身份服务器 4 登录后重定向仅在 chrome 中不起作用 [英] Identity server 4 post login redirect not working in chrome only
问题描述
我使用身份服务器 4,姑且称之为身份验证服务器";在 .net 核心 3.1 上运行.重定向到身份验证服务器并提供提交登录的凭据后,有角度应用程序请求身份验证,它不会重定向回客户端应用程序.问题仅在 chrome 浏览器中(firefox & edge 工作正常)我可以看到重定向请求 -
i use identity server 4 let call it "auth-server" run on .net core 3.1. there is angular app request authentication after redirected to auth-server and provide credentials submiting the login it's not redirect back to client app. the issue is only in chrome browser (firefox & edge works fine) i can see the redirect request - Request-Url but it just go back to login page Client congig:
public static IEnumerable<Client> GetClients()
{
return new List<Client>(){
new Client() {
RequireConsent =false,
RequireClientSecret = false,
ClientId = "takbull-clientapp-dev",
ClientName = "Takbull Client",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Profile,
"takbull",
"takbull.api"
},
// where to redirect to after login
RedirectUris = new List<string>()
{
"http://localhost:4200/auth-callback/",
"http://localhost:4200/silent-refresh.html",
},
//TODO: Add Production URL
// where to redirect to after logout
PostLogoutRedirectUris =new List<string>()
{
"http://localhost:4200"
},
AllowedCorsOrigins = {"http://localhost:4200"},
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = 3600,
AlwaysIncludeUserClaimsInIdToken = true
},
};
}
登录代码:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginInputModel model, string button)
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl });
}
return Redirect(model.ReturnUrl);
}
else
{
// since we don't have a valid context, then we just go back to the home page
return Redirect("~/");
}
}
if (ModelState.IsValid)
{
// validate username/password against in-memory store
var ValidResp = await _users.ValidateCredentials(model.Username, model.Password);
if (ValidResp.LogInStatus == LogInStatus.Success)
{
var user = _users.FindByUsername(model.Username);
//await _events.RaiseAsync(new UserLoginSuccessEvent(user.Username, user.SubjectId, user.Username));
await _events.RaiseAsync(new UserLoginSuccessEvent(user.Email, user.UserId.ToString(), user.Email));
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.Now.Add(AccountOptions.RememberMeLoginDuration)
};
};
// issue authentication cookie with subject ID and username
//await HttpContext.SignInAsync(user.SubjectId, user.Username, props);
// issue authentication cookie with subject ID and username
await HttpContext.SignInAsync(user.UserId.ToString(), user.FirstName + " " + user.LastName, props, _users.GetClaims(user).ToArray());
if (context != null)
{
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl });
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return Redirect(model.ReturnUrl);
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return Redirect("~/");
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, ValidResp.ResponseDescription));
ModelState.AddModelError(string.Empty, ValidResp.ResponseDescription);
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return View(vm);
}
推荐答案
我最近在使用 chrome 和 edge 时遇到了问题,但几个月前只有 chrome.因此,对于 .Net Core 3 和 IdentityServer4 3.1.2 版的我来说,通过将以下代码添加到 startup.cs 开始工作:
I had issues with chrome and edge recently but a few months ago was only chrome. So for me with .Net Core 3 and IdentityServer4 version 3.1.2 started working by adding the following code to startup.cs:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ...)
{
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.Lax
});
注意:确保将此策略添加到 Configure 方法的开头,而不是在 startup.cs 中结束,否则不起作用.
Note: Make sure that you add this policy to the beginning of the Configure method not end in the startup.cs otherwise is not working.
这篇关于身份服务器 4 登录后重定向仅在 chrome 中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!