OpenIdConnectAuthenticationHandler:message.State为null或为空 [英] OpenIdConnectAuthenticationHandler: message.State is null or empty

问题描述

我正在使用ASP.Net Core应用程序的UseOpenIdConnectAuthentication中间件，以针对Dells Cloud访问管理器令牌提供程序(提供OpenId/OAuth2身份验证的设置)进行身份验证.以下是代码:

I am using UseOpenIdConnectAuthentication middleware for ASP.Net Core application to authenticate against Dells Cloud access manager token provider (setup to provide OpenId/OAuth2 authentication). Following is the code:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            AuthenticationScheme = "ClientCookie",
            CookieName = CookieAuthenticationDefaults.CookiePrefix + "ClientCookie",
            ExpireTimeSpan = TimeSpan.FromMinutes(5),
            LoginPath = new PathString("/signin"),
            LogoutPath = new PathString("/signout")
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
        {
            RequireHttpsMetadata = false,
            SaveTokens = true,
            ClientId = "XYZClient_Id",
            ClientSecret = "XYZ_ClientSecret",
            ResponseType = OpenIdConnectResponseType.Code,
            PostLogoutRedirectUri = "https://example.com",
            Configuration = new OpenIdConnectConfiguration {
                AuthorizationEndpoint = "https://CAM.COM/CloudAccessManager/RPSTS/OAuth2/Default.aspx",
                TokenEndpoint = "https://CAM.COM/CloudAccessManager/RPSTS/OAuth2/Token.aspx",
                UserInfoEndpoint = "https://CAM.COM/CloudAccessManager/RPSTS/OAuth2/User.aspx",
                Issuer= "urn:CAM.COM/CloudAccessManager/RPSTS",
            }
        });

但是我现在只停留在一个点上几个小时.我收到以下错误:

But I am stuck at one point for a few hours now. I get the following error:

SecurityTokenInvalidSignatureException:IDX10500:签名验证失败.没有用于验证签名的安全密钥

SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. There are no security keys to use to validate the signature

我正在url查询字符串中获取代码并返回状态 https://example.com/signin-oidc?code=somecode&state=somestate

I am getting code and state back in url querystring https://example.com/signin-oidc?code=somecode&state=somestate

任何类型的指导都值得赞赏.

Any type of guidance is appreciated.

更新 添加了颁发者签名密钥:

UPDATE Added Issuer Signing key:

TokenValidationParameters = new TokenValidationParameters
                {
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetValue<string>("AppSettings:ClientSecret")))
                }

推荐答案

您看到的错误是由于您没有使用

The error you're seeing is caused by the fact you're not using the OpenID Connect provider configuration discovery feature offered by the OIDC middleware, that allows it to retrieve the cryptographic keys used to sign identity tokens.

如果提供者支持此功能，则删除整个Configuration节点并改为设置Authority.所有端点都应自动为您注册.

If your provider supports this feature, remove the entire Configuration node and set Authority instead. All the endpoints should be automatically registered for you.

如果它不支持此功能，则必须手动将签名密钥添加到OpenIdConnectOptions.TokenValidationParameters.IssuerSigningKeys.

If it doesn't support this feature, you'll have to manually add the signing keys to OpenIdConnectOptions.TokenValidationParameters.IssuerSigningKeys.

这篇关于OpenIdConnectAuthenticationHandler:message.State为null或为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！