在运行HTTPS的应用中,重定向URI作为HTTP而非HTTPS发送

时间:2018-05-22 12:42:58

标签: c# oauth asp.net-core-mvc identityserver4

我有一个Asp .net核心MVC应用程序。连接到Identity Server 4进行身份验证。托管在一个码头群中

MVC应用程序托管于https://XXXXXXX

ConfigurServies 

# views.py
from flask_admin.contrib.sqla import ModelView

class TestView(ModelView):

    def render(self, template, **kwargs):
        from models import ColumnProperty as cp

        descriptions = {}
        q = self.session.query(cp).filter(cp.parent_table==model.__tablename__)

        for row in q.all():
            descriptions[row.name] = row.comment

        self.column_descriptions = descriptions

        super(TestView, self).render(template, **kwargs)

当我尝试运行应用程序时,我得到重定向uri miss match错误。

services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
             .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                //options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:\temp-keys\"));
                // when the identity has been created from the data we receive,
                // persist it with this authentication scheme, hence in a cookie
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                // Identity server endpoint
                options.Authority = settingsSetup.IdentityServerEndpoint;

                // Client id to login with
                options.ClientId = settingsSetup.ClientId;
                // Client secret.
                options.ClientSecret = settingsSetup.Secret;

                // Scope of our API
                options.Scope.Add("testapi");
                options.Scope.Add("devconsole");
                // adding offline_access to get a refresh token
                options.Scope.Add("offline_access");

                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
            });

错误即将发生,因为我有Invalid redirect_uri: http://developerconsole.XXXXX.io/signin-oidc { "ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz", "ClientName": "Developer Console", "AllowedRedirectUris": [ "http://localhost:55000/signin-oidc", "http://localhost:55000/auth.html", "http://localhost:55000/auth-silent.html" "https://developerconsole.XXXXX.io/signin-oidc" ], "SubjectId": "21379983", "RequestedScopes": "", "Raw": { "client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz", "redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc", "response_type": "code id_token", "scope": "openid profile testapi devconsole offline_access", "response_mode": "form_post", "nonce": "636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm", "state": "CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ--u-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N", "x-client-SKU": "ID_NET", "x-client-ver": "2.1.4.0" } } 作为重定向uri而不是"https://developerconsole.XXXXX.io/signin-oidc"我不想添加HTTP重定向uris。

为什么我的应用程序构建重定向uri有http而不是https?

如果我确实添加了HTTP,我就会遇到恼人的相关错误。我认为这是因为服务器将其作为https返回,因为服务器自动将http转换为https。

  

处理请求时发生未处理的异常。   例外:关联失败。   Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler + d__12.MoveNext()

     

堆栈查询Cookie标头例外:关联失败。   Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler + d__12.MoveNext()   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务   任务)   Microsoft.AspNetCore.Authentication.AuthenticationMiddleware + d__6.MoveNext()   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务   任务)   Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware + d__7.MoveNext()

我可能不需要在localhost上提及这个工作正常:/

2 个答案:

答案 0 :(得分:4)

解决方案非常简单。通过设置UseForwardedHeaders,它现在将所有请求作为HTTPS发送。 

app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedProto
        });
  

相关失败。

现已修复,我不再需要http和https重定向uris。

答案 1 :(得分:0)

只将此代码添加到您的web.config文件中,当然还有您网站上的change.com,任何人都可以在浏览器中直接输入从HTTP到HTTPS的重定向URI。

<system.webServer>
    <rewrite>
      <rules>
        <rule name="IP Hit" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="http://www.exemple.com" />
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://www.exemple.com/{R:1}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
    <urlCompression doDynamicCompression="true" doStaticCompression="true" dynamicCompressionBeforeCache="true" />
    <staticContent>
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365:00:00" />
    </staticContent>
 <system.webServer>
相关问题
最新问题