mvc客戶端登錄驗證回呼例外，服務端使用Identityserver4認證

            我有一個mvc客戶端，使用的是混合模式認證，本地運行沒有問題，但是部署到服務器以后，is4認證通過后回呼，就直接跳轉到/signin-oidc，提示該網頁無法正常運作，如果問題仍然存在，請與網站所有者聯系。HTTP ERROR 400，查看日志也沒有看到錯誤日志輸出。

以下是客戶端的代碼：

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                
                options.Authority = “http://192.168.10.100:8080”;
                options.RequireHttpsMetadata = false;

                options.ClientId = “mvc”;
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";

                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Clear();
                options.Scope.Add("openid");
                options.Scope.Add("profile");

            });


            app.UseCookiePolicy();
            app.UseAuthentication();
            app.UseStaticFiles();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });

從代碼上看，我也發現不了什么問題，使用同樣的方法部署了多個站點，其它的都可以，就是這個不行，服務器驗證成功以后，就直接跳轉到http://192.168.10.133/signin-oidc, 同時出現400錯誤。
客戶端日志：
2019-05-11 10:51:24.283 +08:00 [WRN] Using an in-memory repository. Keys will not be persisted to storage.2019-05-11 10:51:24.402 +08:00 [WRN] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.2019-05-11 10:51:24.530 +08:00 [WRN] No XML encryptor configured. Key "3c666a7d-6e97-4f97-8b52-861cb03f5347" may be persisted to storage in unencrypted form.2019-05-11 10:51:26.492 +08:00 [INF] Cookies was not authenticated. Failure message: Unprotect ticket failed2019-05-11 10:51:27.104 +08:00 [INF] AuthenticationScheme: oidc was challenged.

