Я создал приложение сервера идентификации 3 MVC, которое, казалось, работало локально, как только я развернулся на сервере, я продолжал получать бесконечные циклы при попытке войти в систему на моем клиенте. Я проверил несколько мест, чтобы увидеть, как решить проблему, вот что я пробовал
- Добавление защищенного метода void Session_Start () в Global.asax;
- Добавление CookieManager = новый Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager () для UseCookingAuthentication
- Хостинг на другом веб-сайте
Я не уверен, что еще я могу попытаться заставить это работать на моем сервере .
Сопоставление серверов идентификации
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings[ApplicationConstants.DB_NAME].ConnectionString;
EntityFrameworkServiceOptions entConfig = new IdentityServer3.EntityFramework.EntityFrameworkServiceOptions()
{
ConnectionString = connectionString
};
//var idSvrFactory = Factory.Configure(entConfig);//switch to using In-Memory(this uses DB, values not yet entered into DB
IdentityServerServiceFactory idSvrFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
idSvrFactory.ConfigureUserService(ApplicationConstants.DB_NAME);//configure a few services
//ClientStore.
idsrvApp.UseIdentityServer(new IdentityServer3.Core.Configuration.IdentityServerOptions
{
SiteName = "Identity Server",
SigningCertificate = LoadCertificate(),
Factory = idSvrFactory,
AuthenticationOptions = new AuthenticationOptions
{
EnablePostSignOutAutoRedirect = true,
IdentityProviders = ConfigureAdditionalIdentityProviders
},
LoggingOptions = new LoggingOptions
{
EnableHttpLogging = true,
EnableKatanaLogging = true,
EnableWebApiDiagnostics = true,
WebApiDiagnosticsIsVerbose = true
}
});
Сопоставление клиентов
JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();//should fix jwt issue
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = Properties.Settings.Default.IdentityServerUrl,
//Authority = "https://localhost:44388/identity",
ClientId = PublicClientId,
//In the Scope we ask what to include
Scope = "openid profile roles WebAPI",
//RedirectUri = "https://localhost:44327/",
RedirectUri = Properties.Settings.Default.ReturnUrl,
CallbackPath = new PathString(Properties.Settings.Default.CallbackPath),
ResponseType = "id_token token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
TokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = IdentityServer3.Core.Constants.ClaimTypes.Name,
RoleClaimType = IdentityServer3.Core.Constants.ClaimTypes.Role
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
ClaimsIdentity id = n.AuthenticationTicket.Identity;
Claim sub = id.FindFirst(IdentityServer3.Core.Constants.ClaimTypes.Subject);
IEnumerable<Claim> roles = id.FindAll(IdentityServer3.Core.Constants.ClaimTypes.Role);
//Claim username = id.FindFirst(IdentityServer3.Core.Constants.ClaimTypes.Name);
//IEnumerable<Claim> roles = id.FindAll(JwtClaimTypes.Role);
// create new identity and set name and role claim type
ClaimsIdentity nid = new ClaimsIdentity(id);
//http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name -- MS specific name claims object(for using JWT)
//http://www.w3.org/2001/XMLSchema#string --OpenIDConnect value type for name
//var nid = new ClaimsIdentity(id.AuthenticationType,
// IdentityServer3.Core.Constants.ClaimTypes.Name, IdentityServer3.Core.Constants.ClaimTypes.Role);
//the above fails to map the identity data(used an overloaded method since the identity and usertype already set
//nid.AddClaim(sub);
//nid.AddClaims(roles);
// keep the id_token for logout
nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
// Add custom claims
//Claim gender = id.FindFirst(IdentityServer3.Core.Constants.ClaimTypes.Gender);
//Claim middleName = id.FindFirst(IdentityServer3.Core.Constants.ClaimTypes.MiddleName);
//Claim firstName = id.FindFirst("FirstName");
//nid.AddClaim(gender);
//nid.AddClaim(middleName);
//nid.AddClaim(firstName); //not required if identity constructor is being used
n.AuthenticationTicket = new AuthenticationTicket(nid, n.AuthenticationTicket.Properties);
return Task.FromResult(0);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == Microsoft.IdentityModel.Protocols.OpenIdConnectRequestType.LogoutRequest)
{
Claim idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityServer3.Core.Constants.ClaimTypes.Subject;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
Журнал Fiddler
Последний бит журнала Identity Server
