Asp.net mvc 来自MVC应用重定向循环的Azure广告登录
我读过很多帖子,都是关于授权时的Cookies。然而,当我在登录后直接遇到重定向循环时,它会影响任何登录的客户端,而不仅仅是特定的PC机 我尽我所能尝试了一切,我可以发布我所做的一切,但我不认为这会成为一个cookie问题,如果它发生在所有用户身上。所以,在它工作的一瞬间,由于重定向循环,下一次没有人可以登录 从逻辑上讲,这一定与身份验证cookies有关,但它如何能同时影响每个人 这不是Azure中可能导致问题的东西吗?看来一定是这样 如果您有任何想法,我将不胜感激,因为我现在从我的客户那里收到了很多批评:( 这是我的startup.auth,如果有帮助的话Asp.net mvc 来自MVC应用重定向循环的Azure广告登录,asp.net-mvc,azure,azure-active-directory,owin,openid-connect,Asp.net Mvc,Azure,Azure Active Directory,Owin,Openid Connect,我读过很多帖子,都是关于授权时的Cookies。然而,当我在登录后直接遇到重定向循环时,它会影响任何登录的客户端,而不仅仅是特定的PC机 我尽我所能尝试了一切,我可以发布我所做的一切,但我不认为这会成为一个cookie问题,如果它发生在所有用户身上。所以,在它工作的一瞬间,由于重定向循环,下一次没有人可以登录 从逻辑上讲,这一定与身份验证cookies有关,但它如何能同时影响每个人 这不是Azure中可能导致问题的东西吗?看来一定是这样 如果您有任何想法,我将不胜感激,因为我现在从我的客户那里收
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
// Concatenate aadInstance, tenant to form authority value
private string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
// ConfigureAuth method
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions());
//Enable the application to use a cookie to store information for the signed in user
//and to use a cookie to temporarily store information about a user logging in with a third party login provider
//Configure the sign in cookie
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
// LoginPath = new PathString("/Account/Login"),
// Provider = new CookieAuthenticationProvider
// {
// // Enables the application to validate the security stamp when the user logs in.
// // This is a security feature which is used when you change a password or add an external login to your account.
// OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
// validateInterval: TimeSpan.FromMinutes(30),
// regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
// },
// CookieSecure = CookieSecureOption.Always
//});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "Local_Login",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
//CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true
});
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.OwinContext.Response.Redirect("/Account/Login");
return Task.FromResult(0);
}
}
});
} // end - ConfigureAuth method
private静态字符串clientId=ConfigurationManager.AppSettings[“ida:clientId”];
私有静态字符串tenant=ConfigurationManager.AppSettings[“ida:tenant”];
私有静态字符串aadInstance=ConfigurationManager.AppSettings[“ida:aadInstance”];
私有静态字符串redirectUri=ConfigurationManager.AppSettings[“ida:redirectUri”];
私有静态字符串postlogutredirecturi=ConfigurationManager.AppSettings[“ida:postlogutredirecturi”];
//连接aadInstance、租户以形成权限值
private string authority=string.Format(CultureInfo.InvariantCulture,aadInstance,tenant);
//配置身份验证方法
public void ConfigureAuth(IAppBuilder应用程序)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext(ApplicationUserManager.Create);
app.CreatePerOwinContext(ApplicationRoleManager.Create);
app.CreatePerOwinContext(ApplicationSignInManager.Create);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(新的CookieAuthenticationOptions());
//使应用程序能够使用cookie存储登录用户的信息
//以及使用cookie临时存储用户登录第三方登录提供商的信息
//配置登录cookie
//app.UseCookieAuthentication(新的CookieAuthenticationOptions
//{
//AuthenticationType=DefaultAuthenticationTypes.ApplicationOkie,
//LoginPath=新路径字符串(“/Account/Login”),
//Provider=新CookieAuthenticationProvider
// {
////允许应用程序在用户登录时验证安全戳。
////这是一种安全功能,在更改密码或向帐户添加外部登录时使用。
//OnValidateIdentity=SecurityStampValidator.OnValidateIdentity(
//validateInterval:TimeSpan.FromMinutes(30),
//regenerateIdentity:(管理器,用户)=>user.GenerateUserIdentityAsync(管理器))
// },
//CookieSecure=CookieSecureOption.始终
//});
app.UseCookieAuthentication(新的CookieAuthenticationOptions
{
CookieName=“本地\u登录”,
AuthenticationType=DefaultAuthenticationTypes.ApplicationOkie,
LoginPath=新路径字符串(“/Account/Login”),
Provider=新CookieAuthenticationProvider
{
//允许应用程序在用户登录时验证安全戳。
//这是一种安全功能,在您更改密码或向帐户添加外部登录时使用。
OnValidateIdentity=SecurityStampValidator.OnValidateIdentity(
validateInterval:TimeSpan.FromMinutes(30),
regenerateIdentity:(管理器,用户)=>user.GenerateUserIdentityAsync(管理器))
},
//CookieManager=新系统WebCookieManager(),
slidengexpiration=true
});
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(新的CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
新的OpenIdConnectAuthenticationOptions
{
ClientId=ClientId,
权威=权威,
RedirectUri=RedirectUri,
PostLogoutRedirectUri=PostLogoutRedirectUri,
通知=新的OpenIdConnectAuthenticationNotifications
{
身份验证失败=(上下文)=>
{
context.HandleResponse();
context.OwinContext.Response.Redirect(“/Account/Login”);
返回Task.FromResult(0);
}
}
});
}//end-ConfigureAuth方法
因此,经过许多小时和许多深夜,我终于找到了解决办法
因此,根据我的理解,“MVC”cookie(我认为是application.cookie)和Azure AD cookie(我认为是aspnet.cookie)由于microsoft内部的一个漏洞,彼此删除,该漏洞多年来一直没有修复。因此,发生的情况是,您已登录Azure AD,并且auth cookie表示您现在已通过身份验证,但在点击控制器时