久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,

IDX21323 OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocolValidatedIdToken.Payload.Nonce was not null(IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,OpenIdConnectProtocolValidatedIdToken.Payload.Non
本文介紹了IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,OpenIdConnectProtocolValidatedIdToken.Payload.Nonce 不為空的處理方法,對大家解決問題具有一定的參考價值,需要的朋友們下面隨著小編來一起學習吧!

問題描述

限時送ChatGPT賬號..

我正在嘗試驗證 Azure AD 和 Graph 的 Intranet(基于 Orchard CMS),這在我的本地計算機上按預期運行,但是,當訪問將成為生產站點時(已經設置了 ssl我們內部的dns),有時會出現上述錯誤,相對不一致,我部門的其他人在訪問時通常會出現此錯誤.

I'm attempting to authenticate for Azure AD and Graph for an Intranet (Based off Orchard CMS), this functions as expected on my local machine, however, when accessing what will be the production site (already set up with ssl on our internal dns), I get the above error at times, it's relatively inconsistent, others in my department while accessing usually get this error.

我的認證控制器如下:

public void LogOn()
    {
        if (!Request.IsAuthenticated)
        {

            // Signal OWIN to send an authorization request to Azure.
            HttpContext.GetOwinContext().Authentication.Challenge(
              new AuthenticationProperties { RedirectUri = "/" },
              OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }

    public void LogOff()
    {
        if (Request.IsAuthenticated)
        {
            ClaimsPrincipal _currentUser = (System.Web.HttpContext.Current.User as ClaimsPrincipal);

            // Get the user's token cache and clear it.
            string userObjectId = _currentUser.Claims.First(x => x.Type.Equals(ClaimTypes.NameIdentifier)).Value;

            SessionTokenCache tokenCache = new SessionTokenCache(userObjectId, HttpContext);
            HttpContext.GetOwinContext().Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
        }

        SDKHelper.SignOutClient();

        HttpContext.GetOwinContext().Authentication.SignOut(
          OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
    }

我的openid選項配置如下:

My openid options are configured as follows:

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;

        var openIdOptions = new OpenIdConnectAuthenticationOptions
        {
            ClientId = Settings.ClientId,
            Authority = "https://login.microsoftonline.com/common/v2.0",
            PostLogoutRedirectUri = Settings.LogoutRedirectUri,
            RedirectUri = Settings.LogoutRedirectUri,
            Scope = "openid email profile offline_access " + Settings.Scopes,
            TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = false,
            },
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeReceived = async (context) =>
                {
                    var claim = ClaimsPrincipal.Current;
                    var code = context.Code;                        

                    string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;


                    TokenCache userTokenCache = new SessionTokenCache(signedInUserID,
                        context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance();
                    ConfidentialClientApplication cca = new ConfidentialClientApplication(
                        Settings.ClientId,
                        Settings.LogoutRedirectUri,
                        new ClientCredential(Settings.AppKey),
                        userTokenCache,
                        null);


                    AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, Settings.SplitScopes.ToArray());
                },
                AuthenticationFailed = (context) =>
                {
                    context.HandleResponse();
                    context.Response.Redirect("/Error?message=" + context.Exception.Message);
                    return Task.FromResult(0);
                }
            }
            };

        var cookieOptions = new CookieAuthenticationOptions();
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(cookieOptions);

        app.UseOpenIdConnectAuthentication(openIdOptions);

在 apps.dev.microsoft.com 和我們本地化的網絡配置中,重定向的 url 保持一致.

The url for redirection is kept consistent both at apps.dev.microsoft.com and in our localized web config.

推薦答案

就我而言,這是一個非常奇怪的問題,因為并不是每個人都會遇到這種問題,只有少數客戶和開發人員會遇到這個問題.

In my case, this was a very weird problem because it didn't happen in for everyone, only few clients and devs have this problem.

如果您僅在 chrome(或具有相同引擎的瀏覽器)中遇到此問題,您可以嘗試將 chrome 上的此標志設置為禁用.

If you are having this problem in chrome only (or a browser that have the same engine) you could try setting this flag on chrome to disabled.

這里發生的情況是 chrome 具有不同的安全規則,即如果在沒有 Secure 屬性的情況下設置了沒有 SameSite 限制的 cookie,它將被拒絕".所以你可以禁用這個規則,它會起作用.

What happens here is that chrome have this different security rule that " If a cookie without SameSite restrictions is set without the Secure attribute, it will be rejected". So you can disable this rule and it will work.

或者,您也可以設置 Secure 屬性,但我不知道該怎么做;(

OR, you can set the Secure attribute too, but I don't know how to do that ;(

這篇關于IDX21323 OpenIdConnectProtocolValidationContext.Nonce 為空,OpenIdConnectProtocolValidatedIdToken.Payload.Nonce 不為空的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!

【網站聲明】本站部分內容來源于互聯網,旨在幫助大家更快的解決問題,如果有圖片或者內容侵犯了您的權益,請聯系我們刪除處理,感謝您的支持!

相關文檔推薦

ASP.NET Core authenticating with Azure Active Directory and persisting custom Claims across requests(ASP.NET Core 使用 Azure Active Directory 進行身份驗證并跨請求保留自定義聲明)
ASP.NET Core 2.0 Web API Azure Ad v2 Token Authorization not working(ASP.NET Core 2.0 Web API Azure Ad v2 令牌授權不起作用)
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API(如何獲取守護進程或服務器到 C# ASP.NET Web API 的 Azure AD OAuth2 訪問令牌和刷新令牌) - IT屋-程序員軟件開發技
.Net Core 2.0 - Get AAD access token to use with Microsoft Graph(.Net Core 2.0 - 獲取 AAD 訪問令牌以與 Microsoft Graph 一起使用)
Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously(異步調用時 Azure KeyVault Active Directory AcquireTokenAsync 超時)
Getting access token using email address and app password from oauth2/token(使用電子郵件地址和應用程序密碼從 oauth2/token 獲取訪問令牌)
主站蜘蛛池模板: 亚洲精品免费观看 | 永久免费av | 女女百合av大片一区二区三区九县 | 在线免费观看a级片 | 日韩a | 国产一级一片免费播放 | a级黄色片在线观看 | 亚洲欧美日韩久久久 | 欧美成人猛片aaaaaaa | 国产成人福利在线观看 | 精品国产亚洲一区二区三区大结局 | 精品欧美一区二区中文字幕视频 | 精品久久久久久久久久久 | 亚洲精品在线免费 | 黄a在线播放 | 九九热精品视频 | 久久99精品国产自在现线小黄鸭 | 亚洲色图在线观看 | 狠狠入ady亚洲精品经典电影 | 毛片一区二区三区 | 中文字幕视频在线观看 | 凹凸日日摸日日碰夜夜 | 鸡毛片 | 91中文在线观看 | 国产精品久久久久久久久久久久午夜片 | 精品一区国产 | 日本黄色大片免费 | 国产精品中文字幕一区二区三区 | 欧美久久免费观看 | 成人影院一区二区三区 | 亚洲免费一区二区 | 99re国产| 中文字幕av亚洲精品一部二部 | 欧美日韩国产不卡 | 久久精品青青大伊人av | 鸡毛片 | 成人久久 | 国产成人a亚洲精品 | 天天av网| 999国产精品视频免费 | 国产aⅴ爽av久久久久久久 |