IdentityServer4 signin-oidc页面无限重定向到登录页面

时间:2018-05-20 19:20:03

标签: asp.net-mvc asp.net-core identityserver4

我正在尝试在我的MVC应用程序上实现一个自定义登录按钮,该按钮将指向IdentityServer进行登录,然后重定向回我的MVC应用程序。

要执行此操作,我在Microsoft.AspNetCore.Authentication.ChallengeAsync操作中使用HttpContext Account/Login扩展方法

public Task Login()
{
    return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
}

请求被定向到IDP上的授权端点,用户可以登录并将请求重定向到我的MVC应用上的signin-oidc。此时,signin-oidc调用Account/Login动作并开始无限循环。

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method Moneteer.Landing.Controllers.AccountController.Login (Moneteer.Landing) with arguments ((null)) - ModelState is Valid
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[12]
      AuthenticationScheme: OpenIdConnect was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action Moneteer.Landing.Controllers.AccountController.Login (Moneteer.Landing) in 11.9704ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 23.4211ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST https://localhost:4500/signin-oidc application/x-www-form-urlencoded 1488
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
      AuthenticationScheme: Cookies signed in.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 10.4219ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method Moneteer.Landing.Controllers.AccountController.Login (Moneteer.Landing) with arguments ((null)) - ModelState is Valid

我认为signin-oidc无法保存cookie并假设登录失败。 MVC应用程序的相关配置如下所示

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    options.Authority = Constants.Authority;
    options.RequireHttpsMetadata = true;

    options.ClientId = "moneteer-mvc";

    options.SaveTokens = true;
});

在IDP上,客户端注册为

new Client
{
    ClientId = "moneteer-mvc",
    ClientName = "MVC Client",
    AllowedGrantTypes = GrantTypes.Implicit,
    RequireConsent = false,

    RedirectUris = { "https://localhost:4500/signin-oidc" },
    PostLogoutRedirectUris = { "https://localhost:4500/signout-callback-oidc" },

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
    },
}

如何在ChallengeAsync正常工作的情况下获得此流程?

1 个答案:

答案 0 :(得分:0)

对于未来的任何人来说:ChallengeAsync过载,允许您传入一个redirectUrl,您希望signin-oidc在成功登录后将用户发送到该地址。设置完成后,无限重定向就不会发生。

return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
{
    RedirectUri = "/",
});