Asp.net Azure 无法登录 facebook?位置:/Account/ExternalLoginCallback?error=access_denied
Asp.net on Azure cannot login facebook? Location: /Account/ExternalLoginCallback?error=access_denied
我按照 link https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-facebook-authentication 设置了 Facebook 登录。
在 https://developers.facebook.com/apps 中,"Valid OAuth redirect URIs" 具有以下 URI
https://myapp.azurewebsites.net/signin-facebook
https://myapp.azurewebsites.net/.auth/login/facebook/callback
但是,该站点无法登录 - 登录页面就停留在那里。输入 Url https://myapp.azurewebsites.net/event will always redirect to https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent.
以下是fiddler抓取的Net流量。 GET https://myapp.azurewebsites.net/signin-facebook?code=....(响应:Location: /Account/ExternalLoginCallback?error=access_denied)
时似乎请求被拒绝
------------------------------------------------------------------
GET https://www.facebook.com/dialog/oauth?response_type=code&client_id=365322087148601&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-facebook&scope=&state=E4J6p7jhJVr2YT1SYqxzHKoUJ1u04QtfVu8UUtgoRzK8xPfXvHnWSFJE5TGKOn9AoqVQkvGZHzakiNoTme2bQBm27n1riQTPTCLNrIoybUxhV-wXpyUDYrkXVawTs0JMtTOW1UK2gv_1YJ_A9EkbvPSZMXN-NW56vF2lq8d-9iPG7fTv41CGV3-0bVV2dAEW86gyO70VLVdQ5X2byye_XFS3XNkhtVJEbfXio_RMRvE HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://myapp.azurewebsites.net/Account/Login
Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cache-Control: no-cache
Host: www.facebook.com
Cookie: fr=0RObsAfMX8N2oDE0P.AWUijY5j4ajj3MWCbj2nVPEp4Go.BY9tIg.oW.Fj2.0.0.BY-AuR.AWU2VfKJ; datr=INL2WBkTq1-aa6V7IMJUUMMw; dats=1; sb=JNL2WJ2XCIs_K6QaFHEcvbTM; c_user=100000343225510; xs=251%3A-D7EtOmwXRbYlQ%3A2%3A1492570660%3A12220; pl=n; lu=ggNZWbJ4ElBZhc5tOVdylWWA; presence=EDvF3EtimeF1492652361EuserFA21B00343225510A2EstateFDutF1492652361094CEchFDp_5f1B00343225510F195CC
HTTP/1.1 302 Found
Location: https://myapp.azurewebsites.net/signin-facebook?code=AQC2JMYoeLmJAHtkTiHMTEckID_cdoJZ0eFkuffNCSh-XDzgZWCm-cJbDyIMJaLEa-mLApgU54MoppjOS0CH3b6jWCN-VDXsqq7z-6TALE35OdralWJRFSZQs7k-_4qBk4Vl8HmeW0INO5V4NL9nVU1tlDSqF6PoAN4Dee5DvvJyr_w_-ZE2ZG_dfY5zcq2-G9dNcqVGDs3YWzDQfP3VmWu-4kFZ3YUC8ENfFoUZPw8uvOBGPEgr_92aK8cQJnLXd1k98jCKb-sIzQHB9XCfUFW1QrMeww4EqvTvINl0Pu0O8l--M-zATFoMnQW6et8RRhBarAbmYSVMGCkClEFUDPe9Mcn8-qsFr1WBv4kqtLrnSA&state=E4J6p7jhJVr2YT1SYqxzHKoUJ1u04QtfVu8UUtgoRzK8xPfXvHnWSFJE5TGKOn9AoqVQkvGZHzakiNoTme2bQBm27n1riQTPTCLNrIoybUxhV-wXpyUDYrkXVawTs0JMtTOW1UK2gv_1YJ_A9EkbvPSZMXN-NW56vF2lq8d-9iPG7fTv41CGV3-0bVV2dAEW86gyO70VLVdQ5X2byye_XFS3XNkhtVJEbfXio_RMRvE#_=_
Expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v2.8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; preload
X-Frame-Options: DENY
Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
