我今天进来发现没有人可以登录到我们使用 DotNetOpenAuth 和 Google Provider 的系统。这几个月来一直运行良好,并且在几周内没有对系统进行更新。我越来越:
ERROR DotNetOpenAuth.Messaging.Bindings - Provider reports signature verification failed.
这现在也发生在我的本地机器上,有谁知道 Google Provider 是否发生了变化?
完整的日志条目如下:
2013-04-19 10:45:32,692 (GMT+1) [41] DEBUG DotNetOpenAuth.Http - HTTP GET https://www.google.com/accounts/o8/id
2013-04-19 10:45:34,863 (GMT+1) [41] DEBUG DotNetOpenAuth.Yadis - An XRDS response was received from GET at user-supplied identifier.
2013-04-19 10:45:34,864 (GMT+1) [41] DEBUG DotNetOpenAuth.Yadis - Total services discovered in XRDS: 1
2013-04-19 10:45:34,864 (GMT+1) [41] DEBUG DotNetOpenAuth.Yadis - [{
ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
ProviderEndpoint: https://www.google.com/accounts/o8/ud
OpenID version: 2.0
Service Type URIs:
http://specs.openid.net/auth/2.0/server
http://openid.net/srv/ax/1.0
http://specs.openid.net/extensions/ui/1.0/mode/popup
http://specs.openid.net/extensions/ui/1.0/icon
http://specs.openid.net/extensions/pape/1.0
},]
2013-04-19 10:45:34,864 (GMT+1) [41] DEBUG DotNetOpenAuth.Yadis - Skipping HTML discovery because XRDS contained service endpoints.
2013-04-19 10:45:34,865 (GMT+1) [41] INFO DotNetOpenAuth.Yadis - Performing discovery on user-supplied identifier: https://www.google.com/accounts/o8/id
2013-04-19 10:45:34,865 (GMT+1) [41] DEBUG DotNetOpenAuth.Yadis - Filtering and sorting of endpoints did not affect the list.
2013-04-19 10:45:34,865 (GMT+1) [41] DEBUG DotNetOpenAuth.OpenId - Creating authentication request for user supplied Identifier: https://www.google.com/accounts/o8/id
2013-04-19 10:45:34,865 (GMT+1) [41] DEBUG DotNetOpenAuth.OpenId - Could not determine whether OP supported Sreg or AX. Using both extensions.
2013-04-19 10:45:34,866 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckIdRequest (2.0) message.
2013-04-19 10:45:34,866 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty applied to message.
2013-04-19 10:45:34,866 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2013-04-19 10:45:34,866 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2013-04-19 10:45:34,867 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2013-04-19 10:45:34,867 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - ReturnTo signed data:
dnoa.return_to_sig_handle: lD0z
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
ReturnUrl: /
2013-04-19 10:45:34,868 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement applied to message.
2013-04-19 10:45:34,868 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2013-04-19 10:45:34,868 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2013-04-19 10:45:34,868 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement did not apply to message.
