Azure Identity Server 4重定向流关联失败
我使用IdentityServer4登录用户。客户端和身份服务器在.net core 2.2上运行 我有这些环境: 开发人员-在VisualStudio中使用去bug 本地主机-在我的计算机上使用IIS 登台-Azure 生产-Azure 在每个环境上,都将identity server作为单独的实例 当我运行客户端(dev)时, 具有身份(dev), 它起作用了 当我运行客户端(localhost/IIS)时, 具有身份(dev), 它不起作用 当我运行客户端(localhost/IIS)时, 具有标识(本地主机/IIS), 它起作用了 当我运行客户端(dev)时, 具有标识(本地主机/IIS), 它不起作用 在azure上,它现在可以在登台和产品上工作。 看起来Identity server和客户端必须在同一用户下运行 以下是日志中的错误:Azure Identity Server 4重定向流关联失败,azure,asp.net-core,.net-core,identityserver4,azure-linux,Azure,Asp.net Core,.net Core,Identityserver4,Azure Linux,我使用IdentityServer4登录用户。客户端和身份服务器在.net core 2.2上运行 我有这些环境: 开发人员-在VisualStudio中使用去bug 本地主机-在我的计算机上使用IIS 登台-Azure 生产-Azure 在每个环境上,都将identity server作为单独的实例 当我运行客户端(dev)时, 具有身份(dev), 它起作用了 当我运行客户端(localhost/IIS)时, 具有身份(dev), 它不起作用 当我运行客户端(localhost/IIS)时,
warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]
'.AspNetCore.Correlation.OpenIdConnect.oaZfttaJrS8SNFK1sUNQ6PBDZ_32jcnjc-kXY8Fk5Dk' cookie not found.
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[4]
Error from RemoteAuthentication: Correlation failed..
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Correlation failed.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
以下是我的客户启动课程:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var logger = LogManager.GetLogger(Assembly.GetEntryAssembly(),
Assembly.GetExecutingAssembly().GetName().Name);
services.AddSingleton(logger);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
logger.Info($"authority set to {Configuration["AuthorityUrl"]}");
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.Authority = Configuration["AuthorityUrl"];
options.ClientId = Configuration["ClientId"];
options.ClientSecret = Configuration["ClientSecret"];
options.SaveTokens = true;
options.TokenValidationParameters.NameClaimType = "name";
options.RequireHttpsMetadata = false;
});
IdentityModelEventSource.ShowPII = true;
services.AddMvc();
services.AddLocalization(options => options.ResourcesPath = "Translations");
services.AddMvc()
.AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix)
.AddDataAnnotationsLocalization();
services.Configure<RequestLocalizationOptions>(options =>
{
var supportedCultures = new List<CultureInfo>
{
new CultureInfo("en-US"),
new CultureInfo("sk")
};
options.DefaultRequestCulture = new RequestCulture("sk");
options.SupportedCultures = supportedCultures;
options.SupportedUICultures = supportedCultures;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var log4NetFile = Configuration["log4netConfigFile"];
loggerFactory.AddLog4Net(log4NetFile);
if (!env.IsProduction())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
}
var supportedCultures = new[]
{
//new CultureInfo("en-US"),
new CultureInfo("sk"),
};
app.UseRequestLocalization(new RequestLocalizationOptions
{
DefaultRequestCulture = new RequestCulture("sk"),
// Formatting numbers, dates, etc.
SupportedCultures = supportedCultures,
// UI strings that we have localized.
SupportedUICultures = supportedCultures
});
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
//app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
app.UseRequestLocalization();
}
}
公共类启动
{
公共启动(IConfiguration配置)
{
配置=配置;
}
公共IConfiguration配置{get;}
//此方法由运行时调用。请使用此方法将服务添加到容器中。
public void配置服务(IServiceCollection服务)
{
var logger=LogManager.GetLogger(Assembly.GetEntryAssembly(),
Assembly.getExecutionGassembly().GetName().Name);
服务。AddSingleton(记录器);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Info($”权限设置为{Configuration[“AuthorityUrl”]}”);
services.AddAuthentication(选项=>
{
options.DefaultScheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=OpenIdConnectDefaults.AuthenticationScheme;
options.defaultsignnscheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme=CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(选项=>{
options.Authority=Configuration[“AuthorityUrl”];
options.ClientId=配置[“ClientId”];
options.ClientSecret=配置[“ClientSecret”];
options.SaveTokens=true;
options.TokenValidationParameters.NameClaimType=“name”;
options.RequireHttpsMetadata=false;
});
IdentityModelEventSource.ShowPII=true;
services.AddMvc();
services.AddLocalization(options=>options.ResourcesPath=“Translations”);
services.AddMvc()
.AddViewLocalization(LanguageViewLocationExpanderFormat.后缀)
.AddDataAnnotationsLocalization();
配置(选项=>
{
var supportedCultures=新列表
{
新文化信息(“美国”),
新文化信息(“sk”)
};
options.DefaultRequestCulture=新的RequestCulture(“sk”);
options.SupportedCultures=SupportedCultures;
options.supportedCultures=supportedCultures;
});
}
//此方法由运行时调用。请使用此方法配置HTTP请求管道。
公共void配置(IApplicationBuilder应用程序、IHostingEnvironment环境、iLogger工厂)
{
var log4NetFile=Configuration[“log4netConfigFile”];
AddLog4Net(log4NetFile);
如果(!env.IsProduction())
{
app.UseDeveloperExceptionPage();
}
其他的
{
app.UseExceptionHandler(“/Home/Error”);
//默认的HSTS值为30天。您可能希望在生产场景中更改此值,请参阅https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
}
var supportedCultures=new[]
{
//新文化信息(“美国”),
新文化资讯(“sk”),
};
app.UseRequestLocalization(新的RequestLocalizationOptions
{
DefaultRequestCulture=新的RequestCulture(“sk”),
//格式化数字、日期等。
SupportedCultures=SupportedCultures,
//我们已经本地化的UI字符串。
支持的教育=支持的文化
});
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
//app.UseHttpsRedirection();
app.UseMvc(路由=>
{
routes.MapRoute(
名称:“默认”,
模板:“{controller=Home}/{action=Index}/{id?}”);
});
app.UseRequestLocalization();
}
}
编辑:
我忘了提到我在Azure的Linux环境中运行Identity Server。
我认为问题在于证书。你知道我该怎么核实吗?我正在从文件加载证书
编辑2
这个代码解决了我的问题。我不确定安全性,所以我不会把它标记为答案。就像现在的热修复程序一样
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure(选项=>
{
//此lambda确定给定请求是否需要非必要cookie的用户同意。
options.checkApprovered=context=>true;
options.MinimumSameSitePolicy=SameSiteMode.None;
});