我正在尝试使用SSO进行OpenID身份验证。我使用DotNetOpenAuth作为框架。
很奇怪,因为我在没有SSO的情况下进行身份验证,没有问题,但我的第二个应用程序有问题
这是我的Page_Load函数:
protected void Page_Load(object sender, EventArgs e) {
UriBuilder returnToBuilder = new UriBuilder(Request.Url);
returnToBuilder.Path = "/login.aspx";
returnToBuilder.Query = null;
returnToBuilder.Fragment = null;
Uri returnTo = returnToBuilder.Uri;
returnToBuilder.Path = "/";
Realm realm = returnToBuilder.Uri;
var response = relyingParty.GetResponse();
if (response == null) {
if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {
// The user must have been directed here because he has insufficient
// permissions to access something.
this.MultiView1.ActiveViewIndex = 1;
} else {
// Because this is a sample of a controlled SSO environment,
// we don't ask the user which Provider to use... we just send
// them straight off to the one Provider we trust.
var request = relyingParty.CreateRequest(
ConfigurationManager.AppSettings["SsoProviderOPIdentifier"],
realm,
returnTo);
var fetchRequest = new FetchRequest();
fetchRequest.Attributes.AddOptional(RolesAttribute);
request.AddExtension(fetchRequest);
request.RedirectToProvider();
}
} else {
switch (response.Status) {
case AuthenticationStatus.Canceled:
this.errorLabel.Text = "Login canceled.";
break;
case AuthenticationStatus.Failed:
this.errorLabel.Text = HttpUtility.HtmlEncode(response.Exception.Message);
break;
case AuthenticationStatus.Authenticated:
IList<string> roles = null;
var fetchResponse = response.GetExtension<FetchResponse>();
if (fetchResponse != null) {
if (fetchResponse.Attributes.Contains(RolesAttribute)) {
roles = fetchResponse.Attributes[RolesAttribute].Values;
}
}
if (roles == null) {
roles = new List<string>(0);
}
// Apply the roles to this auth ticket
const int TimeoutInMinutes = 100; // TODO: look up the right value from the web.config file
var ticket = new FormsAuthenticationTicket(
2,
response.ClaimedIdentifier,
DateTime.Now,
DateTime.Now.AddMinutes(TimeoutInMinutes),
false, // non-persistent, since login is automatic and we wanted updated roles
string.Join(";", roles.ToArray()));
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
Response.SetCookie(cookie);
Response.Redirect(Request.QueryString["ReturnUrl"] ?? FormsAuthentication.DefaultUrl);
break;
default:
break;
}
}
}
这是我的Web.Config:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
<section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
<section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
</sectionGroup>
</configSections>
<dotNetOpenAuth>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<!-- since this is a sample, and will often be used with localhost -->
<add name="localhost" />
<!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
<!-- <add name="localhost" />-->
</whitelistHosts>
</untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true" />
<!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. -->
<!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ -->
<openid>
<relyingParty>
<security requireSsl="false">
<!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
<trustedProviders rejectAssertionsFromUntrustedProviders="true">
<add endpoint="https://www.google.com/accounts/o8/id" />
</trustedProviders>
</security>
<behaviors>
<!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
with OPs that use Attribute Exchange (in various formats). -->
<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
</behaviors>
</relyingParty>
</openid>
</dotNetOpenAuth>
<appSettings>
<add key="SsoProviderOPIdentifier" value="https://www.google.com/accounts/o8/id" />
<add key="SsoProviderOPEndpoint" value="https://www.google.com/accounts/o8/id" />
</appSettings>
<connectionStrings>
<add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=aspnet-WebApplication3-20140717151453;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnet-WebApplication3-20140717151453.mdf" />
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.net>
<defaultProxy enabled="true" />
</system.net>
<uri>
<!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
which is necessary for OpenID urls with unicode characters in the domain/host name.
It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
<idn enabled="All" />
<iriParsing enabled="true" />
</uri>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" />
<bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" />
<bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" />
<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
我听说它可能是代理问题,但我已经设置了defaultProxy。相同的代理配置适用于同一台机器上的不同解决方案。
你可以看一看并说,那有什么不对吗?