如何在负载均衡器后面正确设置AspNet Core 2身份验证?

时间:2019-07-09 23:21:11

标签: asp.net-core-2.0 asp.net-authentication

我已经成功设置了AspNet Core 2身份验证,但是现在想让它在负载均衡器后面工作。

因为负载均衡器地址与我的应用程序地址不同,所以我在启动时更改了重定向Uri。cs这样的ConfigureServices ... 

options.Events.OnRedirectToIdentityProvider = async n =>
     {                        
        n.ProtocolMessage.RedirectUri = "https://frontfacingaddress.com";
        await Task.FromResult(0);
     };

这工作正常,我已成功进行身份验证,并且来自身份服务器的回调调用了https://frontfacingaddress.com/signin-oidc。正确处理后,处理OnTokenResponseReceived表示我已成功接收令牌。

问题是:然后它再次调用身份服务器,但是这次是应用程序的实际(非负载平衡)地址。回来的时候会提示错误:找不到AspNetCore.Correlation.OpenIdConnect cookie。

因此Fiddler跟踪如下所示:

302 HTTPS  frontfacingaddress.com   /account/signin
200 HTTPS  identity.serveraddress.com /connect/authorize/callback etc...
302 HTTPS  frontfacingaddress.com   /signin-oidc
-- this is where I successfully receive the code, but then:
302 HTTPS  actualwebaddress.com     /account/signin
200 HTTPS  identity.serveraddress.com /connect/authorize/callback etc...
400 HTTPS  frontfacingaddress.com   /signin-oidc
-- this is the 400 cookie not found error

为什么在成功进行身份验证之后,它又从实际地址中再次触发并失败了?

1 个答案:

答案 0 :(得分:0)

解决方案是在收到票证后修改ReturnUri以使用正面地址:

options.Events.OnTicketReceived = async context =>
{
    var host = context.HttpContext.Request.Host.Host;
    var forwardedHost = context.HttpContext.Request.Headers["X-Forwarded-Host"].ToString();
    context.ReturnUri = context.ReturnUri.Replace(host, forwardedHost);                        
    await Task.FromResult(0);
};
相关问题
最新问题