is4服務器端也沒有報錯的日志
2019-05-11 10:51:27.022 +08:00 [DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery2019-05-11 10:51:27.022 +08:00 [DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint2019-05-11 10:51:27.022 +08:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration2019-05-11 10:51:27.022 +08:00 [DBG] Start discovery request2019-05-11 10:51:27.028 +08:00 [DBG] Found ["openid","profile","school","api1"] as all scopes in database2019-05-11 10:51:27.078 +08:00 [DBG] Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery2019-05-11 10:51:27.078 +08:00 [DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint2019-05-11 10:51:27.078 +08:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks2019-05-11 10:51:27.078 +08:00 [DBG] Start key discovery request2019-05-11 10:51:27.128 +08:00 [DBG] Request path /connect/authorize matched to endpoint type Authorize2019-05-11 10:51:27.128 +08:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint2019-05-11 10:51:27.128 +08:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize2019-05-11 10:51:27.128 +08:00 [DBG] Start authorize request2019-05-11 10:51:27.129 +08:00 [DBG] User in authorize request: 8cd82630f81a2019-05-11 10:51:27.129 +08:00 [DBG] Start authorize request protocol validation2019-05-11 10:51:27.134 +08:00 [DBG] CLIENT found in database: true2019-05-11 10:51:27.134 +08:00 [DBG] client configuration validation for client CLIENT succeeded.2019-05-11 10:51:27.134 +08:00 [DBG] Checking for PKCE parameters2019-05-11 10:51:27.134 +08:00 [DBG] No PKCE used.2019-05-11 10:51:27.136 +08:00 [DBG] Found ["openid","profile"] identity scopes in database2019-05-11 10:51:27.141 +08:00 [DBG] Found ["api1"] API scopes in database2019-05-11 10:51:27.142 +08:00 [DBG] Found ["openid","profile"] identity scopes in database2019-05-11 10:51:27.146 +08:00 [DBG] Found ["api1"] API scopes in database2019-05-11 10:51:27.146 +08:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator2019-05-11 10:51:27.146 +08:00 [INF] ValidatedAuthorizeRequest{"ClientId":"CLIENT","ClientName":"CLIENT","RedirectUri":"http://192.168.10.133:8080/signin-oidc","AllowedRedirectUris":["http://192.168.10.133:8080/signin-oidc","http://localhost:29111/signin-oidc"],"SubjectId":"8cd82630f81a","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"systemapi pmapi basicapi offline_access openid profile","State":"4UgFIk6n4JAz_AJ1pwfbY0T57p00Dq2XlFiV3BJ6_oM649ZRVQZvSwVcft4wYrU8C3iBa8VWOoCrwTl3orAV45jjQIsQdG0sVdBtFhVHp8upsAE1waRfSu3eibU6M9_tm2m3DwG-EEqKE5h-k2fDOmYqP5cjab5SWRJtjjoDIGzjPwIReNk7lnAOquyMUtarJz_sUdC3qhyMoJvPaNmkGpoXLUxs0kIh8Efxu0S_ecIfD4N3X1hesEDtP6ScQ0lV7QmuS4BBNlvtKuPaZBP0EKnNf0cxyLORneSDX_4Y1SY8VF83JzI4Ayi0_N4","UiLocales":null,"Nonce":"636931398870976449.YjAzYmJjODEtNGVkMi00MTRiLWIwM2QtMTUyZjZjNGJmMDFkNzJlY2U5OTYtZGY3OS00ZmE3LWEyNzAtNjNiMjBmOWZiMmRl","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":"2e8794e302771caf27710bb9916dbbcd","Raw":{"client_id":"CLIENT","redirect_uri":"http://192.168.10.133:8080/signin-oidc","response_type":"code id_token","scope":"systemapi pmapi basicapi offline_access openid profile","response_mode":"form_post","nonce":"636931398870976449.YjAzYmJjODEtNGVkMi00MTRiLWIwM2QtMTUyZjZjNGJmMDFkNzJlY2U5OTYtZGY3OS00ZmE3LWEyNzAtNjNiMjBmOWZiMmRl","state":"4UgFIk6n4JAz_AJ1pwfbY0T57p00Dq2XlFiV3BJ6_oM649ZRVQZvSwVcft4wYrU8C3iBa8VWOoCrwTl3orAV45jjQIsQdG0sVdBtFhVHp8upsAE1waRfSu3eibU6M9_tm2m3DwG-EEqKE5h-k2fDOmYqP5cjab5SWRJtjjoDIGzjPwIReNk7lnAOquyMUtarJz_sUdC3qhyMoJvPaNmkGpoXLUxs0kIh8Efxu0S_ecIfD4N3X1hesEDtP6ScQ0lV7QmuS4BBNlvtKuPaZBP0EKnNf0cxyLORneSDX_4Y1SY8VF83JzI4Ayi0_N4","x-client-SKU":"ID_NETSTANDARD2_0","x-client-ver":"5.3.0.0"},"$type":"AuthorizeRequestValidationLog"}2019-05-11 10:51:27.146 +08:00 [DBG] Client is configured to not require consent, no consent is required2019-05-11 10:51:27.146 +08:00 [DBG] Creating Hybrid Flow response.2019-05-11 10:51:27.148 +08:00 [DBG] yTrOyFNaDGDdjoCALDkxbh46YqQstu0Kn5xz1xtdLzY= not found in database2019-05-11 10:51:27.150 +08:00 [DBG] Creating Implicit Flow response.2019-05-11 10:51:27.150 +08:00 [DBG] Getting claims for identity token for subject: 8cd82630f81a and client: CLIENT2019-05-11 10:51:27.151 +08:00 [DBG] Claim types from profile service that were filtered: ["sub","idp","amr","auth_time"]2019-05-11 10:51:27.153 +08:00 [INF] Authorize endpoint response{"SubjectId":"8cd82630f81a","ClientId":"CLIENT","RedirectUri":"http://192.168.10.133:8080/signin-oidc","State":"4UgFIk6n4JAz_AJ1pwfbY0T57p00Dq2XlFiV3BJ6_oM649ZRVQZvSwVcft4wYrU8C3iBa8VWOoCrwTl3orAV45jjQIsQdG0sVdBtFhVHp8upsAE1waRfSu3eibU6M9_tm2m3DwG-EEqKE5h-k2fDOmYqP5cjab5SWRJtjjoDIGzjPwIReNk7lnAOquyMUtarJz_sUdC3qhyMoJvPaNmkGpoXLUxs0kIh8Efxu0S_ecIfD4N3X1hesEDtP6ScQ0lV7QmuS4BBNlvtKuPaZBP0EKnNf0cxyLORneSDX_4Y1SY8VF83JzI4Ayi0_N4","Scope":"openid profile systemapi pmapi basicapi offline_access","Error":null,"ErrorDescription":null,"$type":"AuthorizeResponseLog"}

        

uj5u.com熱心網友回復：

服務器的配置問題導致            

uj5u.com熱心網友回復：

options.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;添加這個試試？？
                        

uj5u.com熱心網友回復：

授權服務器里 Client實體要配置屬性RequireConsent=true;

轉載請註明出處，本文鏈接：https://www.uj5u.com/qita/132362.html

標籤：其他技術討論專區

上一篇：關于網路建設專案

下一篇：winhex 資料恢復問題