2020-06-18 12: 24: 03.042 -07: 00 [Информация] Запрошена конечная точка отчета CSP 2020-06-18 12: 24: 03.042 -07: 00 [Информация] Данные отчета CSP: "{\" csp-report \ ": {\" blocked-uri \ ": \" встроенный \ ", \" номер-столбца \ ": 4153, \" документ-uri \ ": \" https://win-lnf3879gsi5.haamlets.co.za: 44388 / id / identity / connect / authorize? client_id = LiveKoinsAdmin & redirect_uri = https% 3a% 2f % 2fwin-lnf3879gsi5. haamlets.co.za% 3a44388% 2fadmin & response_mode = form_post & response_type = id_token + маркер и сфера = OpenID + профиль + роли + WebAPI & состояние = OpenIdConnect.AuthenticationProperties% 3DN-mu9B1zk0pkFe9ZEuGeczzYX-AhJXELHDbei3XpifxcUirghZW5zS2-rIY6A713BxGpVIypVl1NJcvP94cXJsPxGVNoOZ6Y4QSTwG2lutTbLvp7UBt9Va5fFneFbka7ABAJAqKtYRBhmuqEAnAdIfcGRdGW3BGIRt0hZaR6yHBpcuIwjpJShbH47bx67yQlJCTzVoiR-cA51yqKdMgK - XJw-6Vni-g09RkdvME1zhK_1niiTEEtPCQNhylzWx87POijcm_GIfbhh75DWxHWw & Nonce = 637281050418334910.YzIyZjBlNDktZjM2Ny00Njc1LWFjZTQtMzljY2E3ZDY5YTJjMDgxZWQ5N2ItYTY1Zi00ZDczLTlhM2ItM2I3ZWM2ZWVmMTU4 & х-клиент -SKU = ID_NET & x-client-ver = 1.0.40306.1554 \ ", \" номер строки \ ": 3, \" исходная политика \ ": \" default-src 'self'; script-sr c 'сам'; style-sr c 'self' 'небезопасный встроенный'; img-src *; report-uri https://win-lnf3879gsi5.haamlets.co.za: 44388 / id / identity / csp / report \ ", \" referrer \ ": \" https://win-lnf3879gsi5.haamlets.co.za: 44388 / id / identity / connect / authorize? client_id = LiveKoinsAdmin & redirect_uri = HTTPS% 3a% 2f% 2fwin-lnf3879gsi5.haamlets.co.za% 3a44388% 2fadmin & response_mode = form_post & response_type = id_token + маркер и сфера = + профиль OpenID + роли + WebAPI & состояние = OpenIdConnect.AuthenticationProperties% 3d0P_u0_bkiB6YE-FKO-N1whv7zbZAfqdJM9Lhz28TVoJHADTp35qsfZFqDnetJvQofFSuMzqPxz9T57KlQ1axN6lUiN5C4BbF8SDhOmNjnsB8K8f8t4dLRGWael4j7gMinpY4pcD56v-VyJhs3lm0d- b_N2racBN_0rC71mfcB0b78k_uFIS0iwMr7-gzj7vmtIxsurWqUa2iP2VGQ5sgd0FLRI4XgfuKU0sxctTS07ZnKba4nHhApEVhUqj3WYFUyw2b02iPqsC9gP9grMba8A & нонс = 637281050407311586.Y2Y5MGNiMTEtMmJjZC00NDhkLTk3NzItYWQ3NTYyN2E5Njk2ZDkzZWNkYmUtYThlZC00NmFlLWJjZDEtMjU4MjA4Y2FlYjQ1 & х-клиент-ы = ID_NET & х-клиент-вер = 1.0.40306.1554 \ "\ "источник-файл \": \" https://win-lnf3879gsi5.haamlets.co.za: 44388 / идентификатор / стиль / assets / scripts.2.5.0. js \ ", \" violated-directive \ ": \" script-src \ "}}" 2020-06-18 12: 24: 03.042 -07: 00 [ Информация] Рендеринг 204 2020-06-18 12: 24: 03.042 -07: 00 [Отладка] [2020-06-18T19: 24: 03.0426248Z] Уровень = Информация, Вид = Конец, Категория = 'System.Web.Http.Action', Id = d01d40ea-f042-42c8-a25b-b777ebcc7fa c, Message = 'Действие возвращено' System.Web.Http.Results.ResponseMessageResult '', Operation = ReflectedHttpActionDescriptor.ExecuteAsyn c 2020.06-18 12:24: 03 -07: 00 [Отладка] [2020-06-18T19: 24: 03.0426248Z] Уровень = Информация, Вид = Конец, Категория = 'System.Web.Http.Action', Id = d01d40ea-f042-42c8-a25b-b777ebcc7fa c, Operation = ApiControllerActionInvoker.InvokeActionAsyn c, Status = 204 (NoContent) 2020-06-18 12: 24: 03.042 -07: 00 [Debug] [2020-06-18T19: 24: 03.0426248Z] Уровень = Info, Kind = End, Category = 'System.Web.Http.Controllers', Id = d01d40ea-f042-42c8-a25b-b777ebcc7fa c, Operation = CspReportController.ExecuteAsyn c, Status = 204 (NoContent) 2020- 06-18 12: 24: 03.042 -07: 00 [Отладка] [2020-06-18T19: 24: 03.0426248Z] Уровень = Информация, Вид = Конец, Категория = 'System.Web.Http.MessageHandlers', Id = d01d40ea -f042-42c8-a25b-b777ebcc7fa c, Operation = PassiveAuthenticationMessageHandler.SendAsyn c, Status = 204 (NoContent) 2020-06-18 12: 24: 03.042 -07: 00 [Debug] [2020-06-18T19: 24: 03.0426248Z] Уровень = Информация, Тип = End, Category = 'System.Web.Http.MessageHandlers', Id = d01d40ea-f042-42c8-a25b-b777ebcc7fa c, Operation = DependencyScopeHandler.SendAsyn c, Status = 204 (NoContent) 18.06.2020 12 : 24: 03.042 -07: 00 [Debug] [2020-06-18T19: 24: 03.0426248Z] Отправка ответа, статус = 204 (NoContent), метод = POST, URL = https://win-lnf3879gsi5.haamlets.co.za: 44388 / id / identity / csp / report , Id = d01d40ea-f042-42c8-a25b-b777ebcc7fa c, Message = 'Content-type =' none ', content-length = unknown' 2020-06-18 12:24: 03.042 -07: 00 [Отладка] [2020-06-18T19: 24: 03.0426248Z] Уровень = Информация, Вид = Начало, Категория = 'System.Web.Http.Controllers', Id = d01d40ea-f042-42c8-a25b- b777ebcc7fa c, Operation = CspReportController.Dispose 2020-06-18 12: 24: 03.042 -07: 00 [Отладка] [2020-06-18T19: 24: 03.0426248Z] Уровень = Информация, Вид = Конец, Категория = ' System.Web.Http.Controllers ', Id = d01d40ea-f042-42c8-a25b-b777eb cc7fa c, операция = CspReportController.Dispose