我使用 IdentityServer4 登录用户。客户端和身份服务器在 .net core 2.2 上运行。
我有这些环境:
dev - 在 Visual Studio 中使用调试
localhost - 在我的计算机上使用 IIS
分期 - Azure
生产 - Azure
在每个环境中,身份服务器都作为单独的实例。
当我使用身份(dev)运行客户端(dev)时,它可以工作。
当我使用身份(dev)运行客户端(localhost / IIS)时,它不起作用。
当我使用身份(localhost/IIS)运行客户端(localhost/IIS)时,它可以工作。
当我使用身份(localhost/IIS)运行客户端(dev)时,它不起作用。
在 azure 上,它现在可以在 staging 和 prod 上工作。看起来身份服务器和客户端必须在同一用户下运行。
这是日志中的错误:
warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]
'.AspNetCore.Correlation.OpenIdConnect.oaZfttaJrS8SNFK1sUNQ6PBDZ_32jcnjc-kXY8Fk5Dk' cookie not found.
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[4]
Error from RemoteAuthentication: Correlation failed..
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Correlation failed.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
这是我的客户入门课程:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var logger = LogManager.GetLogger(Assembly.GetEntryAssembly(),
Assembly.GetExecutingAssembly().GetName().Name);
services.AddSingleton(logger);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
logger.Info($"authority set to {Configuration["AuthorityUrl"]}");
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.Authority = Configuration["AuthorityUrl"];
options.ClientId = Configuration["ClientId"];
options.ClientSecret = Configuration["ClientSecret"];
options.SaveTokens = true;
options.TokenValidationParameters.NameClaimType = "name";
options.RequireHttpsMetadata = false;
});
IdentityModelEventSource.ShowPII = true;
services.AddMvc();
services.AddLocalization(options => options.ResourcesPath = "Translations");
services.AddMvc()
.AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
.AddDataAnnotationsLocalization();
services.Configure<RequestLocalizationOptions>(options =>
{
var supportedCultures = new List<CultureInfo>
{
new CultureInfo("en-US"),
new CultureInfo("sk")
};
options.DefaultRequestCulture = new RequestCulture("sk");
options.SupportedCultures = supportedCultures;
options.SupportedUICultures = supportedCultures;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var log4NetFile = Configuration["log4netConfigFile"];
loggerFactory.AddLog4Net(log4NetFile);
if (!env.IsProduction())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
}
var supportedCultures = new[]
{
//new CultureInfo("en-US"),
new CultureInfo("sk"),
};
app.UseRequestLocalization(new RequestLocalizationOptions
{
DefaultRequestCulture = new RequestCulture("sk"),
// Formatting numbers, dates, etc.
SupportedCultures = supportedCultures,
// UI strings that we have localized.
SupportedUICultures = supportedCultures
});
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
//app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
app.UseRequestLocalization();
}
}
编辑: 我忘了提到我在 Azure 的 Linux 环境中运行 Identity Server。我认为问题出在证书上。你知道我该如何验证吗?我正在从文件中加载证书。
编辑 2
这段代码解决了我的问题。我不确定安全性,所以我不会将其标记为答案。就像现在的修补程序一样。
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});