C# SSO-未找到OpenID终结点
我正在尝试让SSO openid与dotnetopenauth一起工作 我有两个独立的项目,分别进行调试(都在localhost上,但有两个不同的端口),一个作为提供者,另一个作为依赖方 依赖方正在C# SSO-未找到OpenID终结点,c#,asp.net-mvc,openid,single-sign-on,dotnetopenauth,C#,Asp.net Mvc,Openid,Single Sign On,Dotnetopenauth,我正在尝试让SSO openid与dotnetopenauth一起工作 我有两个独立的项目,分别进行调试(都在localhost上,但有两个不同的端口),一个作为提供者,另一个作为依赖方 依赖方正在localhost:1903上运行。 提供程序正在localhost:3314上运行 依赖方代码: public ActionResult Authenticate() { UriBuilder returnToBuilder = new UriBuilder(Requ
localhost:1903
上运行。
提供程序正在localhost:3314
上运行
依赖方代码:
public ActionResult Authenticate()
{
UriBuilder returnToBuilder = new UriBuilder(Request.Url);
returnToBuilder.Path = "/OpenId/";
returnToBuilder.Query = null;
returnToBuilder.Fragment = null;
Uri returnTo = returnToBuilder.Uri;
returnToBuilder.Path = "/";
Realm realm = returnToBuilder.Uri;
realm = "http://localhost:3314/OpenId/";
returnTo = new Uri("http://localhost:3314/OpenId/");
var response = openid.GetResponse();
if (response == null) {
if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {
} else {
string strIdentifier = "testidentifier";
var request = openid.CreateRequest(
strIdentifier,
realm,
returnTo);
var fetchRequest = new FetchRequest();
request.AddExtension(fetchRequest);
request.RedirectToProvider();
}
} else {
switch (response.Status) {
case AuthenticationStatus.Canceled:
//stuff got cancelled for some reason
break;
case AuthenticationStatus.Failed:
//response.Exception.Message;
break;
case AuthenticationStatus.Authenticated:
//a bunch of applying roles that i don't think we care about
break;
}
}
return new EmptyResult();
}
提供商代码:
public ActionResult Index()
{
IAuthenticationRequest iR = (IAuthenticationRequest)Request;
if (iR.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success) {
iR.IsAuthenticated = false;
return new EmptyResult();
}
if (iR.IsDirectedIdentity) {
if (User.Identity.IsAuthenticated) {
iR.LocalIdentifier = BuildIdentityUrl();
iR.IsAuthenticated = true;
} else {
if (iR.Immediate || ImplicitAuth) {
iR.IsAuthenticated = false;
} else {
if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
return RedirectToAction("Login", "User");
}
}
}
} else {
string userOwningOpenIdUrl = ExtractUserName(iR.LocalIdentifier);
iR.IsAuthenticated = userOwningOpenIdUrl == User.Identity.Name;
if (!iR.IsAuthenticated.Value && !ImplicitAuth && !iR.Immediate) {
if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
return RedirectToAction("Login", "User");
}
}
}
if (iR.IsAuthenticated.Value) {
var fetchRequest = iR.GetExtension<FetchRequest>();
if (fetchRequest != null) {
var fetchResponse = new FetchResponse();
//roles and stuff
iR.AddResponseExtension(fetchResponse);
}
}
return new EmptyResult();
}
public ActionResult Index()
{
IAAuthenticationRequest iR=(IAAuthenticationRequest)请求;
if(iR.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler)!=RelyingPartyDiscoveryResult.Success){
iR.IsAuthenticated=false;
返回新的EmptyResult();
}
if(iR.ISdirectedintity){
if(User.Identity.IsAuthenticated){
iR.LocalIdentifier=BuildIdentityUrl();
iR.IsAuthenticated=true;
}否则{
if(iR.Immediate | | ImplicitAuth){
iR.IsAuthenticated=false;
}否则{
if(!Request.Path.EndsWith(“Login”,StringComparison.OrdinalIgnoreCase)){
返回重定向操作(“登录”、“用户”);
}
}
}
}否则{
字符串userowningopenidur=ExtractUserName(iR.LocalIdentifier);
iR.IsAuthenticated=userOwningOpenIdUrl==User.Identity.Name;
如果(!iR.IsAuthenticated.Value&&!ImplicitAuth&&!iR.Immediate){
if(!Request.Path.EndsWith(“Login”,StringComparison.OrdinalIgnoreCase)){
返回重定向操作(“登录”、“用户”);
}
}
}
if(iR.IsAuthenticated.Value){
var fetchRequest=iR.GetExtension();
if(fetchRequest!=null){
var fetchResponse=新的fetchResponse();
//角色和东西
iR.AddResponseExtension(fetchResponse);
}
}
返回新的EmptyResult();
}
当我在openid.CreateRequest
方法上运行依赖方代码时,我得到了错误。我对我的提供程序代码启用了调试,但它从未被命中
在研究错误时,我发现了很多关于代理问题的建议,但这对我来说不应该是问题,因为我只打算使用localhost
也许这很明显,但我不知道我做错了什么
提前感谢您的帮助
编辑:仅供参考,我从DotNetOpenAuth示例中获得了此代码。我不确定您是否有与我相同的问题,但是。。。对于我来说,如果我输入类似“bob”的用户名,那么在提示我输入openid之后,我出现了这个错误。当我输入有效的开放id时,例如dumdum@yahoo.com,这个问题过去了。对于完全不可能的开放ID的异常处理似乎需要搞定 好吧,我最终手动浏览了源代码,并在某种程度上解决了问题 事实证明dumdum有点正确-我的第一个问题是它确实需要一个URI作为标识符,所以一旦我将标识符更改为
http://localhost:3314/OpenId/
(尽管这本身是无效的)我克服了那个例外
第二个问题是我忘了向web.config添加信息-因此localhost
没有被列入白名单,并且CreateRequest
失败
在我修复了这两个问题之后,我的提供者代码得到了很好的命中——我在那里遇到了其他错误,但我想这是一个单独的问题
Web.Config:
<configSections>
<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth">
<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
<section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
<section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
</sectionGroup>
</configSections>
<dotNetOpenAuth>
<openid>
<relyingParty>
<security requireSsl="false">
<!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
<!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
<add endpoint="https://www.google.com/accounts/o8/ud" />
</trustedProviders>-->
</security>
<behaviors>
<!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
with OPs that use Attribute Exchange (in various formats). -->
<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/>
<!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth" />-->
</behaviors>
<!-- Uncomment the following to activate the sample custom store. -->
<!--<store type="OpenIdRelyingPartyWebForms.CustomStore, OpenIdRelyingPartyWebForms" />-->
</relyingParty>
</openid>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<!-- since this is a sample, and will often be used with localhost -->
<add name="localhost"/>
</whitelistHosts>
</untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true"/>
</dotNetOpenAuth>
我最近遇到了同样的问题,结果证明问题不在我的应用程序中,而是在openID服务器端。 调用openID服务器时,它返回500-内部服务器错误,我的应用程序引发协议异常-在第
openID.CreateRequest(Identifier.Parse(openIdServer))
行上找不到openID端点
我联系了OpenID服务器的管理员,他修复了内部服务器错误,一切正常(与错误之前一样)
为什么DotNetOpenAuth会出现这样一个愚蠢的异常,这是一个问题……这个异常有些道理。理想情况下,有一种方法可以查看更详细的信息(实际上可能有,我不是DNOA的专家)。