4

我正在尝试让 SSO openid 与 dotnetopenauth 一起使用。

我有两个独立的项目,分别调试(都在本地主机上,但有两个不同的端口),一个作为提供者,一个作为依赖方。

依赖方正在运行localhost:1903。提供程序正在运行localhost:3314

依赖方代码:

    public ActionResult Authenticate()
    {
        UriBuilder returnToBuilder = new UriBuilder(Request.Url);
        returnToBuilder.Path = "/OpenId/";
        returnToBuilder.Query = null;
        returnToBuilder.Fragment = null;

        Uri returnTo = returnToBuilder.Uri;
        returnToBuilder.Path = "/";
        Realm realm = returnToBuilder.Uri;
        realm = "http://localhost:3314/OpenId/";
        returnTo = new Uri("http://localhost:3314/OpenId/");
        var response = openid.GetResponse();

        if (response == null) {
            if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {
            } else {
                string strIdentifier = "testidentifier";
                var request = openid.CreateRequest(
                    strIdentifier,
                    realm,
                    returnTo);

                var fetchRequest = new FetchRequest();
                request.AddExtension(fetchRequest);
                request.RedirectToProvider();
            }
        } else {
            switch (response.Status) {
                case AuthenticationStatus.Canceled:
                    //stuff got cancelled for some reason
                    break;
                case AuthenticationStatus.Failed:
                    //response.Exception.Message;
                    break;
                case AuthenticationStatus.Authenticated:
                    //a bunch of applying roles that i don't think we care about
                    break;
            }
        }

        return new EmptyResult();
    }

提供者代码:

    public ActionResult Index()
    {
        IAuthenticationRequest iR = (IAuthenticationRequest)Request;

        if (iR.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success) {
            iR.IsAuthenticated = false;
            return new EmptyResult();
        }

        if (iR.IsDirectedIdentity) {
            if (User.Identity.IsAuthenticated) {
                iR.LocalIdentifier = BuildIdentityUrl();
                iR.IsAuthenticated = true;
            } else {
                if (iR.Immediate || ImplicitAuth) {
                    iR.IsAuthenticated = false;
                } else {
                    if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
                        return RedirectToAction("Login", "User");
                    }
                }
            }
        } else {
            string userOwningOpenIdUrl = ExtractUserName(iR.LocalIdentifier);

            iR.IsAuthenticated = userOwningOpenIdUrl == User.Identity.Name;

            if (!iR.IsAuthenticated.Value && !ImplicitAuth && !iR.Immediate) {
                if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
                    return RedirectToAction("Login", "User");
                }
            }
        }

        if (iR.IsAuthenticated.Value) {
            var fetchRequest = iR.GetExtension<FetchRequest>();

            if (fetchRequest != null) {
                var fetchResponse = new FetchResponse();
                //roles and stuff

                iR.AddResponseExtension(fetchResponse);
            }
        }

        return new EmptyResult();
    }

在方法上运行依赖方代码时出现错误openid.CreateRequest。我在我的提供程序代码上启用了调试,它永远不会受到影响。

研究错误,我发现了很多关于代理问题的建议,但这对我来说不应该是一个问题,因为我只去本地主机。

也许这是相当明显的事情,但我不知道我做错了什么。

在此先感谢您的帮助!

编辑:仅供参考,我从 DotNetOpenAuth 示例中获得了此代码。

4

3 回答 3

2

好吧,我最终手动浏览了源代码,并在某种程度上找出了问题所在。

事实证明,dumdum 有点正确——我的第一个问题是它确实需要一个 URI 作为标识符,所以一旦我将标识符更改为http://localhost:3314/OpenId/(即使这本身无效),我就克服了那个异常。

第二个问题是我忘记将信息添加到 web.config - 所以localhost没有被列入白名单并CreateRequest在那里失败。

在我解决了这两个问题之后,我的提供程序代码得到了很好的解决——我在那里遇到了其他错误,但这是我想象的一个单独的问题。

网络配置:

<configSections>
  <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth">
    <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
    </sectionGroup>
</configSections>

<dotNetOpenAuth>
<openid>
  <relyingParty>
    <security requireSsl="false">
      <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
      <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
        <add endpoint="https://www.google.com/accounts/o8/ud" />
      </trustedProviders>-->
    </security>
    <behaviors>
      <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
           with OPs that use Attribute Exchange (in various formats). -->
      <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/>
      <!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth" />-->
    </behaviors>
    <!-- Uncomment the following to activate the sample custom store.  -->
    <!--<store type="OpenIdRelyingPartyWebForms.CustomStore, OpenIdRelyingPartyWebForms" />-->
  </relyingParty>
</openid>
<messaging>
  <untrustedWebRequest>
    <whitelistHosts>
      <!-- since this is a sample, and will often be used with localhost -->
      <add name="localhost"/>
    </whitelistHosts>
  </untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true"/>
</dotNetOpenAuth>
于 2012-09-20T13:27:32.847 回答
1

我不确定你是否和我有同样的问题,但是......对我来说,如果我输入类似“bob”的用户名,它会提示我输入 openid 后出现此错误。当我输入一个有效的开放 ID(例如 dumdum@yahoo.com)时,它就解决了这个问题。似乎需要对完全不可能的打开 id 的异常处理进行处理。

于 2012-09-17T18:49:19.147 回答
0

我最近遇到了同样的问题,结果发现问题不在我的应用程序中,而是在 openID 服务器端。当调用 openID 服务器时,它返回 500 - 内部服务器错误并且我的应用程序抛出了协议异常 - 没有在线找到 OpenID 端点openId.CreateRequest(Identifier.Parse(openIdServer))

我联系了 OpenID 服务器的管理员,他修复了内部服务器错误,一切正常(与错误一样)。

为什么 DotNetOpenAuth 会引发如此愚蠢的异常,这是一个问题......

于 2015-04-15T05:42:41.747 回答