Azure AD身份验证成功后,HttpContext.Current为空

时间:2017-05-01 19:20:24

标签: c# azure-active-directory openid-connect httpcontext

问题:有时可能导致HttpContext.Current为空的原因是什么?

问题:调用HttpContext.CurrentPrincipalService.OnAzureAuthenticationSuccess是否已初始化?如果是这样,为什么只有某些?

描述

用户经常会点击登录,HttpContext.Current将为空,导致Cookie永远不会设置。它将它们重定向回主页,并且由于未设置cookie,因此它们会一次又一次地单击登录。有时,如果不清除cookie或退出其他Azure AD帐户(例如,我们的sharepoint服务器使用Azure AD),它将决定在2或3次点击之后设置cookie,否则将无法执行此操作。

这些事情对我来说似乎很奇怪,尽管经过数小时的研究,我还是无法确定原因是什么。

Azure配置 

public static void ConfigureAzure(IAppBuilder app)
{
    // COOKIES: Tells it to use cookies for authentication.
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    app.UseCookieAuthentication(new CookieAuthenticationOptions()
    {
        // CUSTOMIZE: This is where you would adjust cookie experiation and things of that nature.
        SlidingExpiration = true,
        ExpireTimeSpan = TimeSpan.FromHours(CookieDurationInHours)
    });

    //https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-webapi-openidconnect/
    // OPEN-ID: Handle OpenID stuff.
    var notifications = new OpenIdConnectAuthenticationNotifications()
    {
        AuthenticationFailed = PrincipalService.OnAzureAuthenticationFailure,
        // REFERENCE: https://russellyoung.net/2015/09/05/mvc-role-based-authorization-with-azure-active-directory-aad/
        AuthorizationCodeReceived = PrincipalService.OnAzureAuthenticationSuccess
    };
    var options = new OpenIdConnectAuthenticationOptions()
    {
        ClientId = ClientID,
        Authority = Authority,
        PostLogoutRedirectUri = PostLogoutRedirectUri,
        Notifications = notifications
    };
    app.UseOpenIdConnectAuthentication(options);
}

Azure成功 

/// <summary>
/// Stores the proper identity cookie (doesn't have customer permissions yet).
/// </summary>
public static Task OnAzureAuthenticationSuccess(AuthorizationCodeReceivedNotification context)
{
    var success = false;
    var username = context.AuthenticationTicket.Identity.Name;
    try
    {
        success = StoreCookie(username);
    }
    catch (DbEntityValidationException ex)
    {
        var errors = ex.EntityValidationErrors.FirstOrDefault()?.ValidationErrors.FirstOrDefault()?.ErrorMessage;
        Logger.Log(Level.Error, "An error occurred while storing authentication cookie.", ex);
        return Task.FromResult(0);
    }
    catch (Exception ex)
    {
        Logger.Log(Level.Error, "An error occurred while storing authentication cookie.", ex);
        return Task.FromResult(0);
    }

    if (success)
    {
        Logger.Log(Level.Cookie, "Login Complete. Cookie stored successfully. Username: '" + username + "'.");
    }
    return Task.FromResult(0);
}

存储Cookie 

/// <summary>
/// Creates and stores a forms authentication cookie for the user.
/// </summary>
private static bool StoreCookie(string username, bool rememberMe = false)
{
    var azureUsers = new AzureUserRepository(new AuthenticationEntities());
    var user = azureUsers.Get(u => u.Username == username);
    if (user == null)
    {
        Logger.Log(Level.Cookie, "User '" + username + "' not found.");
        throw new NullReferenceException();
    }

    // Clear any old existing cookies.
    if (HttpContext.Current == null)
    {
        // HERE: This is where it is null (again, only sometimes).
        Logger.Log(Level.Debug, "HttpContext is null.");
        return false;
    }
    if (HttpContext.Current.Request == null)
    {
        Logger.Log(Level.Debug, "HttpContext.Current.Request is null.");
        return false;
    }
    if (HttpContext.Current == null && HttpContext.Current.Response != null)
    {
        Logger.Log(Level.Debug, "HttpContext.Current.Response is null.");
        return false;
    }

    HttpContext.Current.Request.RemoveFormsAuthCookie();
    HttpContext.Current.Response.RemoveFormsAuthCookie();

    // Create the principal from the user object.
    var principal = new PrincipalModel(user);

    // Create and store the cookie in the response.
    HttpContext.Current.Response.AddFormsAuthCookie(
        username: user.Username,
        userData: principal.SerializeUserData(),
        isPersistent: true
    );
    return true;
}

的AccountController 

[AllowAnonymous]
public void SignIn()
{
    if (Request.IsAuthenticated) { return; }

    HttpContext.GetOwinContext().Authentication.Challenge(
        new AuthenticationProperties() { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType
    );

    Logger.Log(Level.Info, "Sign-In clicked.");
}

public void SignOut()
{
    if (!Request.IsAuthenticated) { return; }

    // SIGN OUT:
    HttpContext.GetOwinContext().Authentication.SignOut(
        OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType
    );

    Logger.Log(Level.Info, "Sign-out clicked.");

    // COOKIE: Remove the cookie.
    var cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
    cookie.Expires = DateTime.Now.AddDays(-1); // DateTime.UtcNow.AddDays(-1);
    Response.Cookies.Add(cookie);
}

1 个答案:

答案 0 :(得分:2)

好吧,事实证明我是一个很大的假人并且很难做事。我不是100%完全理解为什么它是null但我确实找到了一个更简单的方法解决这个问题。

  1. 首先删除与我相关的代码,创建我自己的Cookie(即AuthorizationCodeReceived = PrincipalService.OnAzureAuthenticationSuccess)。

    2. 发生了什么事我意识到Azure AD正在通过app.UseCookieAuthentication(new CookieAuthenticationOptions());创建自己的主体和cookie。感谢fei Xue链接的git hub项目。

    1. 之后我将我的自定义主体切换为基于'内置'cookie而不是我正在创建的cookie创建(由于HttpContext.Currentnull,因此只创建了一半的时间})。

      2. 现在自定义主体创建不依赖于HttpContext.Current我根本没有发生登录循环,因为主体和cookie都存在。

      非常感谢费雪!

相关问题
最新问题