Azure AD B2C容易受到开放重定向的影响吗? [英] Azure AD B2C vulnerable to Open Redirect?
问题描述
我正在使用OWIN&OpenId使用Azure AD B2C对我的Web应用程序的用户进行身份验证,Startup.Auth.cs具有如下代码:
I am using OWIN & OpenId to authenticate users for my web application using Azure AD B2C, the Startup.Auth.cs has code like so :
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
MetadataAddress = string.Format(AadInstance, Tenant, policy),
AuthenticationType = policy,
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifica....
登出后,将导致重定向到postLogoutRedirectUrl
On signout, it causes a redirect to the postLogoutRedirectUrl like so
门户网站的重定向Uri中存在注销后重定向的URI.
The post logout redirect URI is present in the redirect Uri in the portal.
如果我停止浏览器并将地址栏中的发布注销uri更改为https%3A%2F%2Fevil.com%2F,即使此URL
If I stop the browser and change the post logout uri in the address bar to https%3A%2F%2Fevil.com%2F, the redirect happens properly even though this url https://evil.com/ is not in the allowed redirect uri.
为什么AD B2C不停止重定向?这不容易受到攻击吗?
Why is AD B2C not stopping the redirect ? is this not open to vulnerability ?
推荐答案
使用Azure AD B2C登录时,B2C服务会将令牌发送到"redirect_uri"(应用程序).由于令牌需要保持安全性,因此B2C服务会要求您将其应将令牌发送到的URL列入白名单.
When you sign in using Azure AD B2C, the B2C service sends a token to the "redirect_uri" (the app). Since a token needs to remain secure, the B2C service asks you to whitelist the URL's where it should send the token to.
退出时,没有任何安全措施从B2C服务传输回应用程序.因此,即使将用户重定向到恶意站点,也不会丢失任何安全性.
When you are signing out, nothing secure is being transmitted from the B2C service back to the app. Therefore, even if a user is redirected to a malicious site, nothing secure is lost.
这篇关于Azure AD B2C容易受到开放重定向的影响吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
