Razor Page @attibute[Authorize] 第一次断开连接后对每个人都失败 - Blazor 服务器
Razor Page @attibute[Authorize] FAILS for everyone after first disconnect - Blazor Server
如有任何建议,请提供帮助。我们将不胜感激。
在生产中,第一个用户没有问题,但是在包括第一个用户之后的任何用户,如果他们 return,则无法使用 @attibute[Authorize] 访问任何页面。我使用 Auth0 来管理用户池。
这不会在本地发生,因为只有一个用户“开发人员”测试该站点。第一个用户连接。
站点在这些日志后中断。
Connection id "0HMFRUPK7S99E" sending FIN because: "The client closed
the connection." 02:43:34
[DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id
"0HMFRUPK7S99E" disconnecting. 02:43:34
[DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id
"0HMFRUPK7S99E" completed keep alive response. 02:43:34
[INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished
HTTP/1.1 POST https://example.com/_blazor/disconnect
multipart/form-data;+boundary=---------------------------139792296522211296111044067565
397 - 200 0 - 54.1590ms 02:43:34
[DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id
"0HMFRUPK7S99E" stopped.
之后,导航菜单加载但没有人可以导航到具有@attibute[Authorize]
的任何页面
02:44:09
[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport]
Message received. Type: Binary, size: 26, EndOfMessage: True. 02:44:10
[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport]
Message received. Type: Binary, size: 3, EndOfMessage: True.
我不确定它是中间件还是哪里:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
// Configure the HTTP request pipeline.
if (!env.IsDevelopment())
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
这是 Auth0 的配置。在 appsetting.json 我有:
"Auth0": {
"Authority": "https://************************",
"ClientId": "*******************************",
"ClientSecret": "*************************************************",
"Audience": "************************",
"ResponseType": "code",
"DefaultScopes": "email"
}
这是我将 Auth0 配置为服务:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("Auth0", options => {
Configuration.Bind("Auth0", options);
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/callback");
options.ClaimsIssuer = "Auth0";
options.SaveTokens = true;
options.TokenValidationParameters = new()
{
NameClaimType = "name",
};
options.Events = new OpenIdConnectEvents
{
// handle the logout redirection
OnRedirectToIdentityProviderForSignOut = (context) =>
{
var logoutUri = $"https://{Configuration["Auth0:Domain"]}/v2/logout?client_id={Configuration["Auth0:ClientId"]}";
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = context.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
});
如果有任何帮助,我将不胜感激。提前谢谢你
经过大量调查,我的问题的真正答案是我无法使用 AddScope 注入我的 Entity Framework 数据存储。我不得不将其更改为 AddSingleton。
如有任何建议,请提供帮助。我们将不胜感激。 在生产中,第一个用户没有问题,但是在包括第一个用户之后的任何用户,如果他们 return,则无法使用 @attibute[Authorize] 访问任何页面。我使用 Auth0 来管理用户池。
这不会在本地发生,因为只有一个用户“开发人员”测试该站点。第一个用户连接。
站点在这些日志后中断。
Connection id "0HMFRUPK7S99E" sending FIN because: "The client closed the connection." 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HMFRUPK7S99E" disconnecting. 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HMFRUPK7S99E" completed keep alive response. 02:43:34 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST https://example.com/_blazor/disconnect multipart/form-data;+boundary=---------------------------139792296522211296111044067565 397 - 200 0 - 54.1590ms 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HMFRUPK7S99E" stopped.
之后,导航菜单加载但没有人可以导航到具有@attibute[Authorize]
的任何页面02:44:09
[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport] Message received. Type: Binary, size: 26, EndOfMessage: True. 02:44:10 [VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport] Message received. Type: Binary, size: 3, EndOfMessage: True.
我不确定它是中间件还是哪里:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
// Configure the HTTP request pipeline.
if (!env.IsDevelopment())
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
这是 Auth0 的配置。在 appsetting.json 我有:
"Auth0": {
"Authority": "https://************************",
"ClientId": "*******************************",
"ClientSecret": "*************************************************",
"Audience": "************************",
"ResponseType": "code",
"DefaultScopes": "email"
}
这是我将 Auth0 配置为服务:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("Auth0", options => {
Configuration.Bind("Auth0", options);
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/callback");
options.ClaimsIssuer = "Auth0";
options.SaveTokens = true;
options.TokenValidationParameters = new()
{
NameClaimType = "name",
};
options.Events = new OpenIdConnectEvents
{
// handle the logout redirection
OnRedirectToIdentityProviderForSignOut = (context) =>
{
var logoutUri = $"https://{Configuration["Auth0:Domain"]}/v2/logout?client_id={Configuration["Auth0:ClientId"]}";
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = context.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
});
如果有任何帮助,我将不胜感激。提前谢谢你
经过大量调查,我的问题的真正答案是我无法使用 AddScope 注入我的 Entity Framework 数据存储。我不得不将其更改为 AddSingleton。