developerconsole

developerconsole

关注
发信
关注(28)粉丝(399)

在运行 HTTPS 的应用程序中以 HTTP 而非 HTTPS 形式发送的重定向 URI

本文介绍了在运行 HTTPS 的应用程序中以 HTTP 而非 HTTPS 形式发送的重定向 URI的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 Asp .net 核心 MVC 应用程序.它连接到 Identity Server 4 进行身份验证.托管在 docker swarm 中

MVC 应用托管在 https://XXXXXXX

配置服务

services.AddAuthentication(options =>{options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme).AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme,选项=>{//options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:	emp-keys"));//当根据我们收到的数据创建身份时,//使用此身份验证方案将其持久化,因此在 cookie 中options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;//身份服务器端点options.Authority = settingsSetup.IdentityServerEndpoint;//登录时使用的客户端 IDoptions.ClientId = settingsSetup.ClientId;//客户端密码.options.ClientSecret = settingsSetup.Secret;//我们 API 的范围options.Scope.Add("testapi");options.Scope.Add("devconsole");//添加 offline_access 以获取刷新令牌options.Scope.Add("offline_access");options.ResponseType = "代码 id_token";options.SaveTokens = true;options.GetClaimsFromUserInfoEndpoint = true;});

当我尝试运行应用程序时,我收到重定向 uri 未匹配错误.

无效的redirect_uri:http://developerconsole.XXXXX.io/signin-oidc{"ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz","ClientName": "开发者控制台",AllowedRedirectUris":["http://localhost:55000/signin-oidc","http://localhost:55000/auth.html",http://localhost:55000/auth-silent.html"https://developerconsole.XXXXX.io/signin-oidc"],"SubjectId": "21379983",请求范围":",生的": {"client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz","redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc","response_type": "代码 id_token","scope": "openid profile testapi devconsole offline_access","response_mode": "form_post",nonce":636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm",状态": CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ  -  U-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N""x-client-SKU": "ID_NET",x-client-ver":2.1.4.0"}}

错误即将到来,因为我将 "https://developerconsole.XXXXX.io/signin-oidc" 作为重定向 uri 而不是 "http://developerconsole.XXXXX.io/signin-oidc" 我不想添加 HTTP 重定向 uri.

为什么我的应用构建的重定向 uri 有 http 而不是 https?

如果我确实添加了 HTTP,我会收到一个烦人的关联错误.我认为这是因为它被服务器作为 https 返回,因为服务器会自动将 http 转换为 https.

处理请求时发生未处理的异常.例外:关联失败.Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()

堆栈查询 Cookie 标头异常:关联失败.Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext()System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()

我可能不需要提及这在 localhost 上可以正常工作:/

解决方案

解决方案很简单.通过设置 UseForwardedHeaders,它现在将所有请求作为 HTTPS 发送.

app.UseForwardedHeaders(new ForwardedHeadersOptions{ForwardedHeaders = ForwardedHeaders.XForwardedProto});

关联失败.

现在已修复,我不再需要 http 和 https 重定向 uri.

I have an Asp .net core MVC app. Which connects to an Identity Server 4 for authentication. Hosted in a docker swarm

MVC app is hosted on https://XXXXXXX

ConfigurServies

services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
             .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                //options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:	emp-keys"));
                // when the identity has been created from the data we receive,
                // persist it with this authentication scheme, hence in a cookie
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                // Identity server endpoint
                options.Authority = settingsSetup.IdentityServerEndpoint;

                // Client id to login with
                options.ClientId = settingsSetup.ClientId;
                // Client secret.
                options.ClientSecret = settingsSetup.Secret;

                // Scope of our API
                options.Scope.Add("testapi");
                options.Scope.Add("devconsole");
                // adding offline_access to get a refresh token
                options.Scope.Add("offline_access");

                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
            });

When I try to run the app I get a redirect uri miss match error.

Invalid redirect_uri: http://developerconsole.XXXXX.io/signin-oidc
{
  "ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
  "ClientName": "Developer Console",
  "AllowedRedirectUris": [
    "http://localhost:55000/signin-oidc",
    "http://localhost:55000/auth.html",
    "http://localhost:55000/auth-silent.html"
    "https://developerconsole.XXXXX.io/signin-oidc"
  ],
  "SubjectId": "21379983",
  "RequestedScopes": "",
  "Raw": {
    "client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
    "redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc",
    "response_type": "code id_token",
    "scope": "openid profile testapi devconsole offline_access",
    "response_mode": "form_post",
    "nonce": "636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm",
    "state": "CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ--u-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N",
    "x-client-SKU": "ID_NET",
    "x-client-ver": "2.1.4.0"
  }
}

The error is coming because i have "https://developerconsole.XXXXX.io/signin-oidc" as a redirect uri and not "http://developerconsole.XXXXX.io/signin-oidc" I dont want to add HTTP redirect uris.

Why is my app building the redirect uri has http and not https?

If i do add the HTTP on i am getting an annoying Correlation error. which i think is due to the fact that its being returned by the server as https since the server automatically converts http to https.

I probably dont need to mention this works fine on localhost :/

解决方案

The solution was quite simple. By setting UseForwardedHeaders it now sends all the requests as HTTPS. 

app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedProto
        });

is now fixed and i no longer need to have a http and https redirect uris.

这篇关于在运行 HTTPS 的应用程序中以 HTTP 而非 HTTPS 形式发送的重定向 URI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-31 10:47
Powered by LMLPHP ©2024 developerconsole 0.038543