C# 异常:关联失败。C中Okta的未知位置#
因此,我正在构建一个ASP.NET Core 2.2应用程序,并尝试在该系统中实现Okta验证。 我已经看到“异常:关联失败”这个问题已经在许多留言板的许多线程上讨论过,我已经尝试过这些解决方案,我担心它们中并没有一个有效 我不知所措,需要有一个新的角度来看待它 因此,当我最初在代码中实现它时,我按照Okta it self的文档中所说的那样做了。 到现在为止,我添加了其他解决方案的一部分,所以它增长了一点 Startup.csC# 异常:关联失败。C中Okta的未知位置#,c#,okta,okta-api,C#,Okta,Okta Api,因此,我正在构建一个ASP.NET Core 2.2应用程序,并尝试在该系统中实现Okta验证。 我已经看到“异常:关联失败”这个问题已经在许多留言板的许多线程上讨论过,我已经尝试过这些解决方案,我担心它们中并没有一个有效 我不知所措,需要有一个新的角度来看待它 因此,当我最初在代码中实现它时,我按照Okta it self的文档中所说的那样做了。 到现在为止,我添加了其他解决方案的一部分,所以它增长了一点 Startup.cs public void ConfigureServices(ISe
public void ConfigureServices(IServiceCollection services)
{
// Some people had issues with this one being in here,
// but for me it "works" with and without
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
// here are some services.AddTransient and cors policies
services.Configure<OpenIdConnectOptions>(options =>
{
options.Events.OnRemoteFailure = RemoteAuthFail;
});
// Basicly here is where I added the boilerplate code made by okta.
// As I was looking into threads trying to solve the issue it grew into this
////////////////////////////////////
services.AddAuthentication(options =>
{
options.DefaultScheme = "somename";
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.MvcAuthenticationScheme;
})
.AddCookie(cookieAuthOptions =>
{
cookieAuthOptions.Cookie.Name = "chocolatechip";
cookieAuthOptions.AccessDeniedPath = "/error/accessdenied";
cookieAuthOptions.ExpireTimeSpan = new TimeSpan(0,2,0);
})
.AddOpenIdConnect("OpenIdConnect", option =>
{
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = redirectContext =>
{
if (Env.IsEnvironment("Debug"))
{
//Force scheme of redirect URI(THE IMPORTANT PART)
redirectContext.ProtocolMessage.RedirectUri = redirectContext.ProtocolMessage.RedirectUri.Replace("https://", "http://", StringComparison.OrdinalIgnoreCase);
}
return Task.FromResult(0);
}
};
option.ClientId = "SomeClientId";
option.ClientSecret = "SomeClientSecret";
option.CallbackPath = "TheCallbackPath";
option.Authority = "This is suppose to be some URI";
})
.AddOktaWebApi(new OktaWebApiOptions()
{
AuthorizationServerId = "anotherId",
OktaDomain = "TheDevDomain"
});
////////////////////////////////////
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddMvc(options => options.OutputFormatters.Add(new HtmlOutputFormatter()));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddLog4Net("log4net.config", false);
app.UseHttpStatusCodeExceptions();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors(CRSpecificOrigins);
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc();
}
public void配置服务(IServiceCollection服务)
{
//有些人对这个人在这里有意见,
//但对我来说,无论有无,它都“有效”
配置(选项=>
{
//此lambda确定给定请求是否需要非必要cookie的用户同意。
options.checkApprovered=context=>true;
options.MinimumSameSitePolicy=SameSiteMode.None;
});
//以下是一些services.AddTransient和cors策略
配置(选项=>
{
options.Events.OnRemoteFailure=RemoteAuthFail;
});
//基本上,我在这里添加了okta制作的样板代码。
//当我研究试图解决这个问题的线程时,它变成了这样
////////////////////////////////////
services.AddAuthentication(选项=>
{
options.DefaultScheme=“somename”;
options.DefaultAuthenticateScheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.defaultsignnscheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=OktaDefaults.MvcAuthenticationScheme;
})
.AddCookie(cookieAuthOptions=>
{
cookieAuthOptions.Cookie.Name=“巧克力芯片”;
cookieAuthOptions.AccessDeniedPath=“/error/accessdenied”;
cookieAuthOptions.ExpireTimeSpan=新时间跨度(0,2,0);
})
.AddOpenIdConnect(“OpenIdConnect”,选项=>
{
option.Events=新的OpenIdConnectEvents
{
OnRedirectToIdentityProvider=redirectContext=>
{
if(环境IsEnvironment(“调试”))
{
//重定向URI的强制方案(重要部分)
redirectContext.ProtocolMessage.RedirectUri=redirectContext.ProtocolMessage.RedirectUri.Replace(“https://”、“http://”、“StringComparison.OrdinalingOrecase”);
}
返回Task.FromResult(0);
}
};
option.ClientId=“SomeClientId”;
option.ClientSecret=“SomeClientSecret”;
option.CallbackPath=“调用路径”;
option.Authority=“假设这是某个URI”;
})
.AddOktaWebApi(新的OktaWebAPI选项()
{
AuthorizationServerId=“anotherId”,
Oktomain=“TheDevDomain”
});
////////////////////////////////////
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
AddMvc(options=>options.OutputFormatters.Add(新的htmloutformatter());
}
公共void配置(IApplicationBuilder应用程序、IHostingEnvironment环境、iLogger工厂)
{
loggerFactory.AddLog4Net(“log4net.config”,false);
app.UseHttpStatusCodeExceptions();
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
其他的
{
app.UseHsts();
}
应用程序UseCors(CRS);
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc();
}
我很快就遇到了同样的问题。我用下面的代码解决了这个问题。也许有帮助
在AddOpenIdConnect(“oidc或xxx”)的代码块中
如果使用.net core>2*
options.NonceCookie.SameSite = (SameSiteMode) (-1);
options.CorrelationCookie.SameSite = (SameSiteMode) (-1);
如果您使用.net>3*
options.NonceCookie.SameSite = SameSiteMode.Unspecified;
options.CorrelationCookie.SameSite = SameSiteMode.Unspecified;
请将这句话改写成一个更加自信的答案(即没有问题的答案)。您可以通过创建一个条件答案来实现这一点,即“如果您使用……那么解决方案是……否则解决方案是……”结构之一。要询问OPs环境,请使用您的评论权限。