter issues a login URL.
  4. Backend redirects client to login URL as a result of the challenge.
  5. Client logs in on Twitter (and authorises the app)
  6. Twitter redirects to the callback URL (usually https://www.example.com/signin-twitter unless you specify an alternative callbackPath)
  7. Backend receives Twitter tokens.

回调URL验证发生在#2,如果失败,它将向客户端返回403.

The callback URL validation happens at #2 and will return a 403 to the client if it fails.

我在您的图像中注意到您的callbackPath是/twittersignin,但是您没有在ASP.NET端进行配置,因此ASP.NET使用的是/signin-twitter.您应该在Twitter上(通过开发人员门户)更新回调URL,以反映这一点.

I note in your image that your callbackPath is /twittersignin but you're not configuring it on the ASP.NET side, so ASP.NET is using /signin-twitter. You should update your callback URLs on Twitter (via the developer portal) to reflect this.

这篇关于使用Owin进行Twitter外部登录可提供HTTP 403(禁止访问)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