zoukankan      html  css  js  c++  java

  • IdentityServer4 遇到的坑

    1.Error connecting to http://..../.well-known/openid-configuration. HTTPS required.

      部署IdentityServer4 之后遇到的坑

      参考 https://www.cnblogs.com/stulzq/p/9594623.html

      IdentityServer4解决办法

      

    2.在identityServer 服务端登录后重定向时,遇到错误 http://localhost:56468/signin-oidc signin-oidc 报404

      需要在Startup.cs 中 Configure 启动 添加 app.UseAuthentication(); 中间件,最好放在app.UseAuthorization() 之前

    3.Correlation failed.  错误如下

      

      这是由谷歌内核浏览器 cookie 策略引起的,参考 http://www.ruanyifeng.com/blog/2019/09/cookie-samesite.html

      a.换一个不是谷歌内核的浏览器

      b.如下

       代码如下

    services.Configure<CookiePolicyOptions>(options =>
            {
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                options.Secure = CookieSecurePolicy.SameAsRequest;
                options.OnAppendCookie = cookieContext =>
                    AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                options.OnDeleteCookie = cookieContext =>
                    AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            });

      参考具体代码  

      https://github.com/skoruba/IdentityServer4.Admin/blob/master/src/Skoruba.IdentityServer4.Shared/Authentication/AuthenticationHelpers.cs

    public static class AuthenticationHelpers
    {
        public static void CheckSameSite(HttpContext httpContext, CookieOptions options)
        {
            if (options.SameSite == SameSiteMode.None)
            {
                var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
                if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent))
                {
                    // For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
                    options.SameSite = SameSiteMode.Unspecified;
                }
            }
        }

        public static bool DisallowsSameSiteNone(string userAgent)
        {
            // Cover all iOS based browsers here. This includes:
            // - Safari on iOS 12 for iPhone, iPod Touch, iPad
            // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
            // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
            // All of which are broken by SameSite=None, because they use the iOS networking stack
            if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12"))
            {
                return true;
            }

            // Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
            // - Safari on Mac OS X.
            // This does not include:
            // - Chrome on Mac OS X
            // Because they do not use the Mac OS networking stack.
            if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
                userAgent.Contains("Version/") && userAgent.Contains("Safari"))
            {
                return true;
            }

            // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
            // and none in this range require it.
            // Note: this covers some pre-Chromium Edge versions, 
            // but pre-Chromium Edge does not require SameSite=None.
            if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
            {
                return true;
            }

            return false;
        }
    }

    4. 错误 OpenIdConnectProtocolException: 'access_denied' 或者 OpenIdConnectProtocolException: Message contains error: 'invalid_client',

      

       解决办法 

       

      检测你的秘钥是否正确

      

      这才是秘钥。

     5.默认情况下 HttpContext.User.Claims中是不带用户授权的一些身份信息的

      1.解决办法

      

      2. 开源的客户端

      
  • 相关阅读:
    2-5
    2-3
    2-2
    2-1
    1-1
    实验6-1 求数组及其下标
    实验4-2 关于求阶乘的运算
    作业 3-5 switch语句的应用
    作业3-6 查询水果单价
    作业3-4 判断是不是闰年
  • 原文地址:https://www.cnblogs.com/youlicc/p/14650741.html
Copyright © 2011-2022 走看看