我有一个无限的重定向循环,只发生在Internet Explorer中而不是Chrome或Firefox中。这会影响两个应用程序(MVC 5 .NET 4.6和MVC6 .NET Core)中的多个开发人员。我使用IdentityServer3使用cookie进行身份验证。一切都很顺利,直到我完成登录过程。登录过程完成后,我进行了身份验证,并将控件返回给.NET应用程序,但此时应用程序似乎没有意识到我已登录IE并开始整个身份验证循环一遍又一遍(这就是它进入无限循环的地方)。在Chrome或Firefox中,我会被发送到重定向网址,并且所有内容都会按照原样进行身份验证。
在查看应用程序洞察日志时,我得到了下面的输出(我擦除了我的客户机密码和ID。删除之前它们的所有条目都是相同的。我还擦除了我称为SCRUBBED.ADDRESS的身份服务器地址。) / p>
关于如何解决这个问题的任何线索?
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware:Information: AuthenticationScheme: oidc was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action OSPI.Framework.Core.Mvc.UI.Controllers.LandingPageController.Index (OSPI.Framework.Core.Mvc) in 23.2833ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 42.7694ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST http://localhost:44360/signin-oidc application/x-www-form-urlencoded 1655
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Cookies signed in.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 760.7735ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44360/
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
2017-06-05 08:22:55.492 -07:00 [Information] Start authorize request
2017-06-05 08:22:55.492 -07:00 [Information] Start authorize request protocol validation
2017-06-05 08:22:56.179 -07:00 [Information] "Authorize request validation success"
"{
\"ClientId\": \"\",
\"ClientName\": \"Youth Re-engagement\",
\"RedirectUri\": \"https://localhost/YouthReengagement/SelectOrganization\",
\"AllowedRedirectUris\": [
\"https://SCRUBBED.ADDRESS/YouthReengagement/SelectOrganization\",
\"https://localhost/YouthReengagement/SelectOrganization\",
\"http://localhost/YouthReengagement/SelectOrganization\"
],
\"SubjectId\": \"unknown\",
\"ResponseType\": \"code id_token token\",
\"ResponseMode\": \"form_post\",
\"Flow\": \"Hybrid\",
\"RequestedScopes\": \"openid profile authApi\",
\"State\": \"OpenIdConnect.AuthenticationProperties=4I58lykxVY2o_DR_dipZnuprBNwlLo9odAzf8T7Gqqv1PHrVNdz6i3Y6k240eUbMQ9_2hVXMmrFO9M27XjPjRWqr9BkvCDvINKKLW5k8DUTLLhY9QPomOBkqo3TpuI0BQnOYR5JOBDlHYrKdbMdDTsheqkYn57FyGdyRQi3SYgb81e2epm3irABcWL5oYZxNQkDGMZw2Ne8RvMSAITI4voTj6xyuOOMjdZ08iA\",
\"Nonce\": \"636322729757330701.YTUwZTFhMGMtYjEyYi00ODFkLWE3ODYtMGY2NDE0ZGY1NzljMmUyZjIzZmEtMTZjYy00YTg0LTljMmMtOGU2NTAwOWIyZjVm\",
\"Raw\": {
\"client_id\": \"\",
\"redirect_uri\": \"https://localhost/YouthReengagement/SelectOrganization\",
\"response_mode\": \"form_post\",
\"response_type\": \"code id_token token\",
\"scope\": \"openid profile authApi\",
\"state\": \"OpenIdConnect.AuthenticationProperties=4I58lykxVY2o_DR_dipZnuprBNwlLo9odAzf8T7Gqqv1PHrVNdz6i3Y6k240eUbMQ9_2hVXMmrFO9M27XjPjRWqr9BkvCDvINKKLW5k8DUTLLhY9QPomOBkqo3TpuI0BQnOYR5JOBDlHYrKdbMdDTsheqkYn57FyGdyRQi3SYgb81e2epm3irABcWL5oYZxNQkDGMZw2Ne8RvMSAITI4voTj6xyuOOMjdZ08iA\",
\"nonce\": \"636322729757330701.YTUwZTFhMGMtYjEyYi00ODFkLWE3ODYtMGY2NDE0ZGY1NzljMmUyZjIzZmEtMTZjYy00YTg0LTljMmMtOGU2NTAwOWIyZjVm\"
}
}"
2017-06-05 08:22:56.179 -07:00 [Information] User is not authenticated. Redirecting to login.
