3 回答
TA贡献1818条经验 获得超7个赞
如果您针对本地主机使用 Chrome,您可能会遇到 Chrome cookie 处理行为的变化。
要进行验证,请导航到 chrome://flags/ 并将“没有 SameSite 的 Cookies 必须是安全的”更改为“已禁用”。
如果该更改修复了问题,并且您想永久修复它(即不依赖于 chrome 标志修复),则该 thinktecture 帖子将讨论潜在问题以及旧 iOS Safari 版本所需的一些修复。
TA贡献1898条经验 获得超8个赞
我终于找到了解决方案,我会在这里发布以防万一有人遇到类似的问题。
看起来主要问题是我的重定向 URI 与 CallBackPath 相同:
"CallbackPath": "/Account/SigninOidc"
var authProperties = _signInManager .ConfigureExternalAuthenticationProperties("AzureAD", Url.Action("SigninOidc", "Account", null, Request.Scheme));
好吧,这是我更正的 Startup.cs:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using BPT.PC.IdentityServer.Data;
using BPT.PC.IdentityServer.IdentityStore;
using BPT.PC.IdentityServer.Models;
using BPT.PC.IdentityServer.Web.Models;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
namespace BPT.PC.IdentityServer.Web
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<User, Role>()
.AddUserStore<UserStore>()
.AddRoleStore<RoleStore>()
.AddDefaultTokenProviders();
services.AddMemoryCache();
services.AddDistributedMemoryCache();
services.AddDbContext<IdentityServerDb>
(options => options.UseSqlServer(Configuration.GetConnectionString("IdentityServerDb")));
services
.AddMvc();
services
.AddAuthentication(auth =>
{
auth.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
auth.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
auth.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("AzureAD", "AzureAD", options =>
{
Configuration.GetSection("AzureAD").Bind(options); ;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(120);
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
});
services.AddSingleton(Configuration.GetSection("OpenIdConnectProviderConfiguration").Get<OpenIdConnectProviderConfiguration>());
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Account}/{action=Login}/{id?}");
});
}
}
}
最后的实现:
[HttpGet]
public IActionResult CorpLogin()
{
var authProperties = _signInManager
.ConfigureExternalAuthenticationProperties("AzureAD",
Url.Action("LoggingIn", "Account", null, Request.Scheme));
return Challenge(authProperties, "AzureAD");
}
appsettings.json 是相同的。
TA贡献1820条经验 获得超9个赞
仅供参考:我遇到了同样的问题,我花了将近 1 天的时间来调查这个问题。最后我发现从我的 startup.cs 中删除以下代码后,一切正常:
CookiePolicyOptions cookiePolicy = new CookiePolicyOptions()
{
Secure = CookieSecurePolicy.Always,
};
我正在与 Microsoft 支持团队跟进此事,如果得到任何回应,我会将其更新回来。
- 3 回答
- 0 关注
- 199 浏览
添加回答
举报