ASP.NET Core - 部署后的Auth错误 - IDX10503:签名验证失败

时间:2017-07-27 15:47:31

标签: asp.net-mvc azure-active-directory openid-connect aspnetboilerplate

我正在创建一个ASP.NET Core 1.1 MVC网站,对Azure AD进行OpenID身份验证。 身份验证在我的开发机器上本地工作正常但是,当我将其部署到服务器时,它会在登录到Microsoft登录重定向后抛出错误。 我已经在网上进行了大约2天的研究,并且发现了类似的问题,但没有完全像这样。 我的本地开发盒是Windows 10,视觉工作室2017。 我部署的服务器是Server 2008R2,安装了.net核心服务器托管运行时。

以下是错误: 错误2017-07-27 10:38:05,667 [4] on.OpenIdConnect.OpenIdConnectMiddleware - 处理消息时发生异常。 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException:IDX10503:签名验证失败。 错误2017-07-27 10:38:05,680 [4] e.Diagnostics.ExceptionHandlerMiddleware - 发生了未处理的异常:标头中的非ASCII或控制字符无效:0x000D System.InvalidOperationException:标头中的非ASCII或控制字符无效:0x000D    在Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ThrowInvalidHeaderCharacter(Char ch)    在Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(String headerCharacters)    在Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(StringValues headerValues)    在Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameResponseHeaders.SetValueFast(String key,StringValues value)    在Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_Item(String key,StringValues value)    在Microsoft.AspNetCore.Http.Internal.DefaultHttpResponse.Redirect(字符串位置,布尔永久)    在C:\ SourceCode \ Fast \ FastInfo \ src \ FastInfo.Web \ Startup \ Startup.cs中的FastInfo.Web.Startup.Startup.OnAuthenticationFailed(FailureContext context)中:第168行    在Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler 1.<HandleRemoteCallbackAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler 1.d__5.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束---    在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)    在Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.d__15.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束---    在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)    在Microsoft.AspNetCore.Authentication.AuthenticationMiddleware 1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware 1.d__18.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束---    在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)    在Microsoft.AspNetCore.Authentication.AuthenticationMiddleware 1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware 1.d__18.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束---    在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)    在Microsoft.AspNetCore.Session.SessionMiddleware.d__9.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束---    在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    在Microsoft.AspNetCore.Session.SessionMiddleware.d__9.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束---    在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()    在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)    在Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext()

我可能缺少OpenID令牌的某些模块或扩展,以便在IIS 7.5上运行?

令牌标头:

{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "VWVIc1WD1Tksbb301sasM5kOq5Q",
  "kid": "VWVIc1WD1Tksbb301sasM5kOq5Q"
}

payload (edited):
{
  "aud": "b0337ae2-2097-4dd3-be43-983fee4217bd",
  "iss": "https://sts.windows.net/{i removed guid}/",
  "iat": 1501263956,
  "nbf": 1501263956,
  "exp": 1501267856,
  "aio": "Y2ZgYDD9/5YpiT9XXmCDXMn/EzzPGa3nMbxfudOgpnfDsZk7/QMA",
  "amr": [
    "pwd"
  ],
  "c_hash": "02fpZ5B7FecFoRVdeJi6Qw",
  "family_name": "mylastname",
  "given_name": "Joe",
  "ipaddr": "##.###.###.##",
  "name": "Joe mylastname",
  "nonce": "636368610551942171.ZTU5ZGZmZmQtZDgzNS00MTEyLWExZjAtNWI3MTA2NGJlN2RkYzY0OTdkZjctZTZkMy00OTk2LWIxNjgtZTlhMDkxNmY0MzFh",
  "oid": "26945208-7b3f-45ed-9b40-f33b9d767071",
  "platf": "3",
  "roles": [
    "Admin"
  ],
  "sub": "y-sRfJAMdidDOedJeyr7kLhH8BCfkV_YCdyT1p2mOmk",
  "tid": "{i removed guid}",
  "unique_name": "jwashek@fastsolutions.com",
  "upn": "jwashek@fastsolutions.com",
  "ver": "1.0"
}

感谢您的帮助, 乔

3 个答案:

答案 0 :(得分:0)

由于AADB2C将重定向到HTTPS页面,因此标题管理不善,您会收到此错误。使用B2C在任何网站上实施https,您可以解决此问题

答案 1 :(得分:0)

问题是运行应用程序池的身份。它没有足够的权利,从我阅读和思考时,没有足够的权利来访问证书。

答案 2 :(得分:0)

对我来说,当我想调试并将Visual Studio配置设置为Release时,会发生错误

相关问题
最新问题