OpenIDConnect Azure的网站托管在Dynamics CRM Online中内的iFrame [英] OpenIDConnect Azure Website hosted in an iFrame within Dynamics CRM Online
问题描述
我试图从得到OpenIDConnect Azure的样品这里内工作在CRM中的iFrame。我已经部署了天青,其中直接打到网站登录时工作正常。
I'm trying to get the OpenIDConnect Azure sample from here working within an iFrame in CRM. I've deployed to Azure where login works fine when hitting the site directly.
当我在通过在线CRM它显示的罚款,但一个iFrame访问该网站时,我尝试登录我收到以下错误:
When I access the site via an iFrame in CRM Online it's displayed fine but when I attempt to login I'm getting the following error:
Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolInvalidNonceException: IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'.
经过一番调查,我已经更新了OWIN中间件配置设置RequireNonce假:
After some investigation I've updated the OWIN middleware configuration to set the RequireNonce false:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
ProtocolValidator = new Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator()
{
RequireNonce = false
}
});
当我现在尝试登录我现在得到以下例外,我已经打了一堵墙。
When I now try to login I now get the following exception for which I've hit a wall.
Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: invalid_request
任何帮助将是非常美联社preciated。据我所知,现时使用的,但我还没有明白这个用例所以得到这个工作,而不需要禁用内禁用它是理想的全部含义。
Any help would be much appreciated. I understand the use of nonce but I'm yet to understand the full implications of disabling it within this use case so getting this working without the need to disable would be ideal.
推荐答案
认证经验不能的iframe,出于安全原因。此外,关闭随机数的验证是非常危险的 - 我会强烈建议反对。您可以参考的OAuth2和OpenID连接的威胁模型上,你会招致风险的具体细节,但破坏的逻辑框架应该做点实际意义的。
The authentication experience cannot be iFramed, for security reasons. Also, turning off the Nonce verification is very dangerous - I would strongly advise against it. You can refer to the OAuth2 and OpenId Connect threat models for concrete details on the risks you'll incur in, however the frame busting logic should make the point moot.
这篇关于OpenIDConnect Azure的网站托管在Dynamics CRM Online中内的iFrame的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
