来自RemoteAuthentication的错误：OpenIdConnectAuthenticationHandler：message.State为null或为空 ..即使成功获取代码，id_token和令牌后，也是如此。

我正在将Razor页面与.netcore一起使用，并且已在startup.cs中注册了所需的中间件，您将在下面找到它。

配置服务功能

        public void ConfigureServices(IServiceCollection services)
        {
            RegisterRazorPages(services);

            RegisterCoreServices(services);

            RegisterDataServices(services);

            RegisterVersioningServices(services);

            RegisterAntiforegery(services);
        }

        private void RegisterCoreServices(IServiceCollection services)
        {
            services.AddSingleton(Configuration);

            services.AddControllers(opts =>
            {
                opts.ModelBinderProviders.Insert(0,new DateTimeModelBinderProvider());
                opts.RequireHttpsPermanent = true;
            })
                .AddNewtonsoftJson(opts =>
                {
                    opts.SerializerSettings.DateFormatString = "yyyyMMdd";
                    opts.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Utc;
                });


            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            // Add authentication services
            services.AddAuthentication(options => {
                //options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme;
                //options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,options =>
            {
                options.Cookie.SameSite = SameSiteMode.None;
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                options.Cookie.IsEssential = true;
            })
            .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme,options => {
                //options.SignInScheme = "Cookies";
                // Set the authority to your Auth0 domain   
                options.Authority = $"https://{Configuration["OpenIdConnect:Domain"]}";
                options.RequireHttpsMetadata = true;
                options.MetadataAddress = $"https://{Configuration["OpenIdConnect:Domain"]}/.well-known/openid-configuration";
                options.UseTokenLifetime = true;
               
                // Configure the Auth0 Client ID and Client Secret
                options.ClientId = Configuration["OpenIdConnect:ClientId"];
                options.ClientSecret = Configuration["OpenIdConnect:ClientSecret"];
                // Set response type to code
                options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
                options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.UsePkce = true;
                // Configure the scope
                options.Scope.Clear();
                options.Scope.Add("openid");
                //options.Scope.Add("profile");
                options.Scope.Add("siam");

                options.SecurityTokenValidator = new JwtSecurityTokenHandler
                {
                    // Disable the built-in JWT claims mapping feature.
                    InboundClaimTypeMap = new Dictionary<string,string>()
                };

                options.TokenValidationParameters.NameClaimType = "name";
                options.TokenValidationParameters.RoleClaimType = "role";

                // Set the callback path,so Auth0 will call back to http://localhost:3000/callback
                // Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
                options.CallbackPath = new PathString("/Default");
                // Configure the Claims Issuer to be Auth0
                options.ClaimsIssuer = OpenIdConnectDefaults.AuthenticationScheme;

                options.SaveTokens = true;

                options.Events = new OpenIdConnectEvents
                {
                    OnRedirectToIdentityProvider = context =>
                    {
                        context.ProtocolMessage.SetParameter("audience","http://localhost:3000/");

                        return Task.FromResult(0);
                    },// handle the logout redirection 
                    OnRedirectToIdentityProviderForSignOut = (context) =>
                    {
                        var logoutUri = $"https://{Configuration["Siam:Domain"]}/v2/logout?client_id={Configuration["Siam:ClientId"]}";

                        var postLogoutUri = context.Properties.RedirectUri;
                        if (!string.IsNullOrEmpty(postLogoutUri))
                        {
                            if (postLogoutUri.StartsWith("/"))
                            {
                                // transform to absolute
                                var request = context.Request;
                                postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                            }
                            logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
                        }

                        context.Response.Redirect(logoutUri);
                        context.HandleResponse();

                        return Task.CompletedTask;
                    }
                };
            });

            services.AddAuthorization();
            services.AddHttpClient();

            services.AddHealthChecks()
                .AddCheck<AuthEndpointCheck>("auth_endpoint_check")
                .AddCheck<DbHealthCheck>("db_health_check");
        }

