在ASP.NET MVC 5应用程序中启用SSL会导致OpenIdConnectProtocolValidator问题 [英] Enabling SSL in ASP.NET MVC 5 app results in OpenIdConnectProtocolValidator issue
问题描述
我有一个针对Azure Active Directory进行身份验证的ASP.NET MVC 5应用程序.我想在整个应用程序上启用SSL.因此利用了如下的全局过滤器:
I have an ASP.NET MVC 5 app that authenticates against Azure Active Directory. I wanted to enable SSL on it across the app. and hence leveraged global filters as follows:
public class FilterConfig
{
/// <summary>
/// Registers the global filters.
/// </summary>
/// <param name="filters">The filters.</param>
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new RequireHttpsAttribute());
}
}
此后,我还将项目属性中的启用SSL"设置为true.这给了我以下SSL URL-> https://localhost:34567 .我更新了项目,使其在项目URL"中服务器"下网络选项卡"下的IIS Express路径中具有此名称.但是,在运行站点时,我遇到以下错误:
After this I also set 'Enable SSL' in the project's properties to true. This gave me the following SSL URL -> https://localhost:34567. I updated the project to have this in its IIS Express path under the 'Web Tab' under Servers in 'Project URL'. However on running the site I run in to the following error:
IDX10311:RequireNonce为"true"(默认),但validationContext.Nonce为null.随机数无法验证.如果不需要检查随机数,请将OpenIdConnectProtocolValidator.RequireNonce设置为"false".
IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'.
我有身份验证.在网站上启用.我使用Azure Active Directory.
I have auth. enabled on the site. I use Azure Active directory.
安全代码如下:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri
});
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = audience,
Tenant = tenant,
});
身份验证.值是从web.config中读取的,如下所示:
The auth. values are being read from the web.config and are as follows:
<add key="ida:ClientId" value="<some_guid>" />
<add key="ida:Audience" value="https://localhost:34567/" />
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:Tenant" value="microsoft.onmicrosoft.com" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:34567/" />
我尝试按照错误消息中的指示将RequireNonce设置为false,如下所示:
I tried setting RequireNonce to false as directed in the error message as follows:
ProtocolValidator = new OpenIdConnectProtocolValidator
{
RequireNonce = false
}
但这只会导致无效的请求错误.
But this just resulted in an invalid request error.
有人可以帮助我了解这里的问题吗?在启用SSL之前,一切工作都很好.
Could someone help me understand what the problem is here? Everything worked great until SSL was enabled.
推荐答案
如果错误消息以OICE_20004开头或包含IDX10311,则可以忽略异常.注意:风险自负.
You can ignore exceptions if the error message starts with OICE_20004 or contains IDX10311. Note: do it on your own risk.
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
// Ensure the URI is picked up dynamically from the request;
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Uri.PathAndQuery;
context.ProtocolMessage.RedirectUri = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Uri.PathAndQuery;
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
if (context.Exception.Message.StartsWith("OICE_20004") || context.Exception.Message.Contains("IDX10311"))
{
context.SkipToNextMiddleware();
return Task.FromResult(0);
}
return Task.FromResult(0);
},
}
这篇关于在ASP.NET MVC 5应用程序中启用SSL会导致OpenIdConnectProtocolValidator问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!