因此,我正在构建一个ASP.NET Core 2.2应用程序,并且试图在此系统中实现Okta验证。 我已经看到“异常:关联失败”这个问题已经在许多留言板上的许多线程上进行了讨论,我已经尝试过这些解决方案,但我担心它们中没有一个起作用。
我很茫然,需要换个角度来看。
因此,当我最初将其实现到代码中时,我按照Okta它自己的文档中的说明进行了操作。 到目前为止,我添加了其他解决方案中包含的内容,因此它有所增加。
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// Some people had issues with this one being in here,
// but for me it "works" with and without
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
// here are some services.AddTransient and cors policies
services.Configure<OpenIdConnectOptions>(options =>
{
options.Events.OnRemoteFailure = RemoteAuthFail;
});
// Basicly here is where I added the boilerplate code made by okta.
// As I was looking into threads trying to solve the issue it grew into this
////////////////////////////////////
services.AddAuthentication(options =>
{
options.DefaultScheme = "somename";
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.MvcAuthenticationScheme;
})
.AddCookie(cookieAuthOptions =>
{
cookieAuthOptions.Cookie.Name = "chocolatechip";
cookieAuthOptions.AccessDeniedPath = "/error/accessdenied";
cookieAuthOptions.ExpireTimeSpan = new TimeSpan(0,2,0);
})
.AddOpenIdConnect("OpenIdConnect", option =>
{
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = redirectContext =>
{
if (Env.IsEnvironment("Debug"))
{
//Force scheme of redirect URI(THE IMPORTANT PART)
redirectContext.ProtocolMessage.RedirectUri = redirectContext.ProtocolMessage.RedirectUri.Replace("https://", "http://", StringComparison.OrdinalIgnoreCase);
}
return Task.FromResult(0);
}
};
option.ClientId = "SomeClientId";
option.ClientSecret = "SomeClientSecret";
option.CallbackPath = "TheCallbackPath";
option.Authority = "This is suppose to be some URI";
})
.AddOktaWebApi(new OktaWebApiOptions()
{
AuthorizationServerId = "anotherId",
OktaDomain = "TheDevDomain"
});
////////////////////////////////////
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddMvc(options => options.OutputFormatters.Add(new HtmlOutputFormatter()));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddLog4Net("log4net.config", false);
app.UseHttpStatusCodeExceptions();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors(CRSpecificOrigins);
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc();
}
答案 0 :(得分:0)
我很快遇到了同样的问题。我使用下面的代码解决了这个问题。也许有帮助。
在AddOpenIdConnect(“ oidc或xxx”)的代码块中。
如果您使用.net core> 2。*
options.NonceCookie.SameSite = (SameSiteMode) (-1);
options.CorrelationCookie.SameSite = (SameSiteMode) (-1);
如果您使用.net> 3。*
options.NonceCookie.SameSite = SameSiteMode.Unspecified;
options.CorrelationCookie.SameSite = SameSiteMode.Unspecified;