我设置了一个非常简单的 ASP.NET MVC 5 应用程序,它尝试在授权代码模式下通过 OpenID 提供程序对用户进行身份验证。
我能够登录,服务器会返回重定向 URL 查询字符串中的代码和随机数 cookie。但是,回到客户端应用程序,用户未经过身份验证(User.Identity.IsAuthenticated
false),没有声明并调用具有Authorize
属性永远不会被执行。浏览器停留在重定向 URL 页面(即主页)上。
我认为 OpenID Connect 中间件执行期间发生了一些事情,导致它中途停止,但不太清楚如何调试它。
即使在“中断所有 CLR 异常”模式下,也不会引发异常。
当将事件监听器连接到IdentityModelEventSource.Logger
在详细级别,我只收到一个记录的事件:“为 openIdConnect 消息生成随机数”,每次身份验证尝试一次。
No Notification
达到钩子除了RedirectToIdentityProvider
,所以看起来没有收到授权码或安全令牌,但身份验证也没有失败。
我如何获得有关所发生情况的更多信息,以便调试我的问题?
这是代码:
public void Configuration(IAppBuilder app)
{
var clientSecret = "secret";
var authenticationOptions = new OpenIdConnectAuthenticationOptions
{
ClientId = "id",
ClientSecret = clientSecret,
Authority = "https://theauthority",
RedirectUri = "https://localhost/MyApp/",
};
authenticationOptions.ResponseType = OpenIdConnectResponseType.Code; // Authorization code
authenticationOptions.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientSecret));
authenticationOptions.TokenValidationParameters.RequireSignedTokens = true;
authenticationOptions.TokenValidationParameters.ValidAudience = "katanaclient";
authenticationOptions.SignInAsAuthenticationType = "Cookies";
authenticationOptions.Configuration = new OpenIdConnectConfiguration
{
Issuer = "https://theissuer",
AuthorizationEndpoint = "https://theendpoint",
TokenEndpoint = "https://theendpoint/api/v1/token",
UserInfoEndpoint = "https://theendpoint/api/v1/userinfo",
EndSessionEndpoint = "https://theendpoint/api/v1/logout",
ScopesSupported = { "openid", "profile"},
};
authenticationOptions.Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = async n =>
{
// here it goes
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
{
n.ProtocolMessage.EnableTelemetryParameters = false;
}
},
AuthorizationCodeReceived = async notification =>
{
// doesn't go through here
Debug.WriteLine($"{notification.Response.Body}");
},
SecurityTokenReceived = async notification =>
{
// doesn't go through here
Debug.WriteLine($"{notification.Response.Body}");
},
AuthenticationFailed = async notification =>
{
// doesn't go through here
Debug.WriteLine($"{notification.Response.Body}");
},
SecurityTokenValidated = async n =>
{
// doesn't go through here
Debug.WriteLine($"{n.Response.Body}");
},
MessageReceived = async notification =>
{
// doesn't go through here
Debug.WriteLine($"{notification.Response.Body}");
}
};
app.UseCookieAuthentication(new CookieAuthenticationOptions()
);
app.UseOpenIdConnectAuthentication(authenticationOptions);
Microsoft.IdentityModel.Logging.IdentityModelEventSource.Logger.LogLevel = EventLevel.Verbose;
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
var listener = new EventListener();
listener.EnableEvents(Microsoft.IdentityModel.Logging.IdentityModelEventSource.Logger, EventLevel.LogAlways);
listener.EventWritten += Listener_EventWritten; // Only thing this ever logs is "generating nonce"
}
[Edit]
我发现在 ASP.NET 中Core项目与GetClaimsFromUserInfoEndpoint = true
它工作完美。但令人遗憾的是,旧的财产已经消失了Microsoft.Owin.Security.OpenIdConnect
执行...