public-key-pins-report-only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/"
X-XSS-Protection: 0
Content-Type: text/html
X-FB-Debug: BOC8IkjZ4va1buTLdHl+OgLKK4ymT3oyi4SALf8bnAQx2MDqHkCvmTGsTMngZazRs0dFZ6SSHYSi0U6mcbaQNw==
Date: Thu, 20 Apr 2017 01:42:19 GMT
Connection: keep-alive
Content-Length: 0
------------------------------------------------------------------
GET https://myapp.azurewebsites.net/signin-facebook?code=AQC2JMYoeLmJAHtkTiHMTEckID_cdoJZ0eFkuffNCSh-XDzgZWCm-cJbDyIMJaLEa-mLApgU54MoppjOS0CH3b6jWCN-VDXsqq7z-6TALE35OdralWJRFSZQs7k-_4qBk4Vl8HmeW0INO5V4NL9nVU1tlDSqF6PoAN4Dee5DvvJyr_w_-ZE2ZG_dfY5zcq2-G9dNcqVGDs3YWzDQfP3VmWu-4kFZ3YUC8ENfFoUZPw8uvOBGPEgr_92aK8cQJnLXd1k98jCKb-sIzQHB9XCfUFW1QrMeww4EqvTvINl0Pu0O8l--M-zATFoMnQW6et8RRhBarAbmYSVMGCkClEFUDPe9Mcn8-qsFr1WBv4kqtLrnSA&state=E4J6p7jhJVr2YT1SYqxzHKoUJ1u04QtfVu8UUtgoRzK8xPfXvHnWSFJE5TGKOn9AoqVQkvGZHzakiNoTme2bQBm27n1riQTPTCLNrIoybUxhV-wXpyUDYrkXVawTs0JMtTOW1UK2gv_1YJ_A9EkbvPSZMXN-NW56vF2lq8d-9iPG7fTv41CGV3-0bVV2dAEW86gyO70VLVdQ5X2byye_XFS3XNkhtVJEbfXio_RMRvE HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://myapp.azurewebsites.net/Account/Login
Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cache-Control: no-cache
Host: myapp.azurewebsites.net
Cookie: __RequestVerificationToken=49xMNw5ePC60qAaVBtxq5TAbkgpGbkcPyb5OcWmO0CYNstOX7vUQJAST80cvsFM16l0USNgUCr9b5RCn3cnXXlsGhpz33rme4A_HRw1QFNY1; ARRAffinity=f86b281b78014bea7ff499f4d5d3d562aafe8f1cf9e24d7ef4dc3d48d94a9c32; .AspNet.Correlation.Facebook=hcA83RJONYyZTzuT0I3kTRJM6DTK9OUsmmrQKV_mAkU
HTTP/1.1 302 Found
Content-Length: 0
Location: /Account/ExternalLoginCallback?error=access_denied
Server: Microsoft-IIS/8.0
Set-Cookie: .AspNet.Correlation.Facebook=; expires=Thu, 01-Jan-1970 00:00:00 GMT
X-Powered-By: ASP.NET
Date: Thu, 20 Apr 2017 01:42:20 GMT
Startup.Auth.cs:
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and role manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
app.UseFacebookAuthentication(
appId: ".....",
appSecret: ".....");
//app.UseGoogleAuthentication();
}
}
更新:
更新 Microsoft.Owin.Security.Facebook 后,facebook 登录提示我注册一个新用户。但是,它仍然重定向到登录页面?以下是http流量。
POST https://myapp.azurewebsites.net/Account/ExternalLogin?ReturnUrl=%2Fevent HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent
Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: myapp.azurewebsites.net
Content-Length: 196
