IdentityServer进入身份验证的无限循环 [英] IdentityServer gets into infinite loop of authentication

问题描述

我在IdentityServer中设置了以下客户端:

I have the following client set up in IdentityServer:

new Client
{
    ClientName = "My web application",
    Enabled = true,
    ClientId = "mywebapp",
    ClientSecrets = new List<ClientSecret>
    {
        new ClientSecret("somesecret")
    },

    Flow = Flows.Hybrid,

    ClientUri = "https://app.mydomain.com",

    RedirectUris = new List<string>
    {
        "oob://localhost/wpfclient",
        "http://localhost:2672/",
        "https://app.mydomain.com"
    }
}

它是在线托管的，例如https://auth.mydomain.com/core.

And it is hosted online, let's say https://auth.mydomain.com/core.

尝试修改 MVC OWIN客户端(混合)示例客户端登录到上述身份服务器，在Startup.cs中，我修改了ClientId，ClientSecret和RedirectUri以匹配IdSrv中的客户端设置.现在，当我尝试导航到需要授权的页面时，我将重定向到IdentityServer的URL.当我登录时，断点在客户端的Startup.cs中的AuthorizationCodeReceived通知处命中，然后进入循环.浏览器的状态显示:

Trying to modify the MVC OWIN Client (Hybrid) sample client to log-in to the above identity server, in Startup.cs I modified the ClientId, ClientSecret and RedirectUri to match the client settings in IdSrv. Now when I try to navigate to a page that requires authorization, I am redirected to IdentityServer's URL. When I log-in, the breakpoint hits at AuthorizationCodeReceived notification in the client's Startup.cs and then gets into a loop. The browser's status shows:

Waiting for localhost...
Waitnig for auth.mydomain.com...
Waiting for localhost...
Waitnig for auth.mydomain.com...
...

，依此类推，并且永远不会完成登录.为什么会这样呢?请帮忙.

and so on and never finishes the log-in. Why is this happening? Please help.

谢谢！

推荐答案

最可能的原因是在重定向中混合使用了HTTP和https.请一致使用一种方案，然后在浏览器地址栏上检查该方案.

Most probably this is caused by mixing http and https in redirects. Please use one scheme consistently and check the scheme on browser address-bar.

这篇关于IdentityServer进入身份验证的无限循环的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！