使用 DNOA 库,我创建了一个 Provider,它对请求进行身份验证并发回用户信息(如电子邮件、名字等)。为了测试这一点,我创建了一个依赖方。该系统在我的本地主机上运行良好。当我将 Provider 放入我的服务器时,它运行良好,但突然间,我一直收到失败的响应。
查看响应 URL,我可以看到电子邮件,名字从提供商发回,但 RP 没有识别它并进入“失败”案例。我的本地主机上完全相同的代码可以正常工作。
这是一个示例响应 -
http://localhost:50952/Default.aspx?dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%2Fuser123&openid.claimed_id=http%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%2Fuser123&openid.identity=http%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%2Fuser123&openid.sig=1bCd7KJjvtBqEObuQccO9fIx9FMBDiz2zkl8FrIbguw%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2%2Calias3.type.alias3%2Calias3.value.alias3%2Calias3.type.alias4%2Calias3.value.alias4%2Calias3.type.alias5%2Calias3.value.alias5%2Calias3.type.alias6%2Calias3.value.alias6%2Calias3.type.alias7%2Calias3.value.alias7&openid.assoc_handle=Bw5H%21IAAAAHoxEw3Q_7vF6XVheBEr7uMn03oSJXmatbjAbWReLG7tQQAAAAGuW5aLeRJZRqnrlrT6CdzWGVtOEgD-4CuYOVcJZLopnig3xaAjzoJaVePTEhPigbL4dtWQqJzmSo7bgivW8815&openid.op_endpoint=http%3A%2F%2Fopenid.xyz.com%2Fserver.aspx&openid.return_to=http%3A%2F%2Flocalhost%3A50952%2FDefault.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.xyz.com%252Fuser.aspx%252Fuser123&openid.response_nonce=2013-07-27T23%3A46%3A49ZFINSwMcn&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=UserName&openid.alias3.value.aluser123&openid.alias3.type.alias2=FirstName&openid.alias3.value.alias2=N&openid.alias3.type.alias3=LastName&openid.alias3.value.alias3=Smith&openid.alias3.type.alias4=RemoteLogin&openid.alias3.value.alias4=1&openid.alias3.type.alias5=StaffType&openid.alias3.value.alias5=&openid.alias3.type.alias6=DEANumber&openid.alias3.value.alias6=&openid.alias3.type.alias7=StateNumber&openid.alias3.value.alias7=
您可以看到带有个人信息的字段存在!为什么 RP 仍然显示“失败”?
编辑:所以当 Provider 来自 LocalHost 时 RP 会得到正确的响应,但当 Provider 在服务器上时会失败。这里是 RP 与 Localhost 提供程序的即时窗口的值:
WebDev.WebServer40.exe Information: 0 : HTTP GET http://localhost:58242/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : An XRDS response was received from GET at user-supplied identifier.
WebDev.WebServer40.exe Information: 0 : Total services discovered in XRDS: 2
WebDev.WebServer40.exe Information: 0 : [{
ClaimedIdentifier: http://localhost:58242/user.aspx/user123
ProviderLocalIdentifier: http://localhost:58242/user.aspx/user123
ProviderEndpoint: http://localhost:58242/server.aspx
OpenID version: 2.0
Service Type URIs:
http://specs.openid.net/auth/2.0/signon
http://openid.net/extensions/sreg/1.1
}, {
ClaimedIdentifier: http://localhost:58242/user.aspx/user123
ProviderLocalIdentifier: http://localhost:58242/user.aspx/user123
ProviderEndpoint: http://localhost:58242/server.aspx
OpenID version: 1.0
Service Type URIs:
http://openid.net/signon/1.0
http://openid.net/extensions/sreg/1.1
},]
WebDev.WebServer40.exe Information: 0 : Skipping HTML discovery because XRDS contained service endpoints.
WebDev.WebServer40.exe Information: 0 : Received identity assertion for http://localhost:58242/user.aspx/user123 via http://localhost:58242/server.aspx.
这是服务器上提供者的 RP 即时窗口:
WebDev.WebServer40.exe Information: 0 : HTTP GET https://openid.xyz.com/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : An XRDS response was received from GET at user-supplied identifier.
WebDev.WebServer40.exe Information: 0 : Total services discovered in XRDS: 2
WebDev.WebServer40.exe Information: 0 : [{
ClaimedIdentifier: https://openid.xyz.com/user.aspx/user123
ProviderLocalIdentifier: https://openid.xyz.com/user.aspx/user123
ProviderEndpoint: https://openid.xyz.com/server.aspx
OpenID version: 2.0
Service Type URIs:
http://specs.openid.net/auth/2.0/signon
http://openid.net/extensions/sreg/1.1
}, {
ClaimedIdentifier: https://openid.xyz.com/user.aspx/user123
ProviderLocalIdentifier: https://openid.xyz.com/user.aspx/user123
ProviderEndpoint: https://openid.xyz.com/server.aspx
OpenID version: 1.0
Service Type URIs:
http://openid.net/signon/1.0
http://openid.net/extensions/sreg/1.1
},]
WebDev.WebServer40.exe Information: 0 : Skipping HTML discovery because XRDS contained service endpoints.