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __RequestVerificationToken=49xMNw5ePC60qAaVBtxq5TAbkgpGbkcPyb5OcWmO0CYNstOX7vUQJAST80cvsFM16l0USNgUCr9b5RCn3cnXXlsGhpz33rme4A_HRw1QFNY1; ARRAffinity=f86b281b78014bea7ff499f4d5d3d562aafe8f1cf9e24d7ef4dc3d48d94a9c32; .AspNet.ApplicationCookie=VkuppVPkn0nPbkYf5aSoSKrYsJVWusdEU4TKvf_bPajqbd7gMexZ4muf43ZnpSOwt9P6L60Lc_7VBWZu8Q41eIN2qw3vmhdcAC3gypOhFrQ57T-ymAyJX838uGjsjE3zw_RlVr1kLbyomB5xFVz5azv3nMCm4DDGadGQTSrPdEOQ54GVTQiDJJ9wi4vAd7Cc96ssc4J4x9HrWRIwdZiorubCJpyd1SUeDd6MkZTQgdxGPR42NBwr1CH7DDymU2fJSMw7Dw6Qi5IDNYwFL32J0rsc_5ji_VxvbUBhJZDFGwOxsQ5cFzm0k-XuqJB5zH1aS-6WvQ97sAbu4kQOt0BCZc3EhBAy9c5gmRmq1HyB-NiDwxhbpcS1e57M_9yNmdh8l9phHpnrthk2JNxzyom1Ni-nTbkbZsFdQ2SwuzuPaKS_R1IvXG57q7GM3QEzzTkjsZmuEPCaP5IvFfjISH8kVFBzCnoCoYkvjTKNsfG05VY
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 0
Location: https://www.facebook.com/v2.8/dialog/oauth?response_type=code&client_id=365322087148601&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-facebook&scope=&state=wq_uw7UGAFosxcCkR_Oa7P9gyBQeE4DbW92-YZN0tgOFzlOTLeFxDsaVVmH9SsEY6rkZb3zU4ZRBjcp3nQf-b4V-lbXSihHBIzol77_SiBOX7b-GI8iDtPfp9VFuXbhXZWn--GY5xhjOLXnMCu1idq-Y53qMLm_mhX_oOFuOqgyLmqz35Cf3ardNKUT9tdXUyrLOkOCndQ3R2KSWx_FJ0qzptM6J0IyCvk-JwFkEKvjAh3-mgopTgnIKP-LHBL2Z
Server: Microsoft-IIS/8.0
Set-Cookie: .AspNet.Correlation.Facebook=dfeXeK1QG0fHz_lgWH9nLhCT4Zw0USACEAyA0oAZzZ8; path=/; secure; HttpOnly
X-AspNetMvc-Version: 5.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 20 Apr 2017 03:49:27 GMT
------------------------------------------------------------------
GET https://www.facebook.com/v2.8/dialog/oauth?response_type=code&client_id=365322087148601&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-facebook&scope=&state=wq_uw7UGAFosxcCkR_Oa7P9gyBQeE4DbW92-YZN0tgOFzlOTLeFxDsaVVmH9SsEY6rkZb3zU4ZRBjcp3nQf-b4V-lbXSihHBIzol77_SiBOX7b-GI8iDtPfp9VFuXbhXZWn--GY5xhjOLXnMCu1idq-Y53qMLm_mhX_oOFuOqgyLmqz35Cf3ardNKUT9tdXUyrLOkOCndQ3R2KSWx_FJ0qzptM6J0IyCvk-JwFkEKvjAh3-mgopTgnIKP-LHBL2Z HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent
Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cache-Control: no-cache
Host: www.facebook.com
Cookie: fr=0RObsAfMX8N2oDE0P.AWUijY5j4ajj3MWCbj2nVPEp4Go.BY9tIg.oW.Fj2.0.0.BY-AuR.AWU2VfKJ; datr=INL2WBkTq1-aa6V7IMJUUMMw; dats=1; sb=JNL2WJ2XCIs_K6QaFHEcvbTM; c_user=100000343225510; xs=251%3A-D7EtOmwXRbYlQ%3A2%3A1492570660%3A12220; pl=n; lu=ggNZWbJ4ElBZhc5tOVdylWWA; presence=EDvF3EtimeF1492652361EuserFA21B00343225510A2EstateFDutF1492652361094CEchFDp_5f1B00343225510F195CC
HTTP/1.1 302 Found
Location: https://myapp.azurewebsites.net/signin-facebook?code=AQCGF2xmMpxqeJOvGi0ngPWLVPqxKZL19gdGPeZdYjQ0k6S-Ta_WS0VxOBxR7wcz70IzHkeC-jQw8KAy7NNP-9m0_atTD6OJYjFZpbnAyixkg7-2r6_B5MR3_nzSBVqc8orXBeBy4KbcG0pgcW6AYGOX1inJaXixCbvypqK5JSgj8RTjbnTd8OmMMzVhC6QBpuViHEcnwOKMx3YgaOEyV9GXwr39EBY-WvcDlu1b__L7vSD9y1VA5jGfAX7jRTmXOOOPrgU-KVOnvqrAUj4RgfpS2YqEFa59t9k00emP2L2FRq94HHBzZshI3dwN0kFH6nVu1y8VKuGqgIDJqbkiXPj88kgbC612wocVpuST4Y0q2g&state=wq_uw7UGAFosxcCkR_Oa7P9gyBQeE4DbW92-YZN0tgOFzlOTLeFxDsaVVmH9SsEY6rkZb3zU4ZRBjcp3nQf-b4V-lbXSihHBIzol77_SiBOX7b-GI8iDtPfp9VFuXbhXZWn--GY5xhjOLXnMCu1idq-Y53qMLm_mhX_oOFuOqgyLmqz35Cf3ardNKUT9tdXUyrLOkOCndQ3R2KSWx_FJ0qzptM6J0IyCvk-JwFkEKvjAh3-mgopTgnIKP-LHBL2Z#_=_
Expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v2.8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; preload
X-Frame-Options: DENY
Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
public-key-pins-report-only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/"
X-XSS-Protection: 0
Content-Type: text/html
X-FB-Debug: ABkQtw3vY1sccWewy5h4luP2SmaMQXgOUnv2HfxKkMGR7VFV+3Jq7+HOsVnGAESUXqI7RT+raZ/CrCLo3U1JbQ==
Date: Thu, 20 Apr 2017 03:49:26 GMT
Connection: keep-alive
Content-Length: 0
GET https://www.facebook.com/v2.8/dialog/oauth?response_type=code&client_id=....
的请求有一个X-Frame-Options: DENY
我可能遇到同样的问题,经过一些搜索我发现 facebook 图 api 做了一些更改。下面是详细信息,大家可以参考一下:
Facebook Graph API 强制升级:Changes from v2.2 to v2.3
[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.
由于 access_token 使用 JSON 而不是 URL 编码返回,Microsoft.Owin.Security.Facebook prior to 3.1.0 could not handle this change. You need to upgrade Microsoft.Owin.Security.Facebook to 3.1.0 version, or you need to implement the FacebookAuthenticationOptions.BackchannelHttpHandler for a workaround to handle this change, for more details, you could refer to this similar answer.
更新
据我所知,X-Frame-Options 表示是否应允许浏览器以 <frame>、<iframe> 或 <object> 呈现页面,我假设此 header 与您的问题无关。由于您的网络包来自您的客户端,因此当您使用 authorization_code 从 facebook 交换 access_token 时,您看不到处理过程。我建议您可以 运行 您本地的网络应用程序并按如下方式捕获包:
我已经检查了更新 Microsoft.Owin.Security.Facebook 到 3.1.0 并执行 FacebookAuthenticationOptions.BackchannelHttpHandler by following this issue, both could work on my side and azure. In summary, you could get the authorization_code but failed to extract the access_token, I assumed that you need to clear/rebuild your project and make sure your project could work on your local side, then redeploy your project to web app (if you deploy the website via VS publish wizard, you could choose the "Remove additional files at destination" under Settings > File Publish Options or you could use KUDU 清空您的网页内容)。
更新2
我已经用我的 facekbook 应用程序创建了一个代码示例 AspDotNet-WebApplication-FacebookAuth,您可以尝试 运行 在您的本地并确保您可以检索 access_token 并获得记录用户信息如下:
我按照 link https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-facebook-authentication 设置了 Facebook 登录。
在 https://developers.facebook.com/apps 中,"Valid OAuth redirect URIs" 具有以下 URI
https://myapp.azurewebsites.net/signin-facebook
https://myapp.azurewebsites.net/.auth/login/facebook/callback
但是,该站点无法登录 - 登录页面就停留在那里。输入 Url https://myapp.azurewebsites.net/event will always redirect to https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent.
