ASP .NET Core 2.0-OpenId Connect身份验证:相关错误 [英] ASP .NET Core 2.0 - OpenId Connect Auth : Correlation error
问题描述
我正在尝试在ASP.NET Core 2.0 Web应用程序上创建身份验证.
I am trying to create an authentication on an ASP.NET Core 2.0 web app.
我的公司正在使用Ping Federate,我试图通过公司登录页面对用户进行身份验证,并使用我的签名密钥(此处为X509SecurityKey
)来验证返回的令牌.
My company is using Ping Federate and I am trying to authenticate my users using the company login page and in return validating the returned token using my signing key (X509SecurityKey
down here).
ping登录链接链接看起来像:
The ping login link link looks like:
https://auth.companyname.com
我将Startup.cs配置为能够登录并挑战该站点.
I configured the Startup.cs to be able to log in and challenge against this site.
我用[Authorize(Policy="Mvc")]
装饰了HomeController.
I decorated my HomeController with a [Authorize(Policy="Mvc")]
.
我能够访问登录页面,但是,每当我从登录页面返回时,我都会得到( 我尝试关闭/启用多个多重验证):
I am able to reach the login page, but, whenever I return from it I get ( I tried turning off/on multiple multiple validations):
异常:相关性失败.
Exception: Correlation failed.
未知位置
异常:处理远程登录时遇到错误.
Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
错误消息不是很有帮助...以前有人遇到过这样的问题吗?
The error message is not very helpful... anybody encountered such an issue before?
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = PF_LOGINPATH;
options.ClientId = Configuration["ClientId"];
options.ClientSecret = Configuration["ClientSecret"];
options.Scope.Clear();
options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
options.SaveTokens = false;
options.GetClaimsFromUserInfoEndpoint = false;//true;
options.TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateActor = false,
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
ValidateTokenReplay = false,
// Compensate server drift
ClockSkew = TimeSpan.FromHours(24),
//ValidIssuer = PF_LOGINPATH;
// Ensure key
IssuerSigningKey = CERTIFICATE,
// Ensure expiry
RequireExpirationTime = false,//true,
ValidateLifetime = false,//true,
// Save token
SaveSigninToken = false
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("Mvc", policy =>
{
policy.AuthenticationSchemes.Add(OpenIdConnectDefaults.AuthenticationScheme);
policy.RequireAuthenticatedUser();
});
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
推荐答案
我也有类似情况.我的应用程序网址是这样的:" https://domain/appname " 因此,当有人键入网址" https://domain/appname/(带有斜杠)时,会出现相关错误.这就是我解决它的方式(从其他网站找到)
I had similar situation. My Application url is like this : "https://domain/appname" so when someone types url "https://domain/appname/" [with trailling slash], it gives Correlation error. This is how I have resolved it (found from some oher site)
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
//Auth schemes here
})
.AddOpenIdConnect(oid =>
{
//Other config here
oid.Events = new OpenIdConnectEvents()
{
OnRemoteFailure = OnRemoteFailure
};
});
}
private Task OnRemoteFailure(RemoteFailureContext context)
{
if (context.Failure.Message.Contains("Correlation failed"))
{
context.Response.Redirect("/AppName"); // redirect without trailing slash
context.HandleResponse();
}
return Task.CompletedTask;
}
这篇关于ASP .NET Core 2.0-OpenId Connect身份验证:相关错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!