OIDC login fails with #39;Correlation failed#39; - #39;cookie not found#39; while cookie is present(存在Cookie时,OIDC登录失败,关联失败#39;--#39;找不到Cookie)
本文介绍了存在Cookie时,OIDC登录失败,关联失败';--';找不到Cookie的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用身份服务器4通过外部登录提供程序(Microsoft)为我的Web应用程序提供身份验证和自动验证。
当我在本地运行身份服务器和我的Web应用程序时,这可以很好地工作。 但是,当我将标识服务器项目发布到Azure时,它不再起作用。
当我将本地运行的Web应用程序连接到已发布的身份服务器时,从Microsoft登录页面返回后,Web应用程序失败,并显示错误‘关联失败。未知位置’。
Web应用程序的输出显示:
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:
Warning: '.AspNetCore.Correlation.oidc.xxxxxxxxxxxxxxxxxxx' cookie not found.
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:
Information: Error from RemoteAuthentication: Correlation failed..
但是,当我检查浏览器时,确实存在名为‘.AspNetCore.Correlation.oidc.xxxxxxxxxxxxxxxxxxx’的Cookie。
以下是来自Web应用程序的Startup.cs:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services
.AddTransient<ApiService>();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie()
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = Configuration.GetSection("IdentityServer").GetValue<string>("AuthorityUrl");
//options.RequireHttpsMetadata = true;
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
});
services.AddLocalization(options => options.ResourcesPath = "Resources");
services.Configure<RequestLocalizationOptions>(options =>
{
var supportedCultures = new[]
{
new CultureInfo("nl-NL"),
new CultureInfo("en-US")
};
options.DefaultRequestCulture = new RequestCulture("nl-NL", "en-US");
options.SupportedCultures = supportedCultures;
options.SupportedUICultures = supportedCultures;
});
services.AddMvc()
.AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
.AddDataAnnotationsLocalization();
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "areas",
template: "{area:exists}/{controller}/{action}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler记录了以下错误:推荐答案
对我而言: 找不到‘";.AspNetCore.Correlation.OpenIdConnect.84ee_7zFbvb_w264b0SPRmS1OTKCeDhmzQ6awHoJ5gA";’Cookie。
在查看Chrome开发人员工具之后,我可以看到浏览器正在剥离关联Cookie,因为Cookie的SameSite属性被设置为&one";,而";Secure";属性却没有设置。Chrome不喜欢这样。我在Startup.Configure方法中添加了以下语句。
*注意:必须在app.UseAuthentication()和app.UseAuthorization()之前添加。
app.UseCookiePolicy(new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always
});
这篇关于存在Cookie时,OIDC登录失败,关联失败';--';找不到Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
