带有 .NET MVC 4.8 的 Identity Server 4，此查询的查询字符串长度大于配置的 maxQueryStringLength 值错误

问题描述

我有一个托管在本地 IIS 中的网站，女巫被配置为身份服务器 4 中的客户端，我的问题是我在尝试使用身份服务器 4 登录时收到此消息 The length of the query string for this query is greater than the configured maxQueryStringLength value.。>

知道我在 web.config 中改变了这个属性，把它调到最大。

<requestFiltering>
    <requestLimits maxQueryString="4294967295"  />
</requestFiltering>

这是我网站启动时的代码：

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });

        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

        // app.Use<SawtoothOpenIdConnectAuthenticationHandler>();
        app.UseSawtoothOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ClientId = "Website.UI",Authority = "https://localhost:5001",RedirectUri = "https://localhost/MyWebsite.Test",ResponseType = "code",Scope = "openid profile offline_access api",UseTokenLifetime = false,SignInAsAuthenticationType = "Cookies",RequireHttpsMetadata = false,RedeemCode = true,SaveTokens = true,ResponseMode = "query",Notifications = new OpenIdConnectAuthenticationNotifications
            {
                RedirectToIdentityProvider = context =>
                {
                    if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication)
                    {
                        var state = context.ProtocolMessage.State;

                        // set PKCE parameters
                        var codeVerifier = CryptoRandom.CreateUniqueId(8);

                        string codeChallenge;
                        using (var sha256 = SHA256.Create())
                        {
                            var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
                            codeChallenge = Base64Url.Encode(challengeBytes);
                        }
                                context.ProtocolMessage.SetParameter("code_challenge",codeChallenge);
                            context.ProtocolMessage.SetParameter("code_challenge_method","S256");

                        // remember code_verifier (adapted from OWIN nonce cookie)
                        RememberCodeVerifier(context,codeVerifier);
                    }
                    if (!string.IsNullOrEmpty(context.ProtocolMessage.State) ||
                               context.ProtocolMessage.State.StartsWith("OpenIdConnect.AuthenticationProperties="))
                    {
                        var authenticationPropertiesString = context.ProtocolMessage.State.Split('=')[1];

                        AuthenticationProperties authenticationProperties = context.Options.StateDataFormat.Unprotect(authenticationPropertiesString);

                        return Task.FromResult(authenticationProperties.RedirectUri);
                    }
                    return Task.Delay(0);
                },AuthorizationCodeReceived = context =>
                {
                    // get code_verifier
                    var codeVerifier = RetrieveCodeVerifier(context);

                    // attach code_verifier
                    context.TokenEndpointRequest.SetParameter("code_verifier",codeVerifier);

                    return Task.Delay(0);
                }
            }
        });
    }
}

这里是身份服务器端的代码：

 "Clients": [{
        "ClientId": "Website.UI","RequireConsent": false,"AllowedGrantTypes": [ "authorization_code" ],"RequirePkce": true,"RequireClientSecret": false,"RedirectUris": [ "https://localhost/MyWebsite.Test"],"AllowedScopes": [ "openid","profile","api" ],"AllowOfflineAccess": true,"AllowedCorsOrigins": ["https://localhost:44300"]
      }}

当我调查时，我发现在下面执行了 3 次

RedirectToIdentityProvider = context =>
                        {..}

这使得“State": "OpenIdConnect.AuthenticationProperties=”太大

解决方法

当您有此设置时：

ResponseMode = "查询",

那么查询字符串就会很大。一种选择是使用 ResponseMode ="form_post" 来避免出现此错误。

asp.net-mvc identityserver4 owin owin-middleware

带有 .NET MVC 4.8 的 Identity Server 4，此查询的查询字符串长度大于配置的 maxQueryStringLength 值错误

问题描述

解决方法

相关问答