2017-06-05 08:22:56.179 -07:00 [Information] End authorize request
2017-06-05 08:22:56.179 -07:00 [Information] Redirecting to login page
2017-06-05 08:22:56.179 -07:00 [Debug] Protecting message: "{\"ReturnUrl\":\"https://SCRUBBED.ADDRESS/OspiSts/identity/connect/authorize?client_id=&redirect_uri=https%3A%2F%2Flocalhost%2FYouthReengagement%2FSelectOrganization&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20authApi&state=OpenIdConnect.AuthenticationProperties%3D4I58lykxVY2o_DR_dipZnuprBNwlLo9odAzf8T7Gqqv1PHrVNdz6i3Y6k240eUbMQ9_2hVXMmrFO9M27XjPjRWqr9BkvCDvINKKLW5k8DUTLLhY9QPomOBkqo3TpuI0BQnOYR5JOBDlHYrKdbMdDTsheqkYn57FyGdyRQi3SYgb81e2epm3irABcWL5oYZxNQkDGMZw2Ne8RvMSAITI4voTj6xyuOOMjdZ08iA&nonce=636322729757330701.YTUwZTFhMGMtYjEyYi00ODFkLWE3ODYtMGY2NDE0ZGY1NzljMmUyZjIzZmEtMTZjYy00YTg0LTljMmMtOGU2NTAwOWIyZjVm\",\"ClientId\":\"\",\"AcrValues\":[],\"Created\":636322729754766756}"
2017-06-05 08:22:56.195 -07:00 [Information] Login page requested
2017-06-05 08:22:56.195 -07:00 [Debug] signin message passed to login: "{
\"ReturnUrl\": \"https://SCRUBBED.ADDRESS/OspiSts/identity/connect/authorize?client_id=&redirect_uri=https%3A%2F%2Flocalhost%2FYouthReengagement%2FSelectOrganization&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20authApi&state=OpenIdConnect.AuthenticationProperties%3D4I58lykxVY2o_DR_dipZnuprBNwlLo9odAzf8T7Gqqv1PHrVNdz6i3Y6k240eUbMQ9_2hVXMmrFO9M27XjPjRWqr9BkvCDvINKKLW5k8DUTLLhY9QPomOBkqo3TpuI0BQnOYR5JOBDlHYrKdbMdDTsheqkYn57FyGdyRQi3SYgb81e2epm3irABcWL5oYZxNQkDGMZw2Ne8RvMSAITI4voTj6xyuOOMjdZ08iA&nonce=636322729757330701.YTUwZTFhMGMtYjEyYi00ODFkLWE3ODYtMGY2NDE0ZGY1NzljMmUyZjIzZmEtMTZjYy00YTg0LTljMmMtOGU2NTAwOWIyZjVm\",
\"ClientId\": \"\",
\"IdP\": null,
\"Tenant\": null,
\"LoginHint\": null,
\"DisplayMode\": null,
\"UiLocales\": null,
\"AcrValues\": [],
\"Created\": 636322729754766756
}"
2017-06-05 08:22:56.211 -07:00 [Information] rendering login page
2017-06-05 08:22:59.398 -07:00 [Information] Login page submitted
2017-06-05 08:23:00.320 -07:00 [Information] Login credentials successfully validated by user service
2017-06-05 08:23:00.336 -07:00 [Information] {
"Category": "Authentication",
"Name": "Local Login Success",
"EventType": "Success",
"Id": 1010,
"Details": {
"LoginUserName": "alan.okelly@somewhere.com",
"SignInId": "ada4d366df0e201295962ce26f00f089",
"SignInMessage": {
"ReturnUrl": "https://SCRUBBED.ADDRESS/OspiSts/identity/connect/authorize?client_id=&redirect_uri=https%3A%2F%2Flocalhost%2FYouthReengagement%2FSelectOrganization&response_mode=form_post&response_type=code%20id_token%20token&scope=openid%20profile%20authApi&state=OpenIdConnect.AuthenticationProperties%3D4I58lykxVY2o_DR_dipZnuprBNwlLo9odAzf8T7Gqqv1PHrVNdz6i3Y6k240eUbMQ9_2hVXMmrFO9M27XjPjRWqr9BkvCDvINKKLW5k8DUTLLhY9QPomOBkqo3TpuI0BQnOYR5JOBDlHYrKdbMdDTsheqkYn57FyGdyRQi3SYgb81e2epm3irABcWL5oYZxNQkDGMZw2Ne8RvMSAITI4voTj6xyuOOMjdZ08iA&nonce=636322729757330701.YTUwZTFhMGMtYjEyYi00ODFkLWE3ODYtMGY2NDE0ZGY1NzljMmUyZjIzZmEtMTZjYy00YTg0LTljMmMtOGU2NTAwOWIyZjVm",
"ClientId": "",
"AcrValues": [],
"Created": 636322729754766756
},
"PartialLogin": false,
"SubjectId": "44200",
"Name": "alan.okelly@somewhere.com"
},
"Context": {
"ActivityId": "585c1064-2973-4781-a5ce-9f6bff44a687",
"TimeStamp": "2017-06-05T15:23:00.3204717+00:00",
"ProcessId": 7924,
"MachineName": "DEV-EDSWEB01",
"RemoteIpAddress": "10.1.11.83"
}
}
2017-06-05 08:23:00.336 -07:00 [Information] Calling PostAuthenticateAsync on the user service
2017-06-05 08:23:00.351 -07:00 [Information] issuing primary signin cookie
2017-06-05 08:23:00.351 -07:00 [Information] redirecting to: https://SCRUBBED.ADDRESS/OspiSts/identity/connect/authorize?client_id=&redirect_uri=https:%2F%2Flocalhost%2FYouthReengagement%2FSelectOrganization&response_mode=form_post&response_type=code id_token token&scope=openid profile authApi&state=OpenIdConnect.AuthenticationProperties%3D4I58lykxVY2o_DR_dipZnuprBNwlLo9odAzf8T7Gqqv1PHrVNdz6i3Y6k240eUbMQ9_2hVXMmrFO9M27XjPjRWqr9BkvCDvINKKLW5k8DUTLLhY9QPomOBkqo3TpuI0BQnOYR5JOBDlHYrKdbMdDTsheqkYn57FyGdyRQi3SYgb81e2epm3irABcWL5oYZxNQkDGMZw2Ne8RvMSAITI4voTj6xyuOOMjdZ08iA&nonce=636322729757330701.YTUwZTFhMGMtYjEyYi00ODFkLWE3ODYtMGY2NDE0ZGY1NzljMmUyZjIzZmEtMTZjYy00YTg0LTljMmMtOGU2NTAwOWIyZjVm
2017-06-05 08:23:00.414 -07:00 [Information] Start authorize request
2017-06-05 08:23:00.414 -07:00 [Information] Start authorize request protocol validation
^^^^^它只是从这里循环遍历