【发布时间】:2020-11-10 08:58:03
【问题描述】:
在 ADFS 身份验证后遇到无限重定向循环。这是我的配置。 部署在应用程序负载均衡器后面的 AWS EC2 IIS 上。
循环重定向到“/signin-oidc”
根据开发工具,请求发生在无限循环中,直到 Bad Request 结果太长。
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddScoped<HttpClient>();
services.Configure<ForwardedHeadersOptions>(o =>
{
o.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
o.KnownNetworks.Clear();
o.KnownProxies.Clear();
});
services.AddAuthentication(o =>
{
o.DefaultScheme = "Cookies";
o.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://testadfs.com/adfs";
options.ClientId = "clientid";
options.ClientSecret = "clientsecret";
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = "/signin-oidc";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Events = new OpenIdConnectEvents
{
OnAccessDenied = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error/CustomInternalServerError");
return Task.CompletedTask;
}
};
}
services.AddMvcCore(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddAuthorization();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error/CustomInternalServerError");
app.UseHsts();
}
app.UseCors("AllowOrigin");
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");
});
}
【问题讨论】:
-
嗨@Zack,您能确认一下应用程序的注册位置吗
-
@Zack 你找到解决这个问题的方法了吗?我遇到了同样的问题。
标签: openid-connect adfs asp.net-core-3.1