MVC 6 OpenIdConnect
MVC 6 OpenIdConnect
我目前 运行 遇到多个问题,将我的 MVC 应用程序从 beta 3 迁移到 4 - 其中之一与 OpenIdConnect 到 Windows Azure 进行身份验证有关。当我转到具有 Authorize 属性的页面时,该页面停止处理并停留在空白页面上,而没有显示 Azure 登录页面。我没有得到 YSOD - 只是空白屏幕。至于示例代码,我只能找到这些:
https://github.com/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/OpenIdConnectSample/Startup.cs
https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/vNext/samples/Mvc/Mvc.Client/Startup.cs
如果我使用第二个示例,并在不同的控制器中实际使用 ChallengeResult,它确实会打开 Azure 登录页面,但会在 Azure 端返回错误请求 (400)。
这是我当前的代码:
public void ConfigureServices(IServiceCollection services)
{
// Cannot find services.AddAuthentication that is supposed to be in Microsoft.Framework.DependencyInjection
services.AddWebEncoders();
services.AddDataProtection();
services.Configure<ExternalAuthenticationOptions>(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationType;
});
// Add MVC services to the services container.
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory)
{
// Configure the OWIN Pipeline to use OpenID Connect Authentication
app.UseCookieAuthentication(options => {
options.AutomaticAuthentication = true;
});
app.UseOpenIdConnectAuthentication(options =>
{
options.ClientId = Constants.ClientId;
options.Authority = Constants.Authority;
options.PostLogoutRedirectUri = Constants.PostLogoutRedirectUri;
options.TokenValidationParameters.RoleClaimType = "roles";
options.Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = async (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(Constants.ClientId, Constants.AppKey);
AuthenticationContext authContext = new AuthenticationContext(Constants.Authority, false);
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(Constants.PostLogoutRedirectUri), credential, Constants.GraphUri);
ActiveDirectoryHelper.token = result.AccessToken;
}
};
});
// More MVC stuff such as routing and static files
}
P.S。有没有人对 MVC 6 有任何有用的资源?我一直在搜索 GitHub 我的大部分 Beta 4 代码。
您遇到的问题与 Cookie header 相关,如果您遇到的 400 错误是 "HTTP Error 400. The size of the request headers is too long."[,则它超出了 HTTP.sys 的限制=30=]。 Azure AD cookie header 可能超过单个 header 的限制。我有同样的问题,这是我的饼干:
ARRAffinity = 65 bytes
.AspNet.Cookies = 9 bytes
.AspNet.CookiesC1 = 4046 bytes
.AspNet.CookiesC2 = 4046 bytes
.AspNet.CookiesC3 = 4046 bytes
.AspNet.CookiesC4 = 3850 bytes
您可能会看到类似的图片。有几个解决方法:
如果您可以控制服务器,请应用 these registry changes 来突破限制并重新启动您的服务器。
如果您无法控制服务器(例如 Azure Web Apps),则需要缩小 cookie 的大小。为此,您可以将 cookie 内容存储在 ASP.NET 5 session 上,而不是存储更小的 session cookie。示例:
app.UseCookieAuthentication(options =>
{
options.AutomaticAuthentication = true;
options.SessionStore = new MemoryCacheSessionStore();
});
MemoryCacheSessionStore here is an implementation of IAuthenticationSessionStore. You can find the complete sample here 在 ASP.NET 安全存储库上。
我目前 运行 遇到多个问题,将我的 MVC 应用程序从 beta 3 迁移到 4 - 其中之一与 OpenIdConnect 到 Windows Azure 进行身份验证有关。当我转到具有 Authorize 属性的页面时,该页面停止处理并停留在空白页面上,而没有显示 Azure 登录页面。我没有得到 YSOD - 只是空白屏幕。至于示例代码,我只能找到这些: https://github.com/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/OpenIdConnectSample/Startup.cs https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/vNext/samples/Mvc/Mvc.Client/Startup.cs
如果我使用第二个示例,并在不同的控制器中实际使用 ChallengeResult,它确实会打开 Azure 登录页面,但会在 Azure 端返回错误请求 (400)。
这是我当前的代码:
public void ConfigureServices(IServiceCollection services)
{
// Cannot find services.AddAuthentication that is supposed to be in Microsoft.Framework.DependencyInjection
services.AddWebEncoders();
services.AddDataProtection();
services.Configure<ExternalAuthenticationOptions>(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationType;
});
// Add MVC services to the services container.
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory)
{
// Configure the OWIN Pipeline to use OpenID Connect Authentication
app.UseCookieAuthentication(options => {
options.AutomaticAuthentication = true;
});
app.UseOpenIdConnectAuthentication(options =>
{
options.ClientId = Constants.ClientId;
options.Authority = Constants.Authority;
options.PostLogoutRedirectUri = Constants.PostLogoutRedirectUri;
options.TokenValidationParameters.RoleClaimType = "roles";
options.Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = async (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(Constants.ClientId, Constants.AppKey);
AuthenticationContext authContext = new AuthenticationContext(Constants.Authority, false);
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(Constants.PostLogoutRedirectUri), credential, Constants.GraphUri);
ActiveDirectoryHelper.token = result.AccessToken;
}
};
});
// More MVC stuff such as routing and static files
}
P.S。有没有人对 MVC 6 有任何有用的资源?我一直在搜索 GitHub 我的大部分 Beta 4 代码。
您遇到的问题与 Cookie header 相关,如果您遇到的 400 错误是 "HTTP Error 400. The size of the request headers is too long."[,则它超出了 HTTP.sys 的限制=30=]。 Azure AD cookie header 可能超过单个 header 的限制。我有同样的问题,这是我的饼干:
ARRAffinity = 65 bytes
.AspNet.Cookies = 9 bytes
.AspNet.CookiesC1 = 4046 bytes
.AspNet.CookiesC2 = 4046 bytes
.AspNet.CookiesC3 = 4046 bytes
.AspNet.CookiesC4 = 3850 bytes
您可能会看到类似的图片。有几个解决方法:
如果您可以控制服务器,请应用 these registry changes 来突破限制并重新启动您的服务器。
如果您无法控制服务器(例如 Azure Web Apps),则需要缩小 cookie 的大小。为此,您可以将 cookie 内容存储在 ASP.NET 5 session 上,而不是存储更小的 session cookie。示例:
app.UseCookieAuthentication(options => { options.AutomaticAuthentication = true; options.SessionStore = new MemoryCacheSessionStore(); });MemoryCacheSessionStorehere is an implementation ofIAuthenticationSessionStore. You can find the complete sample here 在 ASP.NET 安全存储库上。