C# ASP.NET核心MVC和Azure OAuth在Ingres之后进入无限登录循环
使用带有模板的简单ASP.NET核心MVC: 从cli:C# ASP.NET核心MVC和Azure OAuth在Ingres之后进入无限登录循环,c#,asp.net-mvc,oauth,kubernetes-ingress,C#,Asp.net Mvc,Oauth,Kubernetes Ingress,使用带有模板的简单ASP.NET核心MVC: 从cli: dotnet new mvc --auth SingleOrg --client-id ***** --tenant-id 3**** --domain ***.onmicrosoft.com 这将创建并构建模板,所有这些都可以在localhost上正常工作 当在入口后面构建和设置时,我在尝试登录时会得到一个无限循环 这是我的入口yaml: apiVersion: extensions/v1beta1 kind: Ingress me
dotnet new mvc --auth SingleOrg --client-id ***** --tenant-id 3**** --domain ***.onmicrosoft.com
这将创建并构建模板,所有这些都可以在localhost上正常工作
当在入口后面构建和设置时,我在尝试登录时会得到一个无限循环
这是我的入口yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
creationTimestamp: "2019-09-11T14:06:56Z"
generation: 3
name: secured-ingress
namespace: default
resourceVersion: "5022818"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/secured-ingress
uid: 69d948fa-d49d-11e9-ac98-3ab4552521b0
spec:
rules:
- host: authpr.westeurope.cloudapp.azure.com
http:
paths:
- backend:
serviceName: newad
servicePort: 80
path: /(.*)
tls:
- hosts:
- authpr.westeurope.cloudapp.azure.com
secretName: aks-authpr
status:
loadBalancer:
ingress:
- {}
当点击上面的url时,它会将我重定向到Azure AD,然后无限返回到登录
代码中缺少什么吗
我读了很多文章,似乎有很多问题
我试图实施:
经常使用startup.cs
文件,但总是得到相同的行为
无限循环
当我查看调试日志时,我总是看到:
dbug: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Execution plan of result filters (in the following order): Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.SaveTempDataFilter
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
这是我当前的startup.cs
文件:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
if (string.Equals(Environment.GetEnvironmentVariable("ASPNETCORE_FORWARDEDHEADERS_ENABLED"), "true", StringComparison.OrdinalIgnoreCase))
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor |
ForwardedHeaders.XForwardedProto;
// Only loopback proxies are allowed by default.
// Clear that restriction because forwarders are enabled by
// explicit configuration.
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
}
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// app.UseHsts();
}
app.Use((context, next) =>
{
context.Request.Scheme = "https";
return next();
});
app.UseForwardedHeaders();
// app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
// app.Use(async (context, next) =>
// {
// if (context.Request.IsHttps || context.Request.Headers["X-Forwarded-Proto"] == Uri.UriSchemeHttps)
// {
// await next();
// }
// else
// {
// string queryString = context.Request.QueryString.HasValue ? context.Request.QueryString.Value : string.Empty;
// var https = "https://" + context.Request.Host + context.Request.Path + queryString;
// context.Response.Redirect(https);
// }
// });
app.UseMvc(routes =>
{
routes.MapRoute(name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
services.AddAuthentication(AzureAddFaults.AuthenticationScheme)
.AddAzureAD(options=>Configuration.Bind(“AzureAd”,options));
services.AddMvc(选项=>
{
var policy=new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()文件
.Build();
options.Filters.Add(新的授权过滤器(策略));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
if(string.Equals(Environment.GetEnvironmentVariable(“ASPNETCORE_FORWARDEDHEADERS_ENABLED”),“true”,StringComparison.OrdinalIgnoreCase))
{
配置(选项=>
{
options.ForwardedHeaders=ForwardedHeaders.XForwardedFor |
ForwardedHeaders.XForwardedProto;
//默认情况下,只允许使用环回代理。
//清除该限制,因为转发器由启用
//显式配置。
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
}
}
//此方法由运行时调用。使用此方法配置HTTP请求管道。
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
其他的
{
app.UseExceptionHandler(“/Home/Error”);
//app.UseHsts();
}
应用程序使用((上下文,下一步)=>
{
context.Request.Scheme=“https”;
返回next();
});
app.UseForwardedHeaders();
//app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
//应用程序使用(异步(上下文,下一步)=>
// {
//if(context.Request.IsHttps | | context.Request.Headers[“X-Forwarded-Proto”]==Uri.UriSchemeHttps)
// {
//等待下一个();
// }
//否则
// {
//string queryString=context.Request.queryString.HasValue?context.Request.queryString.Value:string.Empty;
//var https=“https://”+context.Request.Host+context.Request.Path+queryString;
//context.Response.Redirect(https);
// }
// });
app.UseMvc(路由=>
{
routes.MapRoute(名称:“默认”,
模板:“{controller=Home}/{action=Index}/{id?}”);
});
}
成功身份验证后,预期行为应能够访问url,
可能是因为我在startup.cs文件中缺少一些配置,我在以下帮助下设法解决了这个问题: 第一个入口yaml应如下所示:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
creationTimestamp: 2019-09-11T14:06:56Z
generation: 4
name: secured-ingress
namespace: default
resourceVersion: "5177035"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/secured-ingress
uid: 69d948fa-d49d-11e9-ac98-3ab4552521b0
spec:
rules:
- host: authpr.westeurope.cloudapp.azure.com
http:
paths:
- backend:
serviceName: newad
servicePort: 80
path: /
tls:
- hosts:
- authpr.westeurope.cloudapp.azure.com
secretName: aks-authpr
status:
loadBalancer:
ingress:
- {}
然后在startup.cs中
您需要在生成的内容之上设置以下内容:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
//Outside dev, require HTTPS and use HSTS
app.UseHttpsRedirection();
app.UseHsts();
}
app.UseStaticFiles();
app.Use((context, next) =>
{
context.Request.Scheme = "https";
return next();
});
app.UseForwardedHeaders();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
}
我设法在以下人员的帮助下解决了这个问题: 第一个入口yaml应如下所示:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
creationTimestamp: 2019-09-11T14:06:56Z
generation: 4
name: secured-ingress
namespace: default
resourceVersion: "5177035"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/secured-ingress
uid: 69d948fa-d49d-11e9-ac98-3ab4552521b0
spec:
rules:
- host: authpr.westeurope.cloudapp.azure.com
http:
paths:
- backend:
serviceName: newad
servicePort: 80
path: /
tls:
- hosts:
- authpr.westeurope.cloudapp.azure.com
secretName: aks-authpr
status:
loadBalancer:
ingress:
- {}
然后在startup.cs中
您需要在生成的内容之上设置以下内容:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
//Outside dev, require HTTPS and use HSTS
app.UseHttpsRedirection();
app.UseHsts();
}
app.UseStaticFiles();
app.Use((context, next) =>
{
context.Request.Scheme = "https";
return next();
});
app.UseForwardedHeaders();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
}