Signin-oidc 页面直接访问错误与关联 - 如何重定向? [英] Signin-oidc page direct access error with corelation - how to redirect?

问题描述

使用 AddOpenIdConnect 设置 asp.net 核心后，它通过默认的 /signin-oidc 页面创建，该页面在从 opeind 提供程序访问时工作正常.用户已登录，一切正常.

With seting up asp.net core with AddOpenIdConnect it creates by defualt /signin-oidc page which works fine when accessed from opeind provider. User is logged in and everything works fine.

虽然用户仍然可以尝试直接访问 mypage.com/signin-oidc 并得到结果 Correlation failed failed 错误.

Though user can still try to access mypage.com/signin-oidc directly and get as a result Correlation failed failed error.

如何正确处理对该页面的访问，使其仍然适用于 openid 流，但在直接访问时不会产生错误(重定向)?(已经尝试用 HttpGet 覆盖 Route)

How can I properly handle access to this page so that it still works for openid flow, but doesn't produce error (redirects) when accessed directly? (tried overwrite Route with HttpGet already)

编辑详细说明，转到 /signin-oidc 会给出 500 状态，例如

EDIT To elaborate, going to /signin-oidc is giving 500 status with base startup like

```

public void ConfigureServices(IServiceCollection services)
    {
        services.AddOptions();
        services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            }).AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.ClientId = "test";
                options.ClientSecret = Environment.GetEnvironmentVariable("ClientSecret");
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

                options.Authority = "https://test.net";
                options.ResponseType = "code";
                options.Scope.Add("openid");

                options.GetClaimsFromUserInfoEndpoint = true;
                options.SaveTokens = true;
                options.Events = new OpenIdConnectEvents
                {
                    OnTokenValidated = async ctx =>
                    {

                        var claims = new List<Claim>();
                       claims.Add(new Claim("jwt", ctx.SecurityToken.ToString()));
                        var appIdentity = new ClaimsIdentity(claims);                           
                        ctx.Principal.AddIdentity(appIdentity);
                    }
                };
            }).AddJwtBearer(options =>
            {
                options.Authority = "https://test.net";
                options.Audience = "authorization.sample.api";
                options.IncludeErrorDetails = true;
            });

        services.AddMvc();
        services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info
            {
                Version = "v1",
                Title = "Test API"
            });
        });
    }
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        app.UseStaticFiles(new StaticFileOptions
        {
            FileProvider = new PhysicalFileProvider(
                Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "wwwroot")),
            RequestPath = "/dist"
        });


        app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
        });

        app.Use(async (context, next) =>
        {
            if (context.Request.Host.Host.ToLower() != "localhost")
                context.Request.Scheme = "https";
            await next.Invoke();
        });

        app.UseAuthentication();
        app.UseMvc(routes =>
        {
            routes.MapRoute("default", "{controller=Home}/{action=LandingPage}/{id?}");
            routes.MapRoute("Spa", "{*url}", defaults: new { controller = "Home", action = "Index" });
        });



        var swaggerJsonEndpoint = "api-docs/{0}/swagger.json";

        app.UseSwagger(so => so.RouteTemplate = string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "{documentName}"));

        app.UseSwaggerUI(c =>
        {
            c.RoutePrefix = "api-docs";
            c.SwaggerEndpoint("/" + string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "v1"), "Test API v1");
            c.OAuthClientId("admin.implicit");
        });

    }

```

推荐答案

我以前也遇到过这种情况，我认为这只是 OpenId 系统在 ASP.NET Core 中的工作方式的一个产物.我相信有一个 Github 问题，但我似乎无法在 ATM 上找到它.如果我能找到它，我会四处看看并发布它.

This happened to me previously as well, and I think this is just an artefact of how the OpenId system works in ASP.NET Core. I believe there was a Github issue for this but I can't seem to find it ATM. I'll have a look around and post it if I can find it.

无论如何，我能够通过向 OpenId 选项事件添加一个事件来解决这个问题，该事件只是重定向到Home"任何远程故障:

In any case, I was able to fix this by adding an event to the the OpenId options events that just redirects to "Home" on any remote failures:

options.Events = new OpenIdConnectEvents {
    // Your events here
    OnRemoteFailure = ctx => {
        ctx.HandleResponse();
        ctx.Response.Redirect("Home");
        return Task.FromResult(0);
    }
};

看看这是否适合你...

See if that works for you...

这是问题和评论，建议修复供您参考 https://github.com/IdentityServer/IdentityServer4/issues/720#issuecomment-368484827

This is the issue and comment with suggested fix for your reference https://github.com/IdentityServer/IdentityServer4/issues/720#issuecomment-368484827

这篇关于Signin-oidc 页面直接访问错误与关联 - 如何重定向?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！