问题描述
我正在将几个应用程序从 Identity 迁移到 IdentityServer4
有些是 .net core 3.1 并且像文档一样设置 https://identityserver4.readthedocs.io/en/latest/quickstarts/2_interactive_aspnetcore.html#creating-an-mvc-client
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc",options =>
{
options.Authority = "https://localhost:5001";
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.Savetokens = true;
});
有些是.net并使用Owin并像本文一样设置 https://www.scottbrady91.com/ASPNET/Refreshing-your-Legacy-ASPNET-IdentityServer-Client-Applications 在“带有 PKCE 的授权码 - 2020”部分
app.UseCookieAuthentication(new CookieAuthenticationoptions
{
AuthenticationType = "cookie"
});
app.USEOpenIdConnectAuthentication(new OpenIdConnectAuthenticationoptions
{
ClientId = "mvc.owin",Authority = "http://localhost:5000",RedirectUri = "http://localhost:5001/",Scope = "openid profile api1",SignInAsAuthenticationType = "cookie",RequireHttpsMetadata = false,UsetokenLifetime = false,RedeemCode = true,Savetokens = true,ClientSecret = "secret",ResponseType = "code",ResponseMode = "query",Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
{
// generate code verifier and code challenge
var codeVerifier = CryptoRandom.CreateUniqueId(32);
string codeChallenge;
using (var sha256 = SHA256.Create())
{
var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
codeChallenge = Base64Url.Encode(challengeBytes);
}
// set code_challenge parameter on authorization request
n.ProtocolMessage.SetParameter("code_challenge",codeChallenge);
n.ProtocolMessage.SetParameter("code_challenge_method","S256");
// remember code verifier in cookie (adapted from OWIN nonce cookie)
// see: https://github.com/scottbrady91/Blog-Example-Classes/blob/master/AspNetFrameworkPkce/ScottBrady91.BlogExampleCode.AspNetPkce/Startup.cs#L85
RememberCodeVerifier(n,codeVerifier);
}
return Task.CompletedTask;
},AuthorizationCodeReceived = n =>
{
// get code verifier from cookie
// see: https://github.com/scottbrady91/Blog-Example-Classes/blob/master/AspNetFrameworkPkce/ScottBrady91.BlogExampleCode.AspNetPkce/Startup.cs#L102
var codeVerifier = RetrieveCodeVerifier(n);
// attach code_verifier on token request
n.TokenEndpointRequest.SetParameter("code_verifier",codeVerifier);
return Task.CompletedTask;
}
}
});
所以 网络核心应用1 NetCoreApp2 NetowinApp1 NetowinApp2
如果我打开浏览器并启动 NetCoreApp1,它会要求我登录并且一切正常
如果我将 url 更改为指向 NetCoreApp2,它会意识到我已通过身份验证并立即启动
如果我更改 url 并启动 NetowinApp1,它会意识到我已通过身份验证并立即启动
如果我更改 url 并重新启动 NetCoreApp1,它会进入重定向循环
看来,如果 .NET Core Client 在 .NET Owin App Client 之后启动,它会进入一个循环,即使它们可以单独运行并且可以在相同类型的应用程序之后正常运行
有人知道发生了什么吗?我一直在尝试了解 cookie,我的预感是它与同一站点的限制有关,但我不知道如何深入了解它
谢谢
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)