以下是fiddler抓取的Net流量。 GET https://myapp.azurewebsites.net/signin-facebook?code=....(响应:Location: /Account/ExternalLoginCallback?error=access_denied)
------------------------------------------------------------------ GET https://www.facebook.com/dialog/oauth?response_type=code&client_id=365322087148601&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-facebook&scope=&state=E4J6p7jhJVr2YT1SYqxzHKoUJ1u04QtfVu8UUtgoRzK8xPfXvHnWSFJE5TGKOn9AoqVQkvGZHzakiNoTme2bQBm27n1riQTPTCLNrIoybUxhV-wXpyUDYrkXVawTs0JMtTOW1UK2gv_1YJ_A9EkbvPSZMXN-NW56vF2lq8d-9iPG7fTv41CGV3-0bVV2dAEW86gyO70VLVdQ5X2byye_XFS3XNkhtVJEbfXio_RMRvE HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: https://myapp.azurewebsites.net/Account/Login Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Cache-Control: no-cache Host: www.facebook.com Cookie: fr=0RObsAfMX8N2oDE0P.AWUijY5j4ajj3MWCbj2nVPEp4Go.BY9tIg.oW.Fj2.0.0.BY-AuR.AWU2VfKJ; datr=INL2WBkTq1-aa6V7IMJUUMMw; dats=1; sb=JNL2WJ2XCIs_K6QaFHEcvbTM; c_user=100000343225510; xs=251%3A-D7EtOmwXRbYlQ%3A2%3A1492570660%3A12220; pl=n; lu=ggNZWbJ4ElBZhc5tOVdylWWA; presence=EDvF3EtimeF1492652361EuserFA21B00343225510A2EstateFDutF1492652361094CEchFDp_5f1B00343225510F195CC HTTP/1.1 302 Found Location: https://myapp.azurewebsites.net/signin-facebook?code=AQC2JMYoeLmJAHtkTiHMTEckID_cdoJZ0eFkuffNCSh-XDzgZWCm-cJbDyIMJaLEa-mLApgU54MoppjOS0CH3b6jWCN-VDXsqq7z-6TALE35OdralWJRFSZQs7k-_4qBk4Vl8HmeW0INO5V4NL9nVU1tlDSqF6PoAN4Dee5DvvJyr_w_-ZE2ZG_dfY5zcq2-G9dNcqVGDs3YWzDQfP3VmWu-4kFZ3YUC8ENfFoUZPw8uvOBGPEgr_92aK8cQJnLXd1k98jCKb-sIzQHB9XCfUFW1QrMeww4EqvTvINl0Pu0O8l--M-zATFoMnQW6et8RRhBarAbmYSVMGCkClEFUDPe9Mcn8-qsFr1WBv4kqtLrnSA&state=E4J6p7jhJVr2YT1SYqxzHKoUJ1u04QtfVu8UUtgoRzK8xPfXvHnWSFJE5TGKOn9AoqVQkvGZHzakiNoTme2bQBm27n1riQTPTCLNrIoybUxhV-wXpyUDYrkXVawTs0JMtTOW1UK2gv_1YJ_A9EkbvPSZMXN-NW56vF2lq8d-9iPG7fTv41CGV3-0bVV2dAEW86gyO70VLVdQ5X2byye_XFS3XNkhtVJEbfXio_RMRvE#_=_ Expires: Sat, 01 Jan 2000 00:00:00 GMT facebook-api-version: v2.8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=15552000; preload X-Frame-Options: DENY Cache-Control: private, no-cache, no-store, must-revalidate Pragma: no-cache public-key-pins-report-only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/" X-XSS-Protection: 0 Content-Type: text/html X-FB-Debug: BOC8IkjZ4va1buTLdHl+OgLKK4ymT3oyi4SALf8bnAQx2MDqHkCvmTGsTMngZazRs0dFZ6SSHYSi0U6mcbaQNw== Date: Thu, 20 Apr 2017 01:42:19 GMT Connection: keep-alive Content-Length: 0 ------------------------------------------------------------------ GET https://myapp.azurewebsites.net/signin-facebook?code=AQC2JMYoeLmJAHtkTiHMTEckID_cdoJZ0eFkuffNCSh-XDzgZWCm-cJbDyIMJaLEa-mLApgU54MoppjOS0CH3b6jWCN-VDXsqq7z-6TALE35OdralWJRFSZQs7k-_4qBk4Vl8HmeW0INO5V4NL9nVU1tlDSqF6PoAN4Dee5DvvJyr_w_-ZE2ZG_dfY5zcq2-G9dNcqVGDs3YWzDQfP3VmWu-4kFZ3YUC8ENfFoUZPw8uvOBGPEgr_92aK8cQJnLXd1k98jCKb-sIzQHB9XCfUFW1QrMeww4EqvTvINl0Pu0O8l--M-zATFoMnQW6et8RRhBarAbmYSVMGCkClEFUDPe9Mcn8-qsFr1WBv4kqtLrnSA&state=E4J6p7jhJVr2YT1SYqxzHKoUJ1u04QtfVu8UUtgoRzK8xPfXvHnWSFJE5TGKOn9AoqVQkvGZHzakiNoTme2bQBm27n1riQTPTCLNrIoybUxhV-wXpyUDYrkXVawTs0JMtTOW1UK2gv_1YJ_A9EkbvPSZMXN-NW56vF2lq8d-9iPG7fTv41CGV3-0bVV2dAEW86gyO70VLVdQ5X2byye_XFS3XNkhtVJEbfXio_RMRvE HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: https://myapp.azurewebsites.net/Account/Login Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Cache-Control: no-cache Host: myapp.azurewebsites.net Cookie: __RequestVerificationToken=49xMNw5ePC60qAaVBtxq5TAbkgpGbkcPyb5OcWmO0CYNstOX7vUQJAST80cvsFM16l0USNgUCr9b5RCn3cnXXlsGhpz33rme4A_HRw1QFNY1; ARRAffinity=f86b281b78014bea7ff499f4d5d3d562aafe8f1cf9e24d7ef4dc3d48d94a9c32; .AspNet.Correlation.Facebook=hcA83RJONYyZTzuT0I3kTRJM6DTK9OUsmmrQKV_mAkU HTTP/1.1 302 Found Content-Length: 0 Location: /Account/ExternalLoginCallback?error=access_denied Server: Microsoft-IIS/8.0 Set-Cookie: .AspNet.Correlation.Facebook=; expires=Thu, 01-Jan-1970 00:00:00 GMT X-Powered-By: ASP.NET Date: Thu, 20 Apr 2017 01:42:20 GMT
Startup.Auth.cs:
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and role manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
app.UseFacebookAuthentication(
appId: ".....",
appSecret: ".....");
//app.UseGoogleAuthentication();
}
}
更新: 更新 Microsoft.Owin.Security.Facebook 后,facebook 登录提示我注册一个新用户。但是,它仍然重定向到登录页面?以下是http流量。
POST https://myapp.azurewebsites.net/Account/ExternalLogin?ReturnUrl=%2Fevent HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: myapp.azurewebsites.net Content-Length: 196 Connection: Keep-Alive Cache-Control: no-cache Cookie: __RequestVerificationToken=49xMNw5ePC60qAaVBtxq5TAbkgpGbkcPyb5OcWmO0CYNstOX7vUQJAST80cvsFM16l0USNgUCr9b5RCn3cnXXlsGhpz33rme4A_HRw1QFNY1; ARRAffinity=f86b281b78014bea7ff499f4d5d3d562aafe8f1cf9e24d7ef4dc3d48d94a9c32; .AspNet.ApplicationCookie=VkuppVPkn0nPbkYf5aSoSKrYsJVWusdEU4TKvf_bPajqbd7gMexZ4muf43ZnpSOwt9P6L60Lc_7VBWZu8Q41eIN2qw3vmhdcAC3gypOhFrQ57T-ymAyJX838uGjsjE3zw_RlVr1kLbyomB5xFVz5azv3nMCm4DDGadGQTSrPdEOQ54GVTQiDJJ9wi4vAd7Cc96ssc4J4x9HrWRIwdZiorubCJpyd1SUeDd6MkZTQgdxGPR42NBwr1CH7DDymU2fJSMw7Dw6Qi5IDNYwFL32J0rsc_5ji_VxvbUBhJZDFGwOxsQ5cFzm0k-XuqJB5zH1aS-6WvQ97sAbu4kQOt0BCZc3EhBAy9c5gmRmq1HyB-NiDwxhbpcS1e57M_9yNmdh8l9phHpnrthk2JNxzyom1Ni-nTbkbZsFdQ2SwuzuPaKS_R1IvXG57q7GM3QEzzTkjsZmuEPCaP5IvFfjISH8kVFBzCnoCoYkvjTKNsfG05VY