Redirect WSFederation ADFS登录循环.Net核心2.1
在登录ADFS(内部部署)时,我在输入凭据后被重定向,最终出错并显示错误异常详细信息:Microsoft.IdentityServer.Web.InvalidRequestException:MSIS7042:同一客户端浏览器会话在最后“7”秒内发出了“6”个请求。有关事件查看器中的详细信息,请与管理员联系。我遵循了几个堆栈溢出建议(),但无法解决该问题。我正在https上运行,并确保证书是正确的 这是我的密码Redirect WSFederation ADFS登录循环.Net核心2.1,redirect,.net-core,ws-federation,adfs3.0,Redirect,.net Core,Ws Federation,Adfs3.0,在登录ADFS(内部部署)时,我在输入凭据后被重定向,最终出错并显示错误异常详细信息:Microsoft.IdentityServer.Web.InvalidRequestException:MSIS7042:同一客户端浏览器会话在最后“7”秒内发出了“6”个请求。有关事件查看器中的详细信息,请与管理员联系。我遵循了几个堆栈溢出建议(),但无法解决该问题。我正在https上运行,并确保证书是正确的 这是我的密码 namespace TestApp { public class Startup {
namespace TestApp
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
private static string HtmlEncode(string content) =>
string.IsNullOrEmpty(content) ? string.Empty : HtmlEncoder.Default.Encode(content);
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.Secure = CookieSecurePolicy.SameAsRequest;
});
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,
options =>
{
options.Cookie.Name = ".AspNet.SharedCookie";
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite = SameSiteMode.None;
})
.AddWsFederation(options =>
{
options.MetadataAddress =
$"https://adfsdomain/FederationMetadata/2007-06/FederationMetadata.xml";
options.Wtrealm = "urn:apptest";
options.Wreply = "https://appdomain/apptest";
options.CallbackPath = "/apptest";
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "https://adfsdomain/adfs/services/trust/"
};
options.SaveTokens = true;
options.RequireHttpsMetadata = false;
});
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddMvc();//.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseCors(policy => policy.SetIsOriginAllowed(origin => origin == "https://adfsdomain"));
app.UseHttpsRedirection();
app.UseStaticFiles();
app.Use(async (context, next) =>
{
if (!context.User.Identity.IsAuthenticated)
{
await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
}
else
{
await next();
}
});
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
namespace TestApp
{
公营创业
{
公共启动(IConfiguration配置)
{
配置=配置;
}
公共IConfiguration配置{get;}
私有静态字符串HtmlEncode(字符串内容)=>
string.IsNullOrEmpty(内容)?string.Empty:HtmlEncoder.Default.Encode(内容);
//此方法由运行时调用。请使用此方法将服务添加到容器中。
public void配置服务(IServiceCollection服务)
{
配置(选项=>
{
options.checkApprovered=context=>false;
options.MinimumSameSitePolicy=SameSiteMode.None;
options.Secure=CookieSecurePolicy.SameAsRequest;
});
services.AddAuthentication(sharedOptions=>
{
sharedOptions.DefaultScheme=CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignenscheme=CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme=WsFederationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,
选项=>
{
options.Cookie.Name=“.AspNet.SharedCookie”;
options.Cookie.SecurePolicy=CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite=SameSiteMode.None;
})
.AddWsFederation(选项=>
{
options.MetadataAddress=
$"https://adfsdomain/FederationMetadata/2007-06/FederationMetadata.xml";
options.Wtrealm=“urn:apptest”;
选项。Wreply=”https://appdomain/apptest";
options.CallbackPath=“/apptest”;
options.TokenValidationParameters=新的Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
validateisuer=true,
ValidisUser=”https://adfsdomain/adfs/services/trust/"
};
options.SaveTokens=true;
options.RequireHttpsMetadata=false;
});
services.AddSingleton();
services.AddMvc();/.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
//此方法由运行时调用。请使用此方法配置HTTP请求管道。
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
其他的
{
app.UseExceptionHandler(“/Home/Error”);
app.UseHsts();
}
app.UseCors(policy=>policy.SetIsOriginAllowed(origin=>origin=“https://adfsdomain"));
app.UseHttpsRedirection();
app.UseStaticFiles();
应用程序使用(异步(上下文,下一步)=>
{
如果(!context.User.Identity.IsAuthenticated)
{
wait context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
}
其他的
{
等待下一个();
}
});
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(路由=>
{
routes.MapRoute(
名称:“默认”,
模板:“{controller=Home}/{action=Index}/{id?}”);
});
}
}
}
我正在使用.NETCore2.1和ADFS3.0。如果我使用ASP.NET MVC应用程序并使用相同的adfs设置发布它,我的代码会像charm一样工作,这告诉我adfs上的配置已正确配置 不确定这是否能帮到你们,但我让我的ADF来处理以下问题:
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.Wtrealm = this._Configuration["wsfed:realm"];
options.MetadataAddress = string.Format("{0}/federationmetadata/2007-06/federationmetadata.xml", this._Configuration["wsfed:metadata"]);
})
.AddCookie();
在
app.Use(async…
之前,需要app.UseAuthorization()
。这是从重定向中获取标题并填充上下文的中间件。用户
遇到完全相同的问题,您是否设法进一步使用此?app.UseAuthentication();应位于上下文之前。ChallengeAsync();