目前,我在将 MVC 应用程序从 beta 3 迁移到 4 时遇到了多个问题 - 其中之一与 OpenIdConnect 到 Windows Azure 进行身份验证有关。当我转到具有授权属性的页面时,该页面会停止处理并位于空白页面,而不会显示 Azure 登录页面。我没有得到 YSOD - 只是空白屏幕。至于示例代码,我只能找到这些:https://github.com/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/OpenIdConnectSample/Startup.cs https://github.com/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/OpenIdConnectSample/Startup.cs
https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/vNext/samples/Mvc/Mvc.Client/Startup.cs https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/vNext/samples/Mvc/Mvc.Client/Startup.cs
如果我使用第二个示例,并且实际上在不同的控制器中使用 ChallengeResult,它确实会打开 Azure 登录页面,但会在 Azure 端返回错误请求 (400)。
这是我当前的代码:
public void ConfigureServices(IServiceCollection services)
{
// Cannot find services.AddAuthentication that is supposed to be in Microsoft.Framework.DependencyInjection
services.AddWebEncoders();
services.AddDataProtection();
services.Configure<ExternalAuthenticationOptions>(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationType;
});
// Add MVC services to the services container.
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory)
{
// Configure the OWIN Pipeline to use OpenID Connect Authentication
app.UseCookieAuthentication(options => {
options.AutomaticAuthentication = true;
});
app.UseOpenIdConnectAuthentication(options =>
{
options.ClientId = Constants.ClientId;
options.Authority = Constants.Authority;
options.PostLogoutRedirectUri = Constants.PostLogoutRedirectUri;
options.TokenValidationParameters.RoleClaimType = "roles";
options.Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = async (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(Constants.ClientId, Constants.AppKey);
AuthenticationContext authContext = new AuthenticationContext(Constants.Authority, false);
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(Constants.PostLogoutRedirectUri), credential, Constants.GraphUri);
ActiveDirectoryHelper.token = result.AccessToken;
}
};
});
// More MVC stuff such as routing and static files
}
附:有人对 MVC 6 有任何有用的资源吗?我一直在 GitHub 上搜索我的大部分 Beta 4 代码。
您遇到的问题与 Cookie 标头有关,如果您收到的 400 错误是,则超出了 HTTP.sys 的限制“HTTP 错误 400。请求标头的大小太长。”。 Azure AD cookie 标头可能超出了单个标头的限制。我有同样的问题,这是我的饼干:
ARRAffinity = 65 字节
.AspNet.Cookies = 9 字节
.AspNet.CookiesC1 = 4046 字节
.AspNet.CookiesC2 = 4046 字节
.AspNet.CookiesC3 = 4046 字节
.AspNet.CookiesC4 = 3850 字节
您可能会看到类似的图片。有几种解决方法:
如果您可以控制服务器,请申请这些注册表更改 https://support.microsoft.com/en-us/kb/2020943突破限制并重新启动服务器。
-
如果您无法控制服务器(例如 Azure Web Apps),则需要缩小 cookie 的大小。为此,您可以将 cookie 内容存储在 ASP.NET 5 会话上,而存储更小的会话 cookie。例子:
app.UseCookieAuthentication(options =>
{
options.AutomaticAuthentication = true;
options.SessionStore = new MemoryCacheSessionStore();
});
MemoryCacheSessionStore https://github.com/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/CookieSessionSample/MemoryCacheSessionStore.cs这是一个实现IAuthenticationSessionStore https://github.com/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs。您可以找到完整的示例here https://github.com/aspnet/Security/tree/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/CookieSessionSample在 ASP.NET 安全存储库上。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
