我正在尝试在我的MVC应用程序上实现一个自定义登录按钮,该按钮将指向IdentityServer进行登录,然后重定向回我的MVC应用程序。
要执行此操作,我在Microsoft.AspNetCore.Authentication.ChallengeAsync操作中使用HttpContext Account/Login扩展方法
public Task Login()
{
return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
}
请求被定向到IDP上的授权端点,用户可以登录并将请求重定向到我的MVC应用上的signin-oidc。此时,signin-oidc调用Account/Login动作并开始无限循环。
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Executing action method Moneteer.Landing.Controllers.AccountController.Login (Moneteer.Landing) with arguments ((null)) - ModelState is Valid
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[12]
AuthenticationScheme: OpenIdConnect was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action Moneteer.Landing.Controllers.AccountController.Login (Moneteer.Landing) in 11.9704ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 23.4211ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST https://localhost:4500/signin-oidc application/x-www-form-urlencoded 1488
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
AuthenticationScheme: Cookies signed in.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 10.4219ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Executing action method Moneteer.Landing.Controllers.AccountController.Login (Moneteer.Landing) with arguments ((null)) - ModelState is Valid
我认为signin-oidc无法保存cookie并假设登录失败。 MVC应用程序的相关配置如下所示
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Constants.Authority;
options.RequireHttpsMetadata = true;
options.ClientId = "moneteer-mvc";
options.SaveTokens = true;
});
在IDP上,客户端注册为
new Client
{
ClientId = "moneteer-mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
RedirectUris = { "https://localhost:4500/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:4500/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
},
}
如何在ChallengeAsync正常工作的情况下获得此流程?
答案 0 :(得分:0)
对于未来的任何人来说:ChallengeAsync过载,允许您传入一个redirectUrl,您希望signin-oidc在成功登录后将用户发送到该地址。设置完成后,无限重定向就不会发生。
return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
{
RedirectUri = "/",
});