我有一个ASP.NET MVC 5应用程序,可以对Azure Active Directory进行身份验证.我想在整个应用中启用SSL.因此利用全局过滤器如下:
public class FilterConfig
{
/// <summary>
/// Registers the global filters.
/// </summary>
/// <param name="filters">The filters.</param>
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new RequireHttpsAttribute());
}
}
在此之后,我还将项目属性中的“启用SSL”设置为true.这给了我以下SSL网址 – > https://localhost:34567.我将项目更新为在“项目URL”中“服务器”下的“Web选项卡”下的IIS Express路径中.但是在运行该站点时,我遇到了以下错误:
IDX10311: RequireNonce is ‘true’ (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce,set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.
我有认证.在网站上启用.我使用Azure Active目录.
安全代码如下:
app.USEOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId,Authority = authority,PostlogoutRedirectUri = postlogoutRedirectUri }); app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = audience,Tenant = tenant,});
认证.正在从web.config中读取值,如下所示:
<add key="ida:ClientId" value="<some_guid>" />
<add key="ida:Audience" value="https://localhost:34567/" />
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:Tenant" value="microsoft.onmicrosoft.com" />
<add key="ida:PostlogoutRedirectUri" value="https://localhost:34567/" />
我尝试按照错误消息中的指示将RequireNonce设置为false,如下所示:
ProtocolValidator = new OpenIdConnectProtocolValidator
{
RequireNonce = false
}
但这只会导致无效的请求错误.
有人可以帮我理解这里的问题是什么吗?在启用SSL之前,一切都很顺利.
解决方法
如果错误消息以OICE_20004开头或包含IDX10311,则可以忽略异常.注意:自行承担风险.
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
// Ensure the URI is picked up dynamically from the request;
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Uri.PathAndQuery;
context.ProtocolMessage.RedirectUri = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Uri.PathAndQuery;
context.ProtocolMessage.PostlogoutRedirectUri = appBaseUrl;
return Task.FromResult(0);
},AuthenticationFailed = (context) =>
{
if (context.Exception.Message.StartsWith("OICE_20004") || context.Exception.Message.Contains("IDX10311"))
{
context.SkipToNextMiddleware();
return Task.FromResult(0);
}
return Task.FromResult(0);
},}