HTTP/1.1 302 Found Cache-Control: private Content-Length: 0 Location: https://www.facebook.com/v2.8/dialog/oauth?response_type=code&client_id=365322087148601&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-facebook&scope=&state=wq_uw7UGAFosxcCkR_Oa7P9gyBQeE4DbW92-YZN0tgOFzlOTLeFxDsaVVmH9SsEY6rkZb3zU4ZRBjcp3nQf-b4V-lbXSihHBIzol77_SiBOX7b-GI8iDtPfp9VFuXbhXZWn--GY5xhjOLXnMCu1idq-Y53qMLm_mhX_oOFuOqgyLmqz35Cf3ardNKUT9tdXUyrLOkOCndQ3R2KSWx_FJ0qzptM6J0IyCvk-JwFkEKvjAh3-mgopTgnIKP-LHBL2Z Server: Microsoft-IIS/8.0 Set-Cookie: .AspNet.Correlation.Facebook=dfeXeK1QG0fHz_lgWH9nLhCT4Zw0USACEAyA0oAZzZ8; path=/; secure; HttpOnly X-AspNetMvc-Version: 5.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 20 Apr 2017 03:49:27 GMT ------------------------------------------------------------------ GET https://www.facebook.com/v2.8/dialog/oauth?response_type=code&client_id=365322087148601&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-facebook&scope=&state=wq_uw7UGAFosxcCkR_Oa7P9gyBQeE4DbW92-YZN0tgOFzlOTLeFxDsaVVmH9SsEY6rkZb3zU4ZRBjcp3nQf-b4V-lbXSihHBIzol77_SiBOX7b-GI8iDtPfp9VFuXbhXZWn--GY5xhjOLXnMCu1idq-Y53qMLm_mhX_oOFuOqgyLmqz35Cf3ardNKUT9tdXUyrLOkOCndQ3R2KSWx_FJ0qzptM6J0IyCvk-JwFkEKvjAh3-mgopTgnIKP-LHBL2Z HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: https://myapp.azurewebsites.net/Account/Login?ReturnUrl=%2Fevent Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Cache-Control: no-cache Host: www.facebook.com Cookie: fr=0RObsAfMX8N2oDE0P.AWUijY5j4ajj3MWCbj2nVPEp4Go.BY9tIg.oW.Fj2.0.0.BY-AuR.AWU2VfKJ; datr=INL2WBkTq1-aa6V7IMJUUMMw; dats=1; sb=JNL2WJ2XCIs_K6QaFHEcvbTM; c_user=100000343225510; xs=251%3A-D7EtOmwXRbYlQ%3A2%3A1492570660%3A12220; pl=n; lu=ggNZWbJ4ElBZhc5tOVdylWWA; presence=EDvF3EtimeF1492652361EuserFA21B00343225510A2EstateFDutF1492652361094CEchFDp_5f1B00343225510F195CC HTTP/1.1 302 Found Location: