oauth-2.0 ASP.NET核心2.0 - OpenId连接身份验证:关联错误

mwecs4sa  于 2022-10-31  发布在  .NET
关注(0)|答案(2)|浏览(147)

我正在尝试在ASP.NET Core 2.0 Web应用程序上创建身份验证。
我的公司正在使用Ping Federate,我正在尝试使用公司登录页面对我的用户进行身份验证,并使用我的签名密钥(X509SecurityKey)验证返回的令牌。
ping登录链接链接如下所示:
https://auth.companyname.com
我将Startup.cs配置为能够登录并质询此站点。
我用一个[Authorize(Policy="Mvc")]来装饰我的HomeController。
我能够到达登录页面,但是,每当我从它返回时,我得到(我尝试关闭/打开多个多个验证):
异常错误:关联失败。
未知的位置
异常错误:处理远程登录时遇到错误。
远程身份验证处理程序。
错误消息没有太大帮助...以前有人遇到过这样的问题吗?

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddCookie()
    .AddOpenIdConnect(options =>
    {
        options.Authority = PF_LOGINPATH;
        options.ClientId = Configuration["ClientId"];
        options.ClientSecret = Configuration["ClientSecret"];
        options.Scope.Clear();

        options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
        options.SaveTokens = false;

        options.GetClaimsFromUserInfoEndpoint = false;//true;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            RequireSignedTokens =  false,
            ValidateActor = false,
            ValidateAudience = false,
            ValidateIssuer = false,
            ValidateIssuerSigningKey = false,
            ValidateTokenReplay = false,

            // Compensate server drift
            ClockSkew = TimeSpan.FromHours(24),
            //ValidIssuer = PF_LOGINPATH;
            // Ensure key
            IssuerSigningKey = CERTIFICATE,                    

            // Ensure expiry
            RequireExpirationTime = false,//true,
            ValidateLifetime = false,//true,                    

            // Save token
            SaveSigninToken = false
        };                

    });

    services.AddAuthorization(options =>
    {
        options.AddPolicy("Mvc", policy =>
        {
            policy.AuthenticationSchemes.Add(OpenIdConnectDefaults.AuthenticationScheme);
            policy.RequireAuthenticatedUser();
        });
    });
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseBrowserLink();
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    app.UseStaticFiles();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}
pdtvr36n

pdtvr36n1#

我有类似的情况。我的应用程序网址是这样的:“https://domain/appname“所以当有人键入url“https://domain/appname/“[带尾随斜杠]时,它会给出相关错误。这是我解决它的方法(从其他一些网站找到)

public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(options =>
                {
                    //Auth schemes here
                })
                .AddOpenIdConnect(oid =>
                {
                    //Other config here
                    oid.Events = new OpenIdConnectEvents()
                    {
                        OnRemoteFailure = OnRemoteFailure

                    };
                });
        }

private Task OnRemoteFailure(RemoteFailureContext context)
        {

            if (context.Failure.Message.Contains("Correlation failed"))
            {
                context.Response.Redirect("/AppName"); // redirect without trailing slash
                context.HandleResponse();
            }

            return Task.CompletedTask;
        }
cnh2zyt3

cnh2zyt32#

以斜杠结束回调url

相关问题