久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,

IDX21323 OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocolValidatedIdToken.Payload.Nonce was not null(IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,OpenIdConnectProtocolValidatedIdToken.Payload.Non
本文介紹了IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,OpenIdConnectProtocolValidatedIdToken.Payload.Nonce 不為空的處理方法,對大家解決問題具有一定的參考價值,需要的朋友們下面隨著小編來一起學習吧!

問題描述

限時送ChatGPT賬號..

我正在嘗試驗證 Azure AD 和 Graph 的 Intranet(基于 Orchard CMS),這在我的本地計算機上按預期運行,但是,當訪問將成為生產站點時(已經(jīng)設置了 ssl我們內部的dns),有時會出現(xiàn)上述錯誤,相對不一致,我部門的其他人在訪問時通常會出現(xiàn)此錯誤.

I'm attempting to authenticate for Azure AD and Graph for an Intranet (Based off Orchard CMS), this functions as expected on my local machine, however, when accessing what will be the production site (already set up with ssl on our internal dns), I get the above error at times, it's relatively inconsistent, others in my department while accessing usually get this error.

我的認證控制器如下:

public void LogOn()
    {
        if (!Request.IsAuthenticated)
        {

            // Signal OWIN to send an authorization request to Azure.
            HttpContext.GetOwinContext().Authentication.Challenge(
              new AuthenticationProperties { RedirectUri = "/" },
              OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }

    public void LogOff()
    {
        if (Request.IsAuthenticated)
        {
            ClaimsPrincipal _currentUser = (System.Web.HttpContext.Current.User as ClaimsPrincipal);

            // Get the user's token cache and clear it.
            string userObjectId = _currentUser.Claims.First(x => x.Type.Equals(ClaimTypes.NameIdentifier)).Value;

            SessionTokenCache tokenCache = new SessionTokenCache(userObjectId, HttpContext);
            HttpContext.GetOwinContext().Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
        }

        SDKHelper.SignOutClient();

        HttpContext.GetOwinContext().Authentication.SignOut(
          OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
    }

我的openid選項配置如下:

My openid options are configured as follows:

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

        var openIdOptions = new OpenIdConnectAuthenticationOptions
        {
            ClientId = Settings.ClientId,
            Authority = "https://login.microsoftonline.com/common/v2.0",
            PostLogoutRedirectUri = Settings.LogoutRedirectUri,
            RedirectUri = Settings.LogoutRedirectUri,
            Scope = "openid email profile offline_access " + Settings.Scopes,
            TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = false,
            },
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeReceived = async (context) =>
                {
                    var claim = ClaimsPrincipal.Current;
                    var code = context.Code;                        

                    string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;


                    TokenCache userTokenCache = new SessionTokenCache(signedInUserID,
                        context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance();
                    ConfidentialClientApplication cca = new ConfidentialClientApplication(
                        Settings.ClientId,
                        Settings.LogoutRedirectUri,
                        new ClientCredential(Settings.AppKey),
                        userTokenCache,
                        null);


                    AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, Settings.SplitScopes.ToArray());
                },
                AuthenticationFailed = (context) =>
                {
                    context.HandleResponse();
                    context.Response.Redirect("/Error?message=" + context.Exception.Message);
                    return Task.FromResult(0);
                }
            }
            };

        var cookieOptions = new CookieAuthenticationOptions();
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(cookieOptions);

        app.UseOpenIdConnectAuthentication(openIdOptions);

在 apps.dev.microsoft.com 和我們本地化的網(wǎng)絡配置中,重定向的 url 保持一致.

The url for redirection is kept consistent both at apps.dev.microsoft.com and in our localized web config.

推薦答案

就我而言,這是一個非常奇怪的問題,因為并不是每個人都會遇到這種問題,只有少數(shù)客戶和開發(fā)人員會遇到這個問題.

In my case, this was a very weird problem because it didn't happen in for everyone, only few clients and devs have this problem.

如果您僅在 chrome(或具有相同引擎的瀏覽器)中遇到此問題,您可以嘗試將 chrome 上的此標志設置為禁用.

If you are having this problem in chrome only (or a browser that have the same engine) you could try setting this flag on chrome to disabled.

這里發(fā)生的情況是 chrome 具有不同的安全規(guī)則,即如果在沒有 Secure 屬性的情況下設置了沒有 SameSite 限制的 cookie,它將被拒絕".所以你可以禁用這個規(guī)則,它會起作用.

What happens here is that chrome have this different security rule that " If a cookie without SameSite restrictions is set without the Secure attribute, it will be rejected". So you can disable this rule and it will work.

或者,您也可以設置 Secure 屬性,但我不知道該怎么做;(

OR, you can set the Secure attribute too, but I don't know how to do that ;(

這篇關于IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,OpenIdConnectProtocolValidatedIdToken.Payload.Nonce 不為空的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

【網(wǎng)站聲明】本站部分內容來源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問題,如果有圖片或者內容侵犯了您的權益,請聯(lián)系我們刪除處理,感謝您的支持!

相關文檔推薦

ASP.NET Core authenticating with Azure Active Directory and persisting custom Claims across requests(ASP.NET Core 使用 Azure Active Directory 進行身份驗證并跨請求保留自定義聲明)
ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working(ASP.NET Core 2.0 Web API Azure Ad v2 令牌授權不起作用)
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API(如何獲取守護進程或服務器到 C# ASP.NET Web API 的 Azure AD OAuth2 訪問令牌和刷新令牌) - IT屋-程序員軟件開發(fā)技
.Net Core 2.0 - Get AAD access token to use with Microsoft Graph(.Net Core 2.0 - 獲取 AAD 訪問令牌以與 Microsoft Graph 一起使用)
Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously(異步調用時 Azure KeyVault Active Directory AcquireTokenAsync 超時)
Getting access token using email address and app password from oauth2/token(使用電子郵件地址和應用程序密碼從 oauth2/token 獲取訪問令牌)
主站蜘蛛池模板: 亚洲国产中文在线 | 亚洲高清在线视频 | 中文在线视频观看 | 国产免费拔擦拔擦8x高清 | 一区二区久久 | 国产黄色网址在线观看 | 成人av观看 | 欧美精品欧美精品系列 | 国产精品久久久久久 | 日本久草| 91成人在线 | 日一区二区 | 成人久久久| 又黄又色 | 天天玩天天干天天操 | 色999日韩| 日本午夜网站 | 国产一区二区三区在线看 | 亚洲毛片网站 | 97久久精品午夜一区二区 | av一级久久 | 国产黄色小视频在线观看 | 久久久久久国产 | 久久新视频 | 欧美亚洲高清 | 国产精品日本一区二区不卡视频 | 96av麻豆蜜桃一区二区 | 国产精品美女在线观看 | 日本久草视频 | 中文字幕成人av | 国产精品视频网 | 黄色片免费 | 天天曰天天曰 | 亚洲一区 | 日日摸日日添日日躁av | 91久久久久久 | 欧美亚洲另类在线 | 二区在线观看 | 99av成人精品国语自产拍 | 成人高清在线 | 激情欧美一区二区三区中文字幕 |