问题描述
我有一个托管在本地 IIS 中的网站,女巫被配置为身份服务器 4 中的客户端,我的问题是我在尝试使用身份服务器 4 登录时收到此消息 The length of the query string for this query is greater than the configured maxQueryStringLength value.
。>
知道我在 web.config 中改变了这个属性,把它调到最大。
<requestFiltering>
<requestLimits maxQueryString="4294967295" />
</requestFiltering>
这是我网站启动时的代码:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
// app.Use<SawtoothOpenIdConnectAuthenticationHandler>();
app.UseSawtoothOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "Website.UI",Authority = "https://localhost:5001",RedirectUri = "https://localhost/MyWebsite.Test",ResponseType = "code",Scope = "openid profile offline_access api",UseTokenLifetime = false,SignInAsAuthenticationType = "Cookies",RequireHttpsMetadata = false,RedeemCode = true,SaveTokens = true,ResponseMode = "query",Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = context =>
{
if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
{
var state = context.ProtocolMessage.State;
// set PKCE parameters
var codeVerifier = CryptoRandom.CreateUniqueId(8);
string codeChallenge;
using (var sha256 = SHA256.Create())
{
var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
codeChallenge = Base64Url.Encode(challengeBytes);
}
context.ProtocolMessage.SetParameter("code_challenge",codeChallenge);
context.ProtocolMessage.SetParameter("code_challenge_method","S256");
// remember code_verifier (adapted from OWIN nonce cookie)
RememberCodeVerifier(context,codeVerifier);
}
if (!string.IsNullOrEmpty(context.ProtocolMessage.State) ||
context.ProtocolMessage.State.StartsWith("OpenIdConnect.AuthenticationProperties="))
{
var authenticationPropertiesString = context.ProtocolMessage.State.Split('=')[1];
AuthenticationProperties authenticationProperties = context.Options.StateDataFormat.Unprotect(authenticationPropertiesString);
return Task.FromResult(authenticationProperties.RedirectUri);
}
return Task.Delay(0);
},AuthorizationCodeReceived = context =>
{
// get code_verifier
var codeVerifier = RetrieveCodeVerifier(context);
// attach code_verifier
context.TokenEndpointRequest.SetParameter("code_verifier",codeVerifier);
return Task.Delay(0);
}
}
});
}
}
这里是身份服务器端的代码:
"Clients": [{
"ClientId": "Website.UI","RequireConsent": false,"AllowedGrantTypes": [ "authorization_code" ],"RequirePkce": true,"RequireClientSecret": false,"RedirectUris": [ "https://localhost/MyWebsite.Test"],"AllowedScopes": [ "openid","profile","api" ],"AllowOfflineAccess": true,"AllowedCorsOrigins": ["https://localhost:44300"]
}}
当我调查时,我发现在下面执行了 3 次
RedirectToIdentityProvider = context =>
{..}
这使得“State": "OpenIdConnect.AuthenticationProperties=
”太大
解决方法
当您有此设置时:
ResponseMode = "查询",
那么查询字符串就会很大。一种选择是使用 ResponseMode ="form_post" 来避免出现此错误。