WebDev.WebServer40.exe Information: 0 : Performing discovery on user-supplied identifier: https://openid.xyz.com/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : Creating authentication request for user supplied Identifier: https://openid.xyz.com/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : Preparing to send CheckIdRequest (2.0) message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty applied to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Sending message: CheckIdRequest
WebDev.WebServer40.exe Information: 0 : Redirecting to https://openid.xyz.com/server.aspx?openid.claimed_id=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.identity=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.assoc_handle=woRX%21IAAAAI8Cn8mo2fHDzAFTyfYMZo7lsBbLcv5iKzliqwfmhxyjQQAAAAFNfXjeTdiwJif_mcgZSqkQOe1wQ79P1GaU1FZw1A4LonBK0rO2OjBpgr8uqCZ4VYYv2C9AJICbSDGN-z19OoqI&openid.return_to=http%3A%2F%2Flocalhost%3A50952%2FDefault.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.xyz.com%252Fuser.aspx%user123&openid.realm=http%3A%2F%2Flocalhost%3A50952%2F&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.if_available=alias1%2Calias2%2Calias3%2Calias4%2Calias5%2Calias6%2Calias7&openid.alias3.mode=fetch_request&openid.alias3.type.alias1=UserName&openid.alias3.count.alias1=1&openid.alias3.type.alias2=FirstName&openid.alias3.count.alias2=1&openid.al
ias3.type.alias3=LastName&openid.alias3.count.alias3=1&openid.alias3.type.alias4=RemoteLogin&openid.alias3.count.alias4=1&openid.alias3.type.alias5=DEANumber&openid.alias3.count.alias5=1&openid.alias3.type.alias6=StateNumber&openid.alias3.count.alias6=1&openid.alias3.type.alias7=StaffType&openid.alias3.count.alias7=1
A first chance exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll
An exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll but was not handled in user code
WebDev.WebServer40.exe Information: 0 : Incoming HTTP request: GET http://localhost:50952/Default.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.claimed_id=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.identity=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.sig=narSsDwDWz69GrdFNuz%2F57Gy%2BOO4%2BFDdNTIWM5BpJBE%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2%2Calias3.type.alias3%2Calias3.value.alias3%2Calias3.type.alias4%2Calias3.value.alias4%2Calias3.type.alias5%2Calias3.value.alias5%2Calias3.type.alias6%2Calias3.value.alias6%2Calias3.type.alias7%2Calias3.value.alias7&openid.assoc_handle=woRX%21IAAAAI8Cn8mo2fHDzAFTyfYMZo7lsBbLcv5iKzliqwfmhxyjQQAAAAFNfXjeTdiwJif_mcgZSqkQOe1wQ79P1GaU1FZw1A4LonBK0rO2OjBpgr8uqCZ4VYYv2C9AJICbSDGN-z19OoqI&openid.op_endpoint=https%3A
%2F%2Fopenid.xyz.com%2Fserver.aspx&openid.return_to=http%3A%2F%2Flocalhost%3A50952%2FDefault.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.xyz.com%252Fuser.aspx%user123&openid.response_nonce=2013-07-29T01%3A05%3A41ZNuPERYFm&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=UserName&openid.alias3.value.alias1=user123&openid.alias3.type.alias2=FirstName&openid.alias3.value.alias2=N&openid.alias3.type.alias3=LastName&openid.alias3.value.alias3=Smith&openid.alias3.type.alias4=RemoteLogin&openid.alias3.value.alias4=1&openid.alias3.type.alias5=StaffType&openid.alias3.value.alias5=&openid.alias3.type.alias6=DEANumber&openid.alias3.value.alias6=&openid.alias3.type.alias7=StateNumber&openid.alias3.value.alias7=
WebDev.WebServer40.exe Information: 0 : Incoming request received: PositiveAssertionResponse
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Verifying incoming PositiveAssertionResponse message signature of: narSsDwDWz69GrdFNuz/57Gy+OO4+FDdNTIWM5BpJBE=
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement applied to message.
A first chance exception of type 'DotNetOpenAuth.Messaging.ProtocolException' occurred in DotNetOpenAuth.DLL
我看到的区别是Received identity assertion
服务器提供商不存在的行。