用户从Office应用程序单击链接时找不到OpenIdConnect关联Cookie

时间:2018-09-24 06:09:36

标签: asp.net-mvc ms-office azure-active-directory openid-connect asp.net-core-2.1

我有一个使用OpenIdConnect向Azure Active Directory进行身份验证的应用程序。除非我从Office应用程序(excel / word)链接到我的网站,否则一切都正常。从这些应用程序中,我得到一个“异常:关联失败。”。

从我的研究看来,办公室首先要进行302重定向,然后打开该页面而不是原始链接。

请参阅:https://github.com/aspnet/Security/issues/1252

在有关如何处理这种情况的建议之后。我不想对身份验证流程进行很多更改并引入错误。

当我检测到excel的用户代理时,我尝试重定向到我网站上的其他页面。我认为可以设置正确的cookie,然后可以从那里重定向到请求的页面,然后触发授权。虽然没有运气

OnRedirectToIdentityProvider = context =>
{                   
     if (context.Request.Headers["User-Agent"].ToString().Contains("Microsoft Office Excel"))
     {

              string redirect = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + "/Home/Office" + "?url=" + context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + context.Request.Path;
              context.Response.Clear();
              context.Response.Redirect(redirect);
              context.HandleResponse();
              return Task.CompletedTask;
    }
}

2 个答案:

答案 0 :(得分:1)

我能够使用owin中间件实现一个不错的解决方案。主要是在这篇文章的帮助下:https://github.com/aspnet/AspNetKatana/issues/78

我究竟需要将其转换为.net core 2.0。这是转换后的代码:

public class MsOfficeLinkPrefetchMiddleware 
{
    RequestDelegate _next;

    public MsOfficeLinkPrefetchMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public Task Invoke(HttpContext context)
    {
        if (Is(context, HttpMethod.Get, HttpMethod.Head) && IsMsOffice(context))
        {
            // Mitigate by preempting auth challenges to MS Office apps' preflight requests and
            // let the real browser start at the original URL and handle all redirects and cookies.

            // Success response indicates to Office that the link is OK.
            context.Response.StatusCode = (int)HttpStatusCode.OK;
            context.Response.Headers["Cache-Control"] = "no-cache, no-store, must-revalidate";
            context.Response.Headers["Pragma"] = "no-cache";
            context.Response.Headers["Expires"] = "0";
        }
        else if (_next != null)
        {
            return _next.Invoke(context);
        }

        return Task.CompletedTask;
    }

    private static bool Is(HttpContext context, params HttpMethod[] methods)
    {
        var requestMethod = context.Request.Method;
        return methods.Any(method => StringComparer.OrdinalIgnoreCase.Equals(requestMethod, method.Method));
    }

    private static readonly Regex _msOfficeUserAgent = new Regex(
        @"(^Microsoft Office\b)|([\(;]\s*ms-office\s*[;\)])",
        RegexOptions.CultureInvariant | RegexOptions.IgnoreCase | RegexOptions.Singleline | RegexOptions.Compiled);

    private static bool IsMsOffice(HttpContext context)
    {
        var headers = context.Request.Headers;

        var userAgent = headers["User-Agent"];

        return _msOfficeUserAgent.IsMatch(userAgent)
            || !string.IsNullOrWhiteSpace(headers["X-Office-Major-Version"]);
    }
}

启动

app.UseMiddleware<MsOfficeLinkPrefetchMiddleware>();

希望这可以在将来帮助某人。

答案 1 :(得分:0)

在Startup.ConfigureServices()中,您需要添加此行

services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for 
        //non -essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });
相关问题
最新问题