在运行 HTTPS 的应用程序中以 HTTP 而非 HTTPS 形式发送的重定向 URI [英] Redirect URI sent as HTTP and not HTTPS in app running HTTPS
问题描述
我有一个 Asp .net 核心 MVC 应用程序.它连接到 Identity Server 4 进行身份验证.托管在 docker swarm 中
MVC 应用托管在 https://XXXXXXX
配置服务
services.AddAuthentication(options =>{options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme).AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme,选项=>{//options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C: emp-keys"));//当根据我们收到的数据创建身份时,//使用此身份验证方案将其持久化,因此在 cookie 中options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;//身份服务器端点options.Authority = settingsSetup.IdentityServerEndpoint;//登录时使用的客户端 IDoptions.ClientId = settingsSetup.ClientId;//客户端密码.options.ClientSecret = settingsSetup.Secret;//我们 API 的范围options.Scope.Add("testapi");options.Scope.Add("devconsole");//添加 offline_access 以获取刷新令牌options.Scope.Add("offline_access");options.ResponseType = "代码 id_token";options.SaveTokens = true;options.GetClaimsFromUserInfoEndpoint = true;});当我尝试运行应用程序时,我收到重定向 uri 未匹配错误.
无效的redirect_uri:http://developerconsole.XXXXX.io/signin-oidc{"ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz","ClientName": "开发者控制台",AllowedRedirectUris":["http://localhost:55000/signin-oidc","http://localhost:55000/auth.html",http://localhost:55000/auth-silent.html"https://developerconsole.XXXXX.io/signin-oidc"],"SubjectId": "21379983",请求范围":",生的": {"client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz","redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc","response_type": "代码 id_token","scope": "openid profile testapi devconsole offline_access","response_mode": "form_post",nonce":636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm",状态": CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ - U-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N""x-client-SKU": "ID_NET",x-client-ver":2.1.4.0"}}错误即将到来,因为我将 "https://developerconsole.XXXXX.io/signin-oidc" 作为重定向 uri 而不是 "http://developerconsole.XXXXX.io/signin-oidc" 我不想添加 HTTP 重定向 uri.
为什么我的应用构建的重定向 uri 有 http 而不是 https?
如果我确实添加了 HTTP,我会收到一个烦人的关联错误.我认为这是因为它被服务器作为 https 返回,因为服务器会自动将 http 转换为 https.
<块引用>处理请求时发生未处理的异常.例外:关联失败.Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
堆栈查询 Cookie 标头异常:关联失败.Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext()System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()
我可能不需要提及这在 localhost 上可以正常工作:/
解决方案很简单.通过设置 UseForwardedHeaders,它现在将所有请求作为 HTTPS 发送.
app.UseForwardedHeaders(new ForwardedHeadersOptions{ForwardedHeaders = ForwardedHeaders.XForwardedProto});<块引用>
关联失败.
现在已修复,我不再需要 http 和 https 重定向 uri.
I have an Asp .net core MVC app. Which connects to an Identity Server 4 for authentication. Hosted in a docker swarm
MVC app is hosted on https://XXXXXXX
ConfigurServies
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
//options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C: emp-keys"));
// when the identity has been created from the data we receive,
// persist it with this authentication scheme, hence in a cookie
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// Identity server endpoint
options.Authority = settingsSetup.IdentityServerEndpoint;
// Client id to login with
options.ClientId = settingsSetup.ClientId;
// Client secret.
options.ClientSecret = settingsSetup.Secret;
// Scope of our API
options.Scope.Add("testapi");
options.Scope.Add("devconsole");
// adding offline_access to get a refresh token
options.Scope.Add("offline_access");
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
});
When I try to run the app I get a redirect uri miss match error.
Invalid redirect_uri: http://developerconsole.XXXXX.io/signin-oidc
{
"ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
"ClientName": "Developer Console",
"AllowedRedirectUris": [
"http://localhost:55000/signin-oidc",
"http://localhost:55000/auth.html",
"http://localhost:55000/auth-silent.html"
"https://developerconsole.XXXXX.io/signin-oidc"
],
"SubjectId": "21379983",
"RequestedScopes": "",
"Raw": {
"client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
"redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc",
"response_type": "code id_token",
"scope": "openid profile testapi devconsole offline_access",
"response_mode": "form_post",
"nonce": "636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm",
"state": "CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ--u-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N",
"x-client-SKU": "ID_NET",
"x-client-ver": "2.1.4.0"
}
}
The error is coming because i have "https://developerconsole.XXXXX.io/signin-oidc" as a redirect uri and not "http://developerconsole.XXXXX.io/signin-oidc" I dont want to add HTTP redirect uris.
Why is my app building the redirect uri has http and not https?
If i do add the HTTP on i am getting an annoying Correlation error. which i think is due to the fact that its being returned by the server as https since the server automatically converts http to https.
An unhandled exception occurred while processing the request. Exception: Correlation failed. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
Stack Query Cookies Headers Exception: Correlation failed. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext() System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext() System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()
I probably dont need to mention this works fine on localhost :/
The solution was quite simple. By setting UseForwardedHeaders it now sends all the requests as HTTPS.
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
});
Correlation failed.
is now fixed and i no longer need to have a http and https redirect uris.
这篇关于在运行 HTTPS 的应用程序中以 HTTP 而非 HTTPS 形式发送的重定向 URI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