2013-04-19 10:45:34,868 (GMT+1) [41] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckIdRequest (2.0) message for https://www.google.com/accounts/o8/ud:
openid.claimed_id: http://specs.openid.net/auth/2.0/identifier_select
openid.identity: http://specs.openid.net/auth/2.0/identifier_select
openid.assoc_handle: 1.AMlYA9UWwIc6XwY3cBNwCRCb96aKYV7c5ziaDzzlXemScowZoxyJRv1RWXCuoJSd4AEQj_w6m14sSA
openid.return_to: http://localhost:63854/Account/Logon?ReturnUrl=%2F&dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&dnoa.return_to_sig_handle=lD0z&dnoa.return_to_sig=HIgme5MYRRBZYU8nkKMW1fM9K6%2BQJreG0OPqatItleY%3D
openid.realm: http://localhost:63854/
openid.mode: checkid_setup
openid.ns: http://specs.openid.net/auth/2.0
openid.ns.sreg: http://openid.net/extensions/sreg/1.1
openid.sreg.required:
openid.sreg.optional: country
openid.ns.alias3: http://openid.net/srv/ax/1.0
openid.alias3.if_available: alias1,alias2
openid.alias3.mode: fetch_request
openid.alias3.type.alias1: http://axschema.org/contact/country/home
openid.alias3.count.alias1: 1
openid.alias3.type.alias2: http://schema.openid.net/contact/country/home
openid.alias3.count.alias2: 1
2013-04-19 10:45:34,868 (GMT+1) [41] DEBUG DotNetOpenAuth.Messaging.Channel - Sending message: CheckIdRequest
2013-04-19 10:45:34,869 (GMT+1) [41] DEBUG DotNetOpenAuth.Http - Redirecting to https://www.google.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=1.AMlYA9UWwIc6XwY3cBNwCRCb96aKYV7c5ziaDzzlXemScowZoxyJRv1RWXCuoJSd4AEQj_w6m14sSA&openid.return_to=http%3A%2F%2Flocalhost%3A63854%2FAccount%2FLogon%3FReturnUrl%3D%252F%26dnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid%26dnoa.return_to_sig_handle%3DlD0z%26dnoa.return_to_sig%3DHIgme5MYRRBZYU8nkKMW1fM9K6%252BQJreG0OPqatItleY%253D&openid.realm=http%3A%2F%2Flocalhost%3A63854%2F&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.required=&openid.sreg.optional=country&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.if_available=alias1%2Calias2&openid.alias3.mode=fetch_request&openid.alias3.type.alias1=http%3A%2F%2Faxschema.org%2Fcontact%2Fcountry%2Fhome&openid.alias3.count.alias1=1&openid.alias3.type.alias2=http%3A%2F%2Fschema.openid.net%2Fcontact%2Fcountry%2Fhome&openid.alias3.count.alias2=1
2013-04-19 10:46:19,674 (GMT+1) [16] WARN DotNetOpenAuth.OpenId - Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
2013-04-19 10:46:19,675 (GMT+1) [16] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://localhost:63854/Account/Logon?ReturnUrl=%2F&dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&dnoa.return_to_sig_handle=lD0z&dnoa.return_to_sig=HIgme5MYRRBZYU8nkKMW1fM9K6%2BQJreG0OPqatItleY%3D&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2013-04-19T09%3A46%3A01ZS6XpwR4ZQavZPg&openid.return_to=http%3A%2F%2Flocalhost%3A63854%2FAccount%2FLogon%3FReturnUrl%3D%252F%26dnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid%26dnoa.return_to_sig_handle%3DlD0z%26dnoa.return_to_sig%3DHIgme5MYRRBZYU8nkKMW1fM9K6%252BQJreG0OPqatItleY%253D&openid.assoc_handle=1.AMlYA9UWwIc6XwY3cBNwCRCb96aKYV7c5ziaDzzlXemScowZoxyJRv1RWXCuoJSd4AEQj_w6m14sSA&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=ZFvM0jP6No50OcWkMESKqtwO3s1Q5m8DmG3IW5RnpyQ%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk
2013-04-19 10:46:19,675 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://localhost:63854/Account/Logon?ReturnUrl=%2F&dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&dnoa.return_to_sig_handle=lD0z&dnoa.return_to_sig=HIgme5MYRRBZYU8nkKMW1fM9K6%2BQJreG0OPqatItleY%3D&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2013-04-19T09%3A46%3A01ZS6XpwR4ZQavZPg&openid.return_to=http%3A%2F%2Flocalhost%3A63854%2FAccount%2FLogon%3FReturnUrl%3D%252F%26dnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid%26dnoa.return_to_sig_handle%3DlD0z%26dnoa.return_to_sig%3DHIgme5MYRRBZYU8nkKMW1fM9K6%252BQJreG0OPqatItleY%253D&openid.assoc_handle=1.AMlYA9UWwIc6XwY3cBNwCRCb96aKYV7c5ziaDzzlXemScowZoxyJRv1RWXCuoJSd4AEQj_w6m14sSA&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=ZFvM0jP6No50OcWkMESKqtwO3s1Q5m8DmG3IW5RnpyQ%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk
2013-04-19 10:46:19,676 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse
2013-04-19 10:46:19,676 (GMT+1) [16] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (2.0) message:
openid.claimed_id: https://www.google.com/accounts/o8/id?id=AItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk
openid.identity: https://www.google.com/accounts/o8/id?id=AItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk
openid.sig: ZFvM0jP6No50OcWkMESKqtwO3s1Q5m8DmG3IW5RnpyQ=
openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.assoc_handle: 1.AMlYA9UWwIc6XwY3cBNwCRCb96aKYV7c5ziaDzzlXemScowZoxyJRv1RWXCuoJSd4AEQj_w6m14sSA
openid.op_endpoint: https://www.google.com/accounts/o8/ud
openid.return_to: http://localhost:63854/Account/Logon?ReturnUrl=%2F&dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&dnoa.return_to_sig_handle=lD0z&dnoa.return_to_sig=HIgme5MYRRBZYU8nkKMW1fM9K6%2BQJreG0OPqatItleY%3D
openid.response_nonce: 2013-04-19T09:46:01ZS6XpwR4ZQavZPg
openid.mode: id_res
openid.ns: http://specs.openid.net/auth/2.0
ReturnUrl: /
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
dnoa.return_to_sig_handle: lD0z
dnoa.return_to_sig: HIgme5MYRRBZYU8nkKMW1fM9K6+QJreG0OPqatItleY=
2013-04-19 10:46:19,676 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2013-04-19 10:46:19,676 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: ZFvM0jP6No50OcWkMESKqtwO3s1Q5m8DmG3IW5RnpyQ=
2013-04-19 10:46:19,676 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (2.0) message.
2013-04-19 10:46:19,676 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty did not apply to message.
2013-04-19 10:46:19,677 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2013-04-19 10:46:19,677 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2013-04-19 10:46:19,677 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2013-04-19 10:46:19,677 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement did not apply to message.
2013-04-19 10:46:19,677 (GMT+1) [16] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (2.0) message for https://www.google.com/accounts/o8/ud:
openid.return_to: http://localhost:63854/Account/Logon?ReturnUrl=%2F&dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&dnoa.return_to_sig_handle=lD0z&dnoa.return_to_sig=HIgme5MYRRBZYU8nkKMW1fM9K6%2BQJreG0OPqatItleY%3D
openid.mode: check_authentication
openid.ns: http://specs.openid.net/auth/2.0
openid.claimed_id: https://www.google.com/accounts/o8/id?id=AItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk
openid.identity: https://www.google.com/accounts/o8/id?id=AItOawkjhoACXLQwQ3fUFYWcX6-IIBdkkIl2cFk
openid.sig: ZFvM0jP6No50OcWkMESKqtwO3s1Q5m8DmG3IW5RnpyQ=
openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.assoc_handle: 1.AMlYA9UWwIc6XwY3cBNwCRCb96aKYV7c5ziaDzzlXemScowZoxyJRv1RWXCuoJSd4AEQj_w6m14sSA
openid.op_endpoint: https://www.google.com/accounts/o8/ud
openid.response_nonce: 2013-04-19T09:46:01ZS6XpwR4ZQavZPg
ReturnUrl: /
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
dnoa.return_to_sig_handle: lD0z
dnoa.return_to_sig: HIgme5MYRRBZYU8nkKMW1fM9K6+QJreG0OPqatItleY=
2013-04-19 10:46:19,677 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request.
2013-04-19 10:46:21,457 (GMT+1) [16] DEBUG DotNetOpenAuth.Http - HTTP POST https://www.google.com/accounts/o8/ud
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response.
2013-04-19 10:46:22,625 (GMT+1) [16] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (2.0) message:
is_valid: false
ns: http://specs.openid.net/auth/2.0
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement did not apply to message.
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty did not apply to message.
2013-04-19 10:46:22,625 (GMT+1) [16] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (2.0) message is:
is_valid: false
ns: http://specs.openid.net/auth/2.0
2013-04-19 10:46:22,625 (GMT+1) [16] ERROR DotNetOpenAuth.Messaging.Bindings - Provider reports signature verification failed.