MVC 6 OpenIdConnect

本文介绍了MVC 6 OpenIdConnect的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我目前遇到将MVC应用程序从Beta 3迁移到Beta 4的多个问题-其中之一与OpenIdConnect到Windows Azure进行身份验证有关.当我转到具有Authorize属性的页面时，该页面将停止处理并位于空白白页上，而不会弹出Azure登录页面.我没有得到YSOD-只是空白屏幕.至于示例代码，我只能找到以下代码: github/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/OpenIdConnectSample/Startup.cs github/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/vNext/samples/Mvc/Mvc.Client/Startup.cs

I am currently running into multiple issues migrating my MVC application from beta 3 to 4 - one of these has to do with OpenIdConnect to Windows Azure for authentication. When I go to a page that has an Authorize attribute, the page stops processing and sits at a blank white page without bringing up the Azure sign in page. I do not get a YSOD - just the blank screen. As for sample code, I've only been able to find these: github/aspnet/Security/blob/5cf0564484cf5bb2a7a16e6485816d19287538e6/samples/OpenIdConnectSample/Startup.cs github/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/vNext/samples/Mvc/Mvc.Client/Startup.cs

如果我使用第二个示例，并且在另一个控制器中实际使用了ChallengeResult，则它确实会显示"Azure登录"页面，但会在Azure端返回一个错误请求"(400).

If I use the second example, and actually use the ChallengeResult in a different controller, it does bring up the Azure Sign In page but brings back a Bad Request (400) on Azure side.

这是我当前的代码:

public void ConfigureServices(IServiceCollection services) { // Cannot find services.AddAuthentication that is supposed to be in Microsoft.Framework.DependencyInjection services.AddWebEncoders(); services.AddDataProtection(); services.Configure<ExternalAuthenticationOptions>(options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationType; }); // Add MVC services to the services container. services.AddMvc(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory) { // Configure the OWIN Pipeline to use OpenID Connect Authentication app.UseCookieAuthentication(options => { options.AutomaticAuthentication = true; }); app.UseOpenIdConnectAuthentication(options => { options.ClientId = Constants.ClientId; options.Authority = Constants.Authority; options.PostLogoutRedirectUri = Constants.PostLogoutRedirectUri; options.TokenValidationParameters.RoleClaimType = "roles"; options.Notifications = new OpenIdConnectAuthenticationNotifications() { AuthorizationCodeReceived = async (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(Constants.ClientId, Constants.AppKey); AuthenticationContext authContext = new AuthenticationContext(Constants.Authority, false); var result = await authContext.AcquireTokenByAuthorizationCodeAsync( code, new Uri(Constants.PostLogoutRedirectUri), credential, Constants.GraphUri); ActiveDirectoryHelper.token = result.AccessToken; } }; }); // More MVC stuff such as routing and static files }

P.S.有人对MVC 6有任何有用的资源吗?我一直在GitHub上搜索我的大多数Beta 4代码.

P.S. Does anyone have any helpful resources for MVC 6? I've been scouring GitHub for most of my Beta 4 code.

推荐答案

您遇到的问题与Cookie标头有关，如果您收到的400错误是"HTTP，则超出了HTTP.sys的限制.错误400.请求标头的大小太长." .Azure AD Cookie标头可能超过单个标头的限制.我遇到了同样的问题，这是我的Cookie:

The problem you are having is related to the Cookie header and it's beyond the limit of HTTP.sys if the 400 error you are getting is "HTTP Error 400. The size of the request headers is too long.". The Azure AD cookie header probably exceeds the limit for a single header. I had the same issue and here was my cookies:

ARRAffinity = 65字节

ARRAffinity = 65 bytes

.AspNet.Cookies = 9个字节

.AspNet.Cookies = 9 bytes

.AspNet.CookiesC1 = 4046字节

.AspNet.CookiesC1 = 4046 bytes

.AspNet.CookiesC2 = 4046字节

.AspNet.CookiesC2 = 4046 bytes

.AspNet.CookiesC3 = 4046字节

.AspNet.CookiesC3 = 4046 bytes

.AspNet.CookiesC4 = 3850字节

.AspNet.CookiesC4 = 3850 bytes

您可能会看到类似的图片.有几种解决方法:

You will probably see a similar picture. There are couple of workarounds:

如果您可以控制服务器，请应用这些注册表更改突破限制并重新启动服务器.

If you have control over the server, apply these registry changes to bump the limit and restart your server.

如果您无法控制服务器(例如Azure Web Apps)，则需要缩小Cookie的大小.为此，您可以将cookie内容存储在ASP.NET 5会话中，而是存储更小的会话cookie.示例:

If you don't have control over the server (e.g. Azure Web Apps), you need to shrink down the size of the cookie. To do this, you can store the cookie content on the ASP.NET 5 session and instead, store the session cookie which is way smaller. Example:

app.UseCookieAuthentication(options => { options.AutomaticAuthentication = true; options.SessionStore = new MemoryCacheSessionStore(); });

MemoryCacheSessionStore 这是 IAuthenticationSessionStore .您可以在ASP.NET安全性存储库的此处中找到完整的示例./p>

MemoryCacheSessionStore here is an implementation of IAuthenticationSessionStore. You can find the complete sample here on ASP.NET Security repository.