1

我正在使用 DotnetOpenAuth 示例中的以下示例代码(OpenIdProviderMvc 中的 OpenId 控制器)

public ActionResult ProcessAuthRequest() {
        if (ProviderEndpoint.PendingRequest == null) {
            return this.RedirectToAction("Index", "Home");
        }

        // Try responding immediately if possible.
        ActionResult response;
        if (this.AutoRespondIfPossible(out response)) {
            return response;
        }

        // We can't respond immediately with a positive result.  But if we still have to respond immediately...
        if (ProviderEndpoint.PendingRequest.Immediate) {
            // We can't stop to prompt the user -- we must just return a negative response.
            return this.SendAssertion();
        }

        return this.RedirectToAction("AskUser");
    }

private bool AutoRespondIfPossible(out ActionResult response)
    {
        if (ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverable(OpenIdProvider.Channel.WebRequestHandler) == RelyingPartyDiscoveryResult.Success
            && User.Identity.IsAuthenticated) {
                if (ProviderEndpoint.PendingAuthenticationRequest != null) {
                    if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity
                        || this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) {
                            ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
                            response = this.SendAssertion();
                            return true;
                    }
                }

                if (ProviderEndpoint.PendingAnonymousRequest != null) {
                    ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
                    response = this.SendAssertion();
                    return true;
                }
        }

        response = null;
        return false;
    }

但是,我不想问用户任何事情。我正在尝试设置一个 Web 应用程序门户,如果用户已登录(他是),该门户应自动对 RP 做出积极响应。然而AutoRespondIfPossible返回假,因为ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverable返回假,我不知道为什么。我应该在这里采取什么行动?

日志:

RP:http://pastebin.com/0EX2ZE1C EP: http: //pastebin.com/q5CPrWp6

以前的相关问题:

SSO - 未找到 OpenID 端点

OpenIdProvider.GetRequest() 返回 null

OpenID 领域是否必须是网站的基本 URL?

4

1 回答 1

1

IsReturnUrlDiscoverable执行 OpenID 所称的“RP Discovery”。无论如何,这很重要,但特别是如果您将自动登录用户,这对于安全性至关重要。它返回的事实false告诉您 RP 需要一些工作才能正确执行此操作。

这篇文解释了 RP 必须做什么才能通过“RP Discovery”测试。

于 2012-10-25T14:36:02.173 回答