在同意页面后重定向到signin-oidc时遇到问题。本地我没有问题我可以登录 - >同意 - > signin-oidc - >重定向到登录页面没有问题所有cookie正确更新。
但是,当在AWS Fargate中部署服务器时,它不起作用。我不确定这是中间件相关还是IS4相关,但我可以连接到测试IS4服务器https://demo.identityserver.io/没有问题。
我在qazxsw poi使用相同的Config和Test Users with In Memory设置。
这是我的IS4服务器上的启动:
https://github.com/IdentityServer/IdentityServer4.Demo
从我的测试客户端网站启动,我已经部署到Azure以及localhost测试:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<IdentityContext>(options => options.UseNpgsql(Configuration.GetConnectionString("IdentityContext")));
services.AddDbContext<MultitenancyContext>(options => options.UseNpgsql(Configuration.GetConnectionString("MultitenancyContext")));
// Add identity services to handle user login
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityContext>()
.AddDefaultTokenProviders();
if (!HostingEnvironment.IsDevelopment())
{
services.AddSingleton<IAmazonS3>(new AmazonS3Client(RegionEndpoint.USEast1));
services.AddSingleton<IAmazonKeyManagementService>(new AmazonKeyManagementServiceClient(RegionEndpoint.USEast1));
services.AddDataProtection()
.SetApplicationName("accunet-web")
.ProtectKeysWithAwsKms(Configuration.GetSection("DataProtectionKms"))
.PersistKeysToAwsS3(Configuration.GetSection("DataProtectionS3"));
}
services.AddOptions();
services.AddMvc();
services.AddTransient<IUnitOfWork, UnitOfWork>();
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(TestUsers.Users)
.AddDeveloperSigningCredential(persistKey: false);
}
这两个系统在本地工作正常,但部署后我得到错误:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookie";
options.DefaultChallengeScheme = "challenge";
})
.AddCookie("Cookie")
.AddOpenIdConnect("challenge", options =>
{
options.Authority = "http://auth.is4server.com";
options.SignInScheme = "Cookie";
options.RequireHttpsMetadata = false;
options.ClientId = "server.hybrid";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("openid");
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
我能看到的唯一区别是本地它正在重定向到signin-oidc,类型为:x-www-form-urlencoded,它可以正常工作。
System.Exception: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_request', error_description: 'error_description is null', error_uri: 'error_uri is null'.
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
但是在部署的IS 4服务器上,它使用Type:document重定向并获得500错误。但是标题仍然包含我需要的所有信息,但是signin-oidc不接受表单并且失败。
我正在寻找拥有自己的signin-oidc端点而不是使用中间件,但我希望这很容易适应我的客户使用我的IS4服务器。
任何帮助都会非常感激,因为我几天都在努力解决这个问题。
以下是signin-oidc内容失败的内容:
一般
响应标题
Request URL: http://localhost:5002/signin-oidc
Request Method: POST
Status Code: 500 Internal Server Error
Remote Address: [::1]:5002
Referrer Policy: no-referrer
请求标题
Content-Type: text/html; charset=utf-8
Date: Wed, 13 Mar 2019 17:59:10 GMT
Server: Kestrel
Transfer-Encoding: chunked
表格数据
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1477
Content-Type: application/x-www-form-urlencoded
Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8G7d4NhrgFZAqO8IaG32oQ1zWDYRXeddV8UbbHzWM9_aj1-yBLqDHuKbrfGsEUiG3nPgOUL3zL4of6OK6dse4JkeFEhtK1Av1gwgduIWeT64sBQf3M0infYZFz2zLdZs3trHWd1RYH0vMAl697Q5qQqJYaOAfSELnddZOfhdPxqKJprpDil9o-RqQh5RyWU33IwXilBe1vRKvepkeIxgphoiLYtS_-YjPwCQXB_sBRIuB44FobwUWxFLJKDxA4xYHQlOW8smYTjo0hIZrsZnx0w=N; .AspNetCore.Correlation.challenge.Kia1WjnjAxluHmIXm3J5lO1TOWbzLXjidVC3fXfDmBk=N
Host: localhost:5002
Origin: null
Pragma: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
该问题与AWS中的Load Balancer有关。由于我为LB使用安全的公共域,因此它使用HTTPS,但在内部使用HTTP。此重定向导致发现文档具有HTTP。
将PublicOrigin设置为HTTPS地址会阻止重定向并解决问题。