https://myapp.azurewebsites.net/signin-facebook?code=AQCGF2xmMpxqeJOvGi0ngPWLVPqxKZL19gdGPeZdYjQ0k6S-Ta_WS0VxOBxR7wcz70IzHkeC-jQw8KAy7NNP-9m0_atTD6OJYjFZpbnAyixkg7-2r6_B5MR3_nzSBVqc8orXBeBy4KbcG0pgcW6AYGOX1inJaXixCbvypqK5JSgj8RTjbnTd8OmMMzVhC6QBpuViHEcnwOKMx3YgaOEyV9GXwr39EBY-WvcDlu1b__L7vSD9y1VA5jGfAX7jRTmXOOOPrgU-KVOnvqrAUj4RgfpS2YqEFa59t9k00emP2L2FRq94HHBzZshI3dwN0kFH6nVu1y8VKuGqgIDJqbkiXPj88kgbC612wocVpuST4Y0q2g&state=wq_uw7UGAFosxcCkR_Oa7P9gyBQeE4DbW92-YZN0tgOFzlOTLeFxDsaVVmH9SsEY6rkZb3zU4ZRBjcp3nQf-b4V-lbXSihHBIzol77_SiBOX7b-GI8iDtPfp9VFuXbhXZWn--GY5xhjOLXnMCu1idq-Y53qMLm_mhX_oOFuOqgyLmqz35Cf3ardNKUT9tdXUyrLOkOCndQ3R2KSWx_FJ0qzptM6J0IyCvk-JwFkEKvjAh3-mgopTgnIKP-LHBL2Z#_=_ Expires: Sat, 01 Jan 2000 00:00:00 GMT facebook-api-version: v2.8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=15552000; preload X-Frame-Options: DENY Cache-Control: private, no-cache, no-store, must-revalidate Pragma: no-cache public-key-pins-report-only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/" X-XSS-Protection: 0 Content-Type: text/html X-FB-Debug: ABkQtw3vY1sccWewy5h4luP2SmaMQXgOUnv2HfxKkMGR7VFV+3Jq7+HOsVnGAESUXqI7RT+raZ/CrCLo3U1JbQ== Date: Thu, 20 Apr 2017 03:49:26 GMT Connection: keep-alive Content-Length: 0
GET https://www.facebook.com/v2.8/dialog/oauth?response_type=code&client_id=....
X-Frame-Options: DENY
我可能遇到同样的问题,经过一些搜索我发现 facebook 图 api 做了一些更改。下面是详细信息,大家可以参考一下:
Facebook Graph API 强制升级:Changes from v2.2 to v2.3
[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.
由于 access_token 使用 JSON 而不是 URL 编码返回,Microsoft.Owin.Security.Facebook prior to 3.1.0 could not handle this change. You need to upgrade Microsoft.Owin.Security.Facebook to 3.1.0 version, or you need to implement the FacebookAuthenticationOptions.BackchannelHttpHandler for a workaround to handle this change, for more details, you could refer to this similar answer.
更新
据我所知,X-Frame-Options 表示是否应允许浏览器以 <frame>、<iframe> 或 <object> 呈现页面,我假设此 header 与您的问题无关。由于您的网络包来自您的客户端,因此当您使用 authorization_code 从 facebook 交换 access_token 时,您看不到处理过程。我建议您可以 运行 您本地的网络应用程序并按如下方式捕获包:
我已经检查了更新 Microsoft.Owin.Security.Facebook 到 3.1.0 并执行 FacebookAuthenticationOptions.BackchannelHttpHandler by following this issue, both could work on my side and azure. In summary, you could get the authorization_code but failed to extract the access_token, I assumed that you need to clear/rebuild your project and make sure your project could work on your local side, then redeploy your project to web app (if you deploy the website via VS publish wizard, you could choose the "Remove additional files at destination" under Settings > File Publish Options or you could use KUDU 清空您的网页内容)。
更新2
我已经用我的 facekbook 应用程序创建了一个代码示例 AspDotNet-WebApplication-FacebookAuth,您可以尝试 运行 在您的本地并确保您可以检索 access_token 并获得记录用户信息如下:
