我正在尝试在 .NET 8 Web API 中启用 OpenIdConnect 和 Cookie:
builder.Services
.AddAuthentication(options =>
{
options.DefaultChallengeScheme = "MyPolicy";
options.DefaultAuthenticateScheme = "MyPolicy";
})
.AddCookie(options =>
{
// add an instance of the patched manager to the options:
options.CookieManager = new ChunkingCookieManager();
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Authority = "";
options.ClientId = "";
options.ClientSecret = "";
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ResponseType = "code";
options.Prompt = "login";
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.RequireHttpsMetadata = false;
})
.AddJwtBearer(options =>
{
// some configuration
})
.AddPolicyScheme("MyPolicy", "My test Policy", options =>
{
options.ForwardDefaultSelector = context =>
{
// Decide which Authentication schema to use for each request
string authorization = context.Request.Headers[HeaderNames.Authorization];
if (authorization != null && authorization.StartsWith("Bearer", StringComparison.OrdinalIgnoreCase))
{
return BearerAuthenticationSchemeName;
}
if (context.Request.Path.StartsWithSegments("/swagger"))
{
return OpenIdConnectDefaults.AuthenticationScheme;
}
return CookieAuthenticationDefaults.AuthenticationScheme;
};
});
var app = builder.Build();
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.None,
Secure = CookieSecurePolicy.Always,
});
app.UseAuthentication();
app.UseAuthorization();
app.UseSwagger();
app.UseSwaggerUI();
// more middleware
当我打开
/swagger/signin-oidcOpenIdConnectAuthenticationHandlermessage.State is null or emptySystem.Exception: An error was encountered while handling the remote login.
---> System.Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at MyApp.Middlewares.LoggingMiddleware.InvokeAsync(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
当我在本地运行它时(例如在
http://localhost:5000/swaggerhttps://myexampleurl.whatever/swagger/.AspNetCore.OpenIdConnect.Nonce.<somehugestring>; .AspNetCore.Correlation.<correlation>; <anotherbigstring>Authoritymyexampleurl还值得注意的是,当我在本地运行此程序并重定向到
/signin-oidcAspNetCore.CorrelationAspNetCore.OpenIdConnect.Nonce首先是我的 cookie 策略设置。当在
SameSiteNoneapp.UseCookiePolicy()CookieSecurePolicy.AlwaysHTTP 500app.UseForwardedHeaders()app.UseAuthentication()所以,在一切都改变之后,这就是我的
Program.csbuilder.Services.AddAuthentication().AddCookie(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
}).AddOpenIdConnect(...).AddJwtBearer(...).AddPolicyScheme(...);
var app = builder.Build();
ForwardedHeadersOptions forwardedHeadersOptions = new()
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
forwardedHeadersOptions.KnownNetworks.Clear();
forwardedHeadersOptions.KnownProxies.Clear();
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.None,
Secure = CookieSecurePolicy.Always,
});
app.UseForwardedHeaders(forwardedHeadersOptions);
app.UseAuthentication();
app.UseAuthorization();
app.UseSwagger();
app.UseSwaggerUI();
// more middleware