我正在创建一个 ASP.NET Core 1.1 MVC 网站,对 Azure AD 进行 OpenID 身份验证。身份验证在我的开发机器上本地运行良好。但是,当我将它部署到服务器时,它会在登录到 Microsoft 登录重定向后引发错误。我在网上搜索了大约 2 天,发现了类似的问题,但没有完全像这样。我的本地开发盒是 windows 10,visual studio 2017。我部署到的服务器是 Server 2008R2,安装了 .net 核心服务器托管运行时。
以下是错误:ERROR 2017-07-27 10:38:05,667 [4] on.OpenIdConnect.OpenIdConnectMiddleware - 处理消息时发生异常。Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException:IDX10503:签名验证失败。错误 2017-07-27 10:38:05,680 [4] e.Diagnostics.ExceptionHandlerMiddleware - 发生未处理的异常:标头中的非 ASCII 或控制字符无效:0x000D System.InvalidOperationException:标头中的非 ASCII 或控制字符无效: Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(String headerCharacters) 在 Microsoft.AspNetCore.Server.Kestrel 的 Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ThrowInvalidHeaderCharacter(Char ch) 的 0x000D .Internal.Http.FrameHeaders。1.<HandleRemoteCallbackAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.d__5.MoveNext() --- 在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 的 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 处从先前引发异常的位置结束堆栈跟踪在 Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.d__15.MoveNext() --- 在 System.Runtime 的 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 中从先前引发异常的位置结束堆栈跟踪。 Microsoft.AspNetCore.Authentication.AuthenticationMiddleware 上的 CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext() --- 在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 的 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 处从先前引发异常的位置结束堆栈跟踪在 Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext() --- 在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 的 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 处从先前引发异常的位置结束堆栈跟踪在 Microsoft.AspNetCore.Session.SessionMiddleware.d__9.MoveNext() --- 从先前引发异常的位置结束堆栈跟踪--- 在 Microsoft.AspNetCore.Session 的 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()。 SessionMiddleware.d__9.MoveNext() --- 从先前引发异常的位置结束堆栈跟踪 --- 在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 的 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()在 Microsoft.AspNetCore.Diagnostics。ExceptionHandlerMiddleware.d__6.MoveNext()
我可能缺少一些用于在 IIS 7.5 上工作的 OpenID 令牌的模块或扩展?
令牌头:
{
"typ": "JWT",
"alg": "RS256",
"x5t": "VWVIc1WD1Tksbb301sasM5kOq5Q",
"kid": "VWVIc1WD1Tksbb301sasM5kOq5Q"
}
payload (edited):
{
"aud": "b0337ae2-2097-4dd3-be43-983fee4217bd",
"iss": "https://sts.windows.net/{i removed guid}/",
"iat": 1501263956,
"nbf": 1501263956,
"exp": 1501267856,
"aio": "Y2ZgYDD9/5YpiT9XXmCDXMn/EzzPGa3nMbxfudOgpnfDsZk7/QMA",
"amr": [
"pwd"
],
"c_hash": "02fpZ5B7FecFoRVdeJi6Qw",
"family_name": "mylastname",
"given_name": "Joe",
"ipaddr": "##.###.###.##",
"name": "Joe mylastname",
"nonce": "636368610551942171.ZTU5ZGZmZmQtZDgzNS00MTEyLWExZjAtNWI3MTA2NGJlN2RkYzY0OTdkZjctZTZkMy00OTk2LWIxNjgtZTlhMDkxNmY0MzFh",
"oid": "26945208-7b3f-45ed-9b40-f33b9d767071",
"platf": "3",
"roles": [
"Admin"
],
"sub": "y-sRfJAMdidDOedJeyr7kLhH8BCfkV_YCdyT1p2mOmk",
"tid": "{i removed guid}",
"unique_name": "jwashek@fastsolutions.com",
"upn": "jwashek@fastsolutions.com",
"ver": "1.0"
}
感谢您的帮助,乔