Signin-oidc 页面直接访问错误与关联 - 如何重定向? [英] Signin-oidc page direct access error with corelation - how to redirect?
问题描述
使用 AddOpenIdConnect
设置 asp.net 核心后,它通过默认的 /signin-oidc
页面创建,该页面在从 opeind 提供程序访问时工作正常.用户已登录,一切正常.
With seting up asp.net core with AddOpenIdConnect
it creates by defualt /signin-oidc
page which works fine when accessed from opeind provider.
User is logged in and everything works fine.
虽然用户仍然可以尝试直接访问 mypage.com/signin-oidc
并得到结果 Correlation failed
failed 错误.
Though user can still try to access mypage.com/signin-oidc
directly and get as a result Correlation failed
failed error.
如何正确处理对该页面的访问,使其仍然适用于 openid 流,但在直接访问时不会产生错误(重定向)?(已经尝试用 HttpGet 覆盖 Route)
How can I properly handle access to this page so that it still works for openid flow, but doesn't produce error (redirects) when accessed directly? (tried overwrite Route with HttpGet already)
编辑详细说明,转到 /signin-oidc
会给出 500 状态,例如
EDIT
To elaborate, going to /signin-oidc
is giving 500 status with base startup like
```
public void ConfigureServices(IServiceCollection services)
{
services.AddOptions();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie()
.AddOpenIdConnect(options =>
{
options.ClientId = "test";
options.ClientSecret = Environment.GetEnvironmentVariable("ClientSecret");
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://test.net";
options.ResponseType = "code";
options.Scope.Add("openid");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = async ctx =>
{
var claims = new List<Claim>();
claims.Add(new Claim("jwt", ctx.SecurityToken.ToString()));
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
}
};
}).AddJwtBearer(options =>
{
options.Authority = "https://test.net";
options.Audience = "authorization.sample.api";
options.IncludeErrorDetails = true;
});
services.AddMvc();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "Test API"
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(
Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "wwwroot")),
RequestPath = "/dist"
});
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.Use(async (context, next) =>
{
if (context.Request.Host.Host.ToLower() != "localhost")
context.Request.Scheme = "https";
await next.Invoke();
});
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute("default", "{controller=Home}/{action=LandingPage}/{id?}");
routes.MapRoute("Spa", "{*url}", defaults: new { controller = "Home", action = "Index" });
});
var swaggerJsonEndpoint = "api-docs/{0}/swagger.json";
app.UseSwagger(so => so.RouteTemplate = string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "{documentName}"));
app.UseSwaggerUI(c =>
{
c.RoutePrefix = "api-docs";
c.SwaggerEndpoint("/" + string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "v1"), "Test API v1");
c.OAuthClientId("admin.implicit");
});
}
```
推荐答案
我以前也遇到过这种情况,我认为这只是 OpenId 系统在 ASP.NET Core 中的工作方式的一个产物.我相信有一个 Github 问题,但我似乎无法在 ATM 上找到它.如果我能找到它,我会四处看看并发布它.
This happened to me previously as well, and I think this is just an artefact of how the OpenId system works in ASP.NET Core. I believe there was a Github issue for this but I can't seem to find it ATM. I'll have a look around and post it if I can find it.
无论如何,我能够通过向 OpenId 选项事件添加一个事件来解决这个问题,该事件只是重定向到Home"任何远程故障:
In any case, I was able to fix this by adding an event to the the OpenId options events that just redirects to "Home" on any remote failures:
options.Events = new OpenIdConnectEvents {
// Your events here
OnRemoteFailure = ctx => {
ctx.HandleResponse();
ctx.Response.Redirect("Home");
return Task.FromResult(0);
}
};
看看这是否适合你...
See if that works for you...
这是问题和评论,建议修复供您参考 https://github.com/IdentityServer/IdentityServer4/issues/720#issuecomment-368484827
This is the issue and comment with suggested fix for your reference https://github.com/IdentityServer/IdentityServer4/issues/720#issuecomment-368484827
这篇关于Signin-oidc 页面直接访问错误与关联 - 如何重定向?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!