DotNetOpenAuth：消息的签名是不正确的 [英] DotNetOpenAuth: Message signature was incorrect

问题描述

我得到一个消息的签名是不正确试图用者myOpenID和雅虎进行身份验证时例外。

I'm getting a "Message signature was incorrect" exception when trying to authenticate with MyOpenID and Yahoo.

我使用pretty大部分的ASP.NET MVC样品code与DotNetOpenAuth 3.4.2来了

I'm using pretty much the ASP.NET MVC sample code that came with DotNetOpenAuth 3.4.2

public ActionResult Authenticate(string openid)
{
    var openIdRelyingParty = new OpenIdRelyingParty();
    var authenticationResponse = openIdRelyingParty.GetResponse();

    if (authenticationResponse == null)
    {
        // Stage 2: User submitting identifier
        Identifier identifier;

        if (Identifier.TryParse(openid, out identifier))
        {
            var realm = new Realm(Request.Url.Root() + "openid");
            var authenticationRequest = openIdRelyingParty.CreateRequest(openid, realm);
            authenticationRequest.RedirectToProvider();
        }
        else
        {
            return RedirectToAction("login", "home");
        }
    }
    else
    {
        // Stage 3: OpenID provider sending assertion response
        switch (authenticationResponse.Status)
        {
            case AuthenticationStatus.Authenticated:
            {
                // TODO
            }
            case AuthenticationStatus.Failed:
            {
                throw authenticationResponse.Exception;
            }
        }
    }

    return new EmptyResult();
}

做工精细与谷歌，AOL和其他人。不过，雅虎和myOpenID来说落入AuthenticationStatus.Failed例以下异常：

Working fine with Google, AOL and others. However, Yahoo and MyOpenID fall into the AuthenticationStatus.Failed case with the following exception:

DotNetOpenAuth.Messaging.Bindings.InvalidSignatureException: Message signature was incorrect.
   at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\OpenId\ChannelElements\SigningBindingElement.cs:line 139
   at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\Messaging\Channel.cs:line 992
   at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172
   at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\Messaging\Channel.cs:line 386
   at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 540

出现别人有同样的问题：<一href=\"http://trac.dotnetopenauth.net:8000/ticket/172\">http://trac.dotnetopenauth.net:8000/ticket/172

Appears that others are having the same problem: http://trac.dotnetopenauth.net:8000/ticket/172

有没有人有一个解决办法？

Does anyone have a workaround?

推荐答案

原来这是在Web场环境使用DotNetOpenAuth的问题。

Turns out this was an issue with using DotNetOpenAuth in a web farm environment.

当您创建OpenIdRelyingParty确保您在构造函数中传递null。

When you create your OpenIdRelyingParty make sure you pass null in the constructor.

这使您的网站变成无国籍的OpenID或'哑巴'模式。这是稍慢，为用户登录（如果你察觉），但你可以避免写一个IRelyingPartyApplicationStore让DotNetOpenAuth跨你的农场工作;

This puts your web site into OpenID stateless or 'dumb' mode. It's slightly slower for users to log in (if you even notice) but you avoid having to write an IRelyingPartyApplicationStore to allow DotNetOpenAuth to work across your farm;

var openIdRelyingParty = new OpenIdRelyingParty(null);

这篇关于DotNetOpenAuth：消息的签名是不正确的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！