ASP .NET Core 2.0-OpenId Connect身份验证:相关错误 [英] ASP .NET Core 2.0 - OpenId Connect Auth : Correlation error

问题描述

我正在尝试在ASP.NET Core 2.0 Web应用程序上创建身份验证.

I am trying to create an authentication on an ASP.NET Core 2.0 web app.

我的公司正在使用Ping Federate，我试图通过公司登录页面对用户进行身份验证，并使用我的签名密钥(此处为X509SecurityKey)来验证返回的令牌.

My company is using Ping Federate and I am trying to authenticate my users using the company login page and in return validating the returned token using my signing key (X509SecurityKey down here).

ping登录链接链接看起来像:

The ping login link link looks like:

https://auth.companyname.com

我将Startup.cs配置为能够登录并挑战该站点.

I configured the Startup.cs to be able to log in and challenge against this site.

我用[Authorize(Policy="Mvc")]装饰了HomeController.

I decorated my HomeController with a [Authorize(Policy="Mvc")].

我能够访问登录页面，但是，每当我从登录页面返回时，我都会得到( 我尝试关闭/启用多个多重验证):

I am able to reach the login page, but, whenever I return from it I get ( I tried turning off/on multiple multiple validations):

异常:相关性失败.

Exception: Correlation failed.

未知位置

异常:处理远程登录时遇到错误.

Exception: An error was encountered while handling the remote login.

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()

错误消息不是很有帮助...以前有人遇到过这样的问题吗?

The error message is not very helpful... anybody encountered such an issue before?

    public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddCookie()
    .AddOpenIdConnect(options =>
    {
        options.Authority = PF_LOGINPATH;
        options.ClientId = Configuration["ClientId"];
        options.ClientSecret = Configuration["ClientSecret"];
        options.Scope.Clear();

        options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
        options.SaveTokens = false;

        options.GetClaimsFromUserInfoEndpoint = false;//true;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            RequireSignedTokens =  false,
            ValidateActor = false,
            ValidateAudience = false,
            ValidateIssuer = false,
            ValidateIssuerSigningKey = false,
            ValidateTokenReplay = false,

            // Compensate server drift
            ClockSkew = TimeSpan.FromHours(24),
            //ValidIssuer = PF_LOGINPATH;
            // Ensure key
            IssuerSigningKey = CERTIFICATE,                    

            // Ensure expiry
            RequireExpirationTime = false,//true,
            ValidateLifetime = false,//true,                    

            // Save token
            SaveSigninToken = false
        };                

    });

    services.AddAuthorization(options =>
    {
        options.AddPolicy("Mvc", policy =>
        {
            policy.AuthenticationSchemes.Add(OpenIdConnectDefaults.AuthenticationScheme);
            policy.RequireAuthenticatedUser();
        });
    });
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseBrowserLink();
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    app.UseStaticFiles();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

推荐答案

我也有类似情况.我的应用程序网址是这样的:" https://domain/appname " 因此，当有人键入网址" https://domain/appname/(带有斜杠)时，会出现相关错误.这就是我解决它的方式(从其他网站找到)

I had similar situation. My Application url is like this : "https://domain/appname" so when someone types url "https://domain/appname/" [with trailling slash], it gives Correlation error. This is how I have resolved it (found from some oher site)

public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(options =>
                {
                    //Auth schemes here
                })
                .AddOpenIdConnect(oid =>
                {
                    //Other config here
                    oid.Events = new OpenIdConnectEvents()
                    {
                        OnRemoteFailure = OnRemoteFailure

                    };
                });
        }

private Task OnRemoteFailure(RemoteFailureContext context)
        {

            if (context.Failure.Message.Contains("Correlation failed"))
            {
                context.Response.Redirect("/AppName"); // redirect without trailing slash
                context.HandleResponse();
            }

            return Task.CompletedTask;
        }

这篇关于ASP .NET Core 2.0-OpenId Connect身份验证:相关错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！