IdentityServer3常量重定向仅在移动设备上登录时 [英] IdentityServer3 constant redirect on login only on mobile
问题描述
我遇到了一个问题,我的身份服务器可以正常运行,而在台式机上登录用户没有问题。但是,当我在移动应用程序上转到网页并登录时,会遇到不断重定向的情况。
第一次登录身份服务器,然后我将其重定向回应用程序时,它会自动来回重定向至身份服务器。
如果我停止重定向(通过单击浏览器上的停止按钮),然后转到我的网站,我已经登录了。
我正在使用IdentityServer3和Asp.Net Core。
身份服务器的日志未显示错误且登录成功。如果我是通过外部提供商或自定义提供商登录的,则会发生这种情况。
我以为是Safari的东西,但我在手机上安装了chrome却做了同样的事情
我做了一些研究,但我认为这不是http / https的问题,我无法添加Session_start,因为它不存在于内核中。 / p>
有人能想到移动应用无法正常运行的原因吗?我可以检查任何其他日志或我可以尝试的其他建议吗?
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = new PathString( / Login / Login /);
options.AccessDeniedPath = new PathString( / Login / Login /);
})
.AddOpenIdConnect(options>>
{
options.Authority = _authenticationServer;
options.ClientId = ...;
options.ResponseType = id_token;
options.Scope.Add( openid);
options.Scope.Add( email);
options.Scope.Add( profile);
options.UseTokenLifetime = false;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = name,
ValidateIssuer = false,
};
options.Events =新的OpenIdConnectEvents
{
OnTokenValidated = context =>
{
...
返回Task.CompletedTask;
}
};
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
})
.AddJsonOptions(options =>
options.SerializerSettings.ContractResolver = new DefaultContractResolver());
服务。AddSingleton< IHttpContextAccessor,HttpContextAccessor>();
services.AddSingleton(Configuration);
services.AddMemoryCache();
services.AddSession();
services.AddKendo();
}
public void Configure(IApplicationBuilder app,IHostingEnvironment env)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage() ;
}
else
{
app.UseExceptionHandler( / Home / Error);
app.UseHsts();
}
app.UseStaticFiles();
app.UseSession();
app.UseAuthentication();
app.UseMvc(routes =>
{
route.MapRoute(
name: default,
template: {controller = Home } / {action = Index} / {id?});
});
}
更新:
我确认这只是iPhone上的问题。 Android运行正常。我还验证了.Net Core客户端应用程序存在问题。 .net标准客户端应用程序可以正常工作。
我的授权端点在一个无限循环中被调用。
有任何人都可以针对身份服务器成功设置.Net核心客户端应用程序,并且可以通过iPhone浏览器正常工作吗?有帮助吗?!?
这听起来很像我遇到的相同问题(需要指导以诊断ios上的无限循环认证(safari和chrome)与身份服务器4 )。就我而言,这仅在iphone上存在问题,并且与IOS12有关。解决方法的详细信息在这里:
I have a problem where my identity server works great with no problems logging in users on desktop computers. However when i go to the webpage on a mobile app and log in I get a constant redirect situation.
It goes to the identity server the first time, I log in, and then when it redirects back to the app it automatically redirects back to identity server and back and forth.
If I stop the redirection (by hitting the stop button on the browser) then go to my site I am already logged in now.
I am using IdentityServer3 and Asp.Net Core.
The logs for the identity server show no error and successful logins. This happens if I log in with an external provider or a custom provider.
I thought it was something with safari but i installed chrome on my phone and it does the same thing.
I did some research and I don't think it is a http/https problem and I can not add the Session_start because it doesn't exist in core.
Can anyone think of a reason the mobile app would not work while the desktop app works fine? Any suggestions on any other logs i can check or things i can try?
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = new PathString("/Login/Login/");
options.AccessDeniedPath = new PathString("/Login/Login/");
})
.AddOpenIdConnect(options =>
{
options.Authority = _authenticationServer;
options.ClientId = "...";
options.ResponseType = "id_token";
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("profile");
options.UseTokenLifetime = false;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
ValidateIssuer = false,
};
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = context =>
{
...
return Task.CompletedTask;
}
};
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
})
.AddJsonOptions(options =>
options.SerializerSettings.ContractResolver = new DefaultContractResolver());
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton(Configuration);
services.AddMemoryCache();
services.AddSession();
services.AddKendo();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseStaticFiles();
app.UseSession();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
UPDATE:
I verified that this is only a problem on the iPhone. Android works fine. I also verified this is a problem with a .Net Core client app. A .Net standard client app works fine.
My authorize endpoint gets called in an endless loop.
Has anyone successfully set up a .Net core client app against identity server and have it working through an iphone browser? Any help?!?
This sounds a lot like the same problem I had (Guidance required diagnosing infinite loop authenticating on ios (safari and chrome) with identity server 4). In my case it's a problem only on iphone and related to IOS12. Details of a work around are here:
这篇关于IdentityServer3常量重定向仅在移动设备上登录时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!