首次登录后,SSO Request.IsAuthenticated始终为false,但是第一次SSO登录可以正常工作

时间:2020-02-20 02:35:57

标签: c# model-view-controller request single-sign-on

如果我错过了一些东西或犯了一个错误,请提前原谅我。我想我只需要在这里发几次。...

我已经在这种情况下用Google搜索了两天,而且还无法解决。 Chrome中的某些内容发生了变化,从而破坏了我的应用。场景是我有一个使用SSO的MVC 5应用程序。第一次登录将我带到microsoftonline登录页面,并且我可以成功登录-在此之后,我被带到我的应用程序redirectURI页面,并且Request.IsAuthenticated = true。一切都很好。但是,如果我关闭浏览器或使用“注销”链接(执行下面的“注销”代码)并尝试再次访问我的应用程序,则会按预期将我带到microsoftonline登录页面,输入密码,但是第二次请求。 IsAuthenticated = false,我的应用程序不再起作用。它期望Request.IsAuthenticated为true,并且因为为false,它会再次重定向回microsoftonline的登录页面,从而导致一个恒定的循环。我发现我可以重新启动该网站,并且它以某种方式重置了Request.IsAuthenticated,因此我可以再次登录。

我不知道如何解决此问题。任何帮助将不胜感激。

这里是SSOAuthConfig :(基本上是Azure应用程序注册ASP.Net快速入门示例的副本)

internal static class SSOAuthConfig2020
{

    // The Client ID is used by the application to uniquely identify itself to Azure AD.
    static string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];

    // RedirectUri is the URL where the user will be redirected to after they sign in.
   static string  redirectUri = System.Configuration.ConfigurationManager.AppSettings["RedirectUri"];

    // Tenant is the tenant ID (e.g. contoso.onmicrosoft.com, or 'common' for multi-tenant)
    static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];

    // Authority is the URL for authority, composed by Microsoft identity platform endpoint and the tenant name (e.g. https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0)
    static string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);

    /// <summary>
    /// Configure OWIN to use OpenIdConnect 
    /// </summary>
    /// <param name="app"></param>
    public static void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        var cookieAuthenticationOptions = new CookieAuthenticationOptions()
        {
            CookieName = "MyFakeCookieName",
            ExpireTimeSpan = TimeSpan.FromDays(1),
            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
            SlidingExpiration = true,
        };
        app.UseCookieAuthentication(cookieAuthenticationOptions);
        app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            // Sets the ClientId, authority, RedirectUri as obtained from web.config
            ClientId = clientId,
            Authority = authority,
            RedirectUri = redirectUri,
            // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
            PostLogoutRedirectUri = redirectUri,
            Scope = OpenIdConnectScope.OpenIdProfile,
            // ResponseType is set to request the id_token - which contains basic information about the signed-in user
            ResponseType = OpenIdConnectResponseType.IdToken,
            // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
            // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
            // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter 
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = true
            },
            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
                AuthorizationCodeReceived = async n =>
                {
                    n.AuthenticationTicket.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(60);
                    n.AuthenticationTicket.Properties.IsPersistent = true;
                    n.AuthenticationTicket.Properties.AllowRefresh = true;
                    n.AuthenticationTicket.Properties.IssuedUtc = DateTimeOffset.UtcNow;
                }
            }
        }
    );
    }

这是登录逻辑:

  public void SignIn()
    {
        if (!Request.IsAuthenticated)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/Client" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }

这是注销:

    public void SignOut()
    {
        try
        {

            HttpContext.GetOwinContext().Authentication.SignOut(
                 OpenIdConnectAuthenticationDefaults.AuthenticationType,
                 CookieAuthenticationDefaults.AuthenticationType);

        }
        catch (Exception ex)
        {

        }

    }

1 个答案:

答案 0 :(得分:0)

问了几个月后,我找到了自己问题的答案。我发布了帮助此人的答案,并且只是链接到它以避免重复:

Getting NULL Identity while authenticating user via Azure AD authentication

相关问题
最新问题