配置功能

 public void Configure(IApplicationBuilder app,IWebHostEnvironment env,IApiVersionDescriptionProvider apiVersionDescriptionProvider)
        {
            app.UseForwardedHeaders(new ForwardedHeadersOptions
            {
                RequireHeaderSymmetry = false,ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
            });
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseErrorHandlingMiddleware();
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();
            //app.UseCookiePolicy(new CookiePolicyOptions()
            //{
            //    HttpOnly = HttpOnlyPolicy.Always,//    Secure = CookieSecurePolicy.Always,//    MinimumSameSitePolicy = SameSiteMode.Strict
            //});
            app.UseRouting();

            

            // keep both between UseRouting() and UseEndpoints()
            app.UseAuthentication();
            app.UseAuthorization();


            app.UseHttpMetrics(options =>
            {
                options.RequestDuration.Histogram = Metrics.CreateHistogram("CCR_http_request_duration_seconds",string.Empty,new HistogramConfiguration
                    {
                        Buckets = Histogram.LinearBuckets(
                            start: Convert.ToDouble(Configuration["Prometheus:Start"]),width: Convert.ToDouble(Configuration["Prometheus:Width"]),count: Convert.ToInt32(Configuration["Prometheus:Count"])),LabelNames = new[] { "code","method" }
                    });
            });

            app.UseMetricServer();
            app.UseSitHealthChecks();

            app.UseSwagger();
            app.UseSwaggerUI(opts =>
            {
                // build a swagger endpoint for each discovered API version
                foreach (var description in apiVersionDescriptionProvider.ApiVersionDescriptions)
                {
                    opts.SwaggerEndpoint($"/swagger/{description.GroupName}/swagger.json",description.GroupName.ToUpperInvariant());
                }

                opts.RoutePrefix = string.Empty;
            });

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers().RequireAuthorization();
                endpoints.MapHealthChecks("/hc",new HealthCheckOptions() { }).RequireAuthorization();
                endpoints.MapMetrics().RequireAuthorization();
                endpoints.MapRazorPages();
            });

            IdentityModelEventSource.ShowPII = true;
        }

问题描述 在startup.cs文件中，我已将回调URL设置为受保护的主页。声明应用程序后，它将对oauth进行挑战，这是indexPage的质询代码。完成此挑战后，该页面应重定向到默认页面，该页面是应用程序的主页，并受到保护。

public async Task OnGetAsync()
        {
            if (User.Identity.IsAuthenticated)
            {
                string accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);

                // if you need to check the Access Token expiration time,use this value
                // provided on the authorization response and stored.
                // do not attempt to inspect/decode the access token
                DateTime accessTokenExpiresAt = DateTime.Parse(
                    await HttpContext.GetTokenAsync("expires_at"),CultureInfo.InvariantCulture,DateTimeStyles.RoundtripKind);

                string idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);
            }
            else
            {
                string accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
                string returnUrl = "/Default";
                await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme,new AuthenticationProperties() { RedirectUri = returnUrl });
                //Challenge(OpenIdConnectDefaults.AuthenticationScheme);
            }
        }

，并在响应中从浏览器中生成了以下输出。

在第4次通话中，我得到了id_token，令牌和代码作为响应，并且在该应用重定向到第5次通话中提到的/ Default路由之后，在第6次通话中又出现了一些我不理解的重定向occus。

在第6个通话中，我失去了所有参数，并且我不再有cookie。然后，日志显示以下异常。

2020-08-17 14:38:11.337 +02:00 [INF] Error from RemoteAuthentication: OpenIdConnectAuthenticationHandler: message.State is null or empty..
2020-08-17 14:38:11.381 +02:00 [ERR] An error was encountered while handling the remote login.
System.Exception: An error was encountered while handling the remote login.
 ---> System.Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty.
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at SIT.WebApi.Infrastructure.Middleware.ErrorHandlingMiddleware.Invoke(HttpContext context)
2020-08-17 14:38:11.397 +02:00 [INF] Request finished in 62.128ms 500 application/json

问题

1. 为什么我的服务器自动运行时，我需要提供 callback 网址
   在点击
   后重定向和验证用户 授权端点。服务器正在使用kerberos Windows
   身份验证。
2. startup.cs中的回调 url和索引页中的 redirect url有什么区别。
3. 如果我没有提到回调URL，默认情况下，我的应用将重定向到 / signin-oidc 路由，为什么？
4. 我应该如何克服这个错误？
5. 获取令牌，代码和id_token等后，如何将用户信息存储到HttpContext.User中。

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）