Openid 拒绝关联,因为编码句柄的反序列化失败。DotNetOpenAuth
我正在使用DotNetOpenAuth示例,并实现一个openID提供者和依赖方 本质上,它与提供的DotNetOpenAuth示例非常相似,只是我使用的是mvc4,因此是Razor,因此没有使用示例中使用的IdentityEndpoint控件。(我将在局部视图中写出提供者标题)。也托管在IIS 7.5中 我已经到达用户正在登录的点,OP正在重定向回依赖方,依赖方从日志中得到以下错误: DotNetOpenAuth.Messaging.ProtocolException:缺少bucket的解密密钥”https://localhost/dnoa/association_handles“句柄”3tg1Openid 拒绝关联,因为编码句柄的反序列化失败。DotNetOpenAuth,openid,dotnetopenauth,Openid,Dotnetopenauth,我正在使用DotNetOpenAuth示例,并实现一个openID提供者和依赖方 本质上,它与提供的DotNetOpenAuth示例非常相似,只是我使用的是mvc4,因此是Razor,因此没有使用示例中使用的IdentityEndpoint控件。(我将在局部视图中写出提供者标题)。也托管在IIS 7.5中 我已经到达用户正在登录的点,OP正在重定向回依赖方,依赖方从日志中得到以下错误: DotNetOpenAuth.Messaging.ProtocolException:缺少bucket的解密密
在DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(布尔条件,字符串未格式化消息,对象[]参数)
在DotNetOpenAuth.Messaging.DataBagFormatterBase`1.CalculateSignature(Byte[]bytesToSign,String symmetricSecretHandle)
a、 我不确定这是否有帮助,但错误之前的两个标题是:
Signing these message parts:
claimed_id: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd
identity: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd
assoc_handle: he9m!IAAAAD43Voo3-zQng-ZVSKb9ryFVSIKDLJj4Ph_I9W64ypFCQQAAAAFlZWUQzOJQfO70Pvud2a--auCE7HKkFjBM45HXlpJixLEmtdgd8YPBMckvUFnIPqHBbaAk7mkhI8lDVPoKekUW
op_endpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider
return_to: http://www.samplemobilephonecompany.com/User/Authenticate?ReturnUrl=Index&dnoa.userSuppliedIdentifier=http%3A%2F%2Fwww.sampleOpenIDProvider.com
response_nonce: 2012-12-03T23:59:05ZCqMBPIFL
Base64 representation of signed data: Y2xhaW1lZF9pZDpodHRwOi8vd3d3LnNvbGZ5cmUtaWQuY29tL3VzZXIvcmFscGhza2kKaWRlbnRpdHk6aHR0cDovL3d3dy5zb2xmeXJlLWlkLmNvbS91c2VyL3JhbHBoc2tpCmFzc29jX2hhbmRsZTpoZTltIUlBQUFBRDQzVm9vMy16UW5nLVpWU0tiOXJ5RlZTSUtETEpqNFBoX0k5VzY0eXBGQ1FRQUFBQUZsWldVUXpPSlFmTzcwUHZ1ZDJhLS1hdUNFN0hLa0ZqQk00NUhYbHBKaXhMRW10ZGdkOFlQQk1ja3ZVRm5JUHFIQmJhQWs3bWtoSThsRFZQb0tla1VXCm9wX2VuZHBvaW50Omh0dHA6Ly93d3cuc29sZnlyZS1pZC5jb20vT3BlbklkL1Byb3ZpZGVyCnJldHVybl90bzpodHRwOi8vd3d3LnNhbXBsZW1vYmlsZXBob25lY29tcGFueS5jb20vVXNlci9BdXRoZW50aWNhdGU/UmV0dXJuVXJsPUluZGV4JmRub2EudXNlclN1cHBsaWVkSWRlbnRpZmllcj1odHRwJTNBJTJGJTJGd3d3LnNvbGZ5cmUtaWQuY29tCnJlc3BvbnNlX25vbmNlOjIwMTItMTItMDNUMjM6NTk6MDVaQ3FNQlBJRkwK
Signature: kw4f92CpwFbXgUkLs+Pf+5cFrtEzmE9KpxHgTYwi1tQ=
我想这对那些已经实现dotnetopenauth的人来说只意味着什么,但值得一试 在通过google群组搜索时,无意中修复了该问题,并阅读了另一个问题,在该问题中,曾经很有帮助的Andrew Arnott建议检查所有openID端点是否可以在未经授权的情况下访问 所以我检查了我的代码,在我的RegisterGlobalFilter中有以下语句:
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
我在openID使用的所有控制器或操作上都使用了[AllowAnonymous]属性。或者我是这么想的,因为删除了全局过滤器,然后只在需要授权的区域显式添加了[Authorize]属性,解决了这个问题。如果有
IOpenIdApplicationStoreOpenIdRelyingPartyAfter binding element processing, the received IndirectSignedResponse (2.0) message is:
openid.sig: kw4f92CpwFbXgUkLs+Pf+5cFrtEzmE9KpxHgTYwi1tQ=
openid.signed: claimed_id,identity,assoc_handle,op_endpoint,return_to,response_nonce
openid.assoc_handle: he9m!IAAAAD43Voo3-zQng-ZVSKb9ryFVSIKDLJj4Ph_I9W64ypFCQQAAAAFlZWUQzOJQfO70Pvud2a--auCE7HKkFjBM45HXlpJixLEmtdgd8YPBMckvUFnIPqHBbaAk7mkhI8lDVPoKekUW
openid.invalidate_handle: 3tg1!IAAAALLyXKaShsmSDmEaKWxiBCi7-a8Nso0tyNaPKVqi52KuQQAAAAHvnjGT2Gt-_iWlSTpmBgthNS8s2Dxs6-pQG6rzYrFqgA5mp_T_HPcaJ6BchUsN9Lx2uH7jssuSAq0xbae7lb1r
openid.op_endpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider
openid.return_to: http://www.samplemobilephonecompany.com/User/Authenticate?ReturnUrl=Index&dnoa.userSuppliedIdentifier=http%3A%2F%2Fwww.sampleOpenIDProvider.com
openid.response_nonce: 2012-12-03T23:59:05ZCqMBPIFL
openid.mode: id_res
openid.ns: http://specs.openid.net/auth/2.0
openid.claimed_id: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd
openid.identity: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd
ReturnUrl: Index dnoa.userSuppliedIdentifier: http://www.sampleOpenIDProvider.com