拒绝关联,因为编码句柄的反序列化失败。 DotNetOpenAuth

时间:2012-12-04 00:27:26

标签: openid dotnetopenauth

我正在研究DotNetOpenAuth示例,并实施openID提供商和依赖方。

基本上它与提供的DotNetOpenAuth样本非常相似,除了我使用MVC 4,因此使用Razor,因此不使用样本中使用的 IdentityEndpoint 控件。 (我在局部视图中编写提供程序头文件)。也在IIS 7.5中托管。

我到达用户正在登录的位置,并且OP正在从日志重定向回依赖方,该依赖方收到以下错误:

  

DotNetOpenAuth.Messaging.ProtocolException:缺少解锁密钥“https:// localhost / dnoa / association_handles”句柄“3tg1”
  在DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(布尔条件,String unformattedMessage,Object [] args)
  at DotNetOpenAuth.Messaging.DataBagFormatterBase`1.CalculateSignature(Byte [] bytesToSign,String symmetricSecretHandle)
  一个....

我不确定它是否有帮助,但错误前面的两个标题是:

Signing these message parts:    
claimed_id: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd   
identity: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd   
assoc_handle: he9m!IAAAAD43Voo3-zQng-ZVSKb9ryFVSIKDLJj4Ph_I9W64ypFCQQAAAAFlZWUQzOJQfO70Pvud2a--auCE7HKkFjBM45HXlpJixLEmtdgd8YPBMckvUFnIPqHBbaAk7mkhI8lDVPoKekUW   
op_endpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider   
return_to: http://www.samplemobilephonecompany.com/User/Authenticate?ReturnUrl=Index&dnoa.userSuppliedIdentifier=http%3A%2F%2Fwww.sampleOpenIDProvider.com   
response_nonce: 2012-12-03T23:59:05ZCqMBPIFL    
Base64 representation of signed data: Y2xhaW1lZF9pZDpodHRwOi8vd3d3LnNvbGZ5cmUtaWQuY29tL3VzZXIvcmFscGhza2kKaWRlbnRpdHk6aHR0cDovL3d3dy5zb2xmeXJlLWlkLmNvbS91c2VyL3JhbHBoc2tpCmFzc29jX2hhbmRsZTpoZTltIUlBQUFBRDQzVm9vMy16UW5nLVpWU0tiOXJ5RlZTSUtETEpqNFBoX0k5VzY0eXBGQ1FRQUFBQUZsWldVUXpPSlFmTzcwUHZ1ZDJhLS1hdUNFN0hLa0ZqQk00NUhYbHBKaXhMRW10ZGdkOFlQQk1ja3ZVRm5JUHFIQmJhQWs3bWtoSThsRFZQb0tla1VXCm9wX2VuZHBvaW50Omh0dHA6Ly93d3cuc29sZnlyZS1pZC5jb20vT3BlbklkL1Byb3ZpZGVyCnJldHVybl90bzpodHRwOi8vd3d3LnNhbXBsZW1vYmlsZXBob25lY29tcGFueS5jb20vVXNlci9BdXRoZW50aWNhdGU/UmV0dXJuVXJsPUluZGV4JmRub2EudXNlclN1cHBsaWVkSWRlbnRpZmllcj1odHRwJTNBJTJGJTJGd3d3LnNvbGZ5cmUtaWQuY29tCnJlc3BvbnNlX25vbmNlOjIwMTItMTItMDNUMjM6NTk6MDVaQ3FNQlBJRkwK  
Signature: kw4f92CpwFbXgUkLs+Pf+5cFrtEzmE9KpxHgTYwi1tQ=

After binding element processing, the received IndirectSignedResponse (2.0) message is:    
openid.sig: kw4f92CpwFbXgUkLs+Pf+5cFrtEzmE9KpxHgTYwi1tQ=   
openid.signed: claimed_id,identity,assoc_handle,op_endpoint,return_to,response_nonce   
openid.assoc_handle: he9m!IAAAAD43Voo3-zQng-ZVSKb9ryFVSIKDLJj4Ph_I9W64ypFCQQAAAAFlZWUQzOJQfO70Pvud2a--auCE7HKkFjBM45HXlpJixLEmtdgd8YPBMckvUFnIPqHBbaAk7mkhI8lDVPoKekUW   
openid.invalidate_handle: 3tg1!IAAAALLyXKaShsmSDmEaKWxiBCi7-a8Nso0tyNaPKVqi52KuQQAAAAHvnjGT2Gt-_iWlSTpmBgthNS8s2Dxs6-pQG6rzYrFqgA5mp_T_HPcaJ6BchUsN9Lx2uH7jssuSAq0xbae7lb1r   
openid.op_endpoint: http://www.sampleOpenIDProvider.com/OpenId/Provider   
openid.return_to: http://www.samplemobilephonecompany.com/User/Authenticate?ReturnUrl=Index&dnoa.userSuppliedIdentifier=http%3A%2F%2Fwww.sampleOpenIDProvider.com   
openid.response_nonce: 2012-12-03T23:59:05ZCqMBPIFL   
openid.mode: id_res   
openid.ns: http://specs.openid.net/auth/2.0   
openid.claimed_id: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd   
openid.identity: http://www.sampleOpenIDProvider.com/user/justpartofthecrowd   
ReturnUrl: Index   dnoa.userSuppliedIdentifier: http://www.sampleOpenIDProvider.com  

我想这对那些实施了dotnetopenauth的人来说意味着什么,但值得一试!

1 个答案:

答案 0 :(得分:2)

在通过谷歌群组搜索时,意外修复了这个问题,并阅读了另一个问题,其中有用的Andrew Arnott建议检查所有openID端点是否可以在未经授权的情况下访问。

所以我检查了我的代码,并在RegisterGlobalFilters中有以下语句:

filters.Add(new System.Web.Mvc.AuthorizeAttribute());

我在所有用于openID的控制器或操作上使用 [AllowAnonymous] 属性。或者我认为,因为删除全局过滤器,然后仅将 [授权] 属性明确添加到需要授权的区域来解决问题。