asp.net-mvc – 在ASP.NET MVC 5应用程序中启用SSL会导致OpenIdConnectProtocolValidator问题

前端之家收集整理的这篇文章主要介绍了asp.net-mvc – 在ASP.NET MVC 5应用程序中启用SSL会导致OpenIdConnectProtocolValidator问题前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个ASP.NET MVC 5应用程序,可以对Azure Active Directory进行身份验证.我想在整个应用中启用SSL.因此利用全局过滤器如下:
public class FilterConfig
{
    /// <summary>
    /// Registers the global filters.
    /// </summary>
    /// <param name="filters">The filters.</param>
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new RequireHttpsAttribute());
    }
}

在此之后,我还将项目属性中的“启用SSL”设置为true.这给了我以下SSL网址 – > https://localhost:34567.我将项目更新为在“项目URL”中“服务器”下的“Web选项卡”下的IIS Express路径中.但是在运行该站点时,我遇到了以下错误

IDX10311: RequireNonce is ‘true’ (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce,set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.

我有认证.在网站上启用.我使用Azure Active目录.

安全代码如下:

app.USEOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,Authority = authority,PostlogoutRedirectUri = postlogoutRedirectUri                    
            });

        app.UseWindowsAzureActiveDirectoryBearerAuthentication(
            new WindowsAzureActiveDirectoryBearerAuthenticationOptions
            {
                Audience = audience,Tenant = tenant,});

认证.正在从web.config中读取值,如下所示:

<add key="ida:ClientId" value="<some_guid>" />
<add key="ida:Audience" value="https://localhost:34567/" />
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:Tenant" value="microsoft.onmicrosoft.com" />
<add key="ida:PostlogoutRedirectUri" value="https://localhost:34567/" />

我尝试按照错误消息中的指示将RequireNonce设置为false,如下所示:

ProtocolValidator = new OpenIdConnectProtocolValidator
                {
                    RequireNonce = false
                }

但这只会导致无效的请求错误.

有人可以帮我理解这里的问题是什么吗?在启用SSL之前,一切都很顺利.

解决方法

如果错误消息以OICE_20004开头或包含IDX10311,则可以忽略异常.注意:自行承担风险.
Notifications = new OpenIdConnectAuthenticationNotifications()
{
    RedirectToIdentityProvider = (context) =>
    {
        // Ensure the URI is picked up dynamically from the request;
        string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Uri.PathAndQuery;
        context.ProtocolMessage.RedirectUri = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Uri.PathAndQuery;
        context.ProtocolMessage.PostlogoutRedirectUri = appBaseUrl;
        return Task.FromResult(0);
    },AuthenticationFailed = (context) =>
    {
        if (context.Exception.Message.StartsWith("OICE_20004") || context.Exception.Message.Contains("IDX10311"))
        {
            context.SkipToNextMiddleware();
            return Task.FromResult(0);
        }
        return Task.FromResult(0);
    },}

猜你在找的asp.Net相关文章