我正在为我的 asp.net 应用程序使用 Owin 的 OpenId 身份验证来验证具有 Azure 登录的用户。 但是一旦我从 Azure 登录并重定向,授权代码接收就会进入无限循环。下面是我使用的代码。
我已经尝试了来自不同帖子的各种建议,如下所示,但这对我没有帮助。
-
https://github.com/IdentityServer/IdentityServer3/issues/3239
-
在 MVC5 中使用 OAuth 时返回到身份验证页面的无限循环
- 第二次登录导致第一次成功登录后的无限重定向循环 MVC .NET 5 OWIN ADAL OpenIDConnect
-
设置回调路径
.app。SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType(;
app.UseKentorOwinCookieSaver(); //did not work app.UseCookieAuthentication(new CookieAuthenticationOptions() { //CookieHttpOnly = false, //CookieSecure = CookieSecureOption.SameAsRequest, //Did not work //CookieManager = new SystemWebCookieManager() //did not work AuthenticationType = "Cookies" } ); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, RedirectUri = postLogoutRedirectUri, CallbackPath = new PathString("/my_Azure/Start.aspx"), Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(clientId, appKey); string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new ADALTokenCache(signedInUserID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); return Task.FromResult(0); } } } ); // This makes any middleware defined above this line run before the Authorization rule is applied in web.config app.UseStageMarker(PipelineStage.Authenticate);
问题出在 web.config 中的授权设置上,我使用了 deny<deny users="*"/>这导致应用程序拒绝所有授权,因此进入循环,当我将其更改为<deny users="?"/>它开始正常工作时。