标识服务器4登录页面正在无限重定向到登录页面 [英] IdentityServer4 signin-oidc page is redirecting to login page infinitely

问题描述

我正在尝试在我的MVC应用程序上实现一个自定义的Login按钮，该按钮将定向到身份服务器进行登录，然后重定向回我的MVC应用程序。

为此，我在Account/Login操作中对HttpContext使用Microsoft.AspNetCore.Authentication.ChallengeAsync扩展方法

public Task Login()
{
    return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
}

请求被定向到IdP上的授权端点，用户可以登录，请求被重定向到我的MVC应用程序上的signin-oidc。在这一点上，signin-oidc调用Account/Login操作并开始无限循环。

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action methodLanding.Controllers.AccountController.Login (Landing) with arguments ((null)) - ModelState is Valid
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[12]
      AuthenticationScheme: OpenIdConnect was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action Landing.Controllers.AccountController.Login (Landing) in 11.9704ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 23.4211ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST https://localhost:4500/signin-oidc application/x-www-form-urlencoded 1488
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
      AuthenticationScheme: Cookies signed in.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 10.4219ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action methodLanding.Controllers.AccountController.Login (Landing) with arguments ((null)) - ModelState is Valid

我假设signin-oidc无法保存Cookie，并假设登录不成功。MVC应用程序的相关配置如下所示

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    options.Authority = Constants.Authority;
    options.RequireHttpsMetadata = true;

    options.ClientId = "mvc";

    options.SaveTokens = true;
});

在IdP上，客户端注册为SO

new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    AllowedGrantTypes = GrantTypes.Implicit,
    RequireConsent = false,

    RedirectUris = { "https://localhost:4500/signin-oidc" },
    PostLogoutRedirectUris = { "https://localhost:4500/signout-callback-oidc" },

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
    },
}

如何使用ChallengeAsync使此流正常工作？

ChallengeAsync

对于将来关注这一点的任何人来说：ChallengeAsync有一个重载，它允许您传递一个您希望推荐答案在成功登录后将用户发送到的重定向URL。设置此选项后，不会发生无限重定向。

return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
{
    RedirectUri = "/",
});

这篇关于标识服务器4登录页面正在无限重定向到登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！