c#-SSO-未找到OpenID端点
作者:互联网
我正在尝试使SSO openid与dotnetopenauth一起使用.
我有两个单独的项目,分别调试(都在localhost上,但有两个不同的端口),一个充当提供者,一个充当依赖方.
依赖方正在localhost:1903上运行.
该提供程序正在localhost:3314上运行.
依赖方代码:
public ActionResult Authenticate()
{
UriBuilder returnToBuilder = new UriBuilder(Request.Url);
returnToBuilder.Path = "/OpenId/";
returnToBuilder.Query = null;
returnToBuilder.Fragment = null;
Uri returnTo = returnToBuilder.Uri;
returnToBuilder.Path = "/";
Realm realm = returnToBuilder.Uri;
realm = "http://localhost:3314/OpenId/";
returnTo = new Uri("http://localhost:3314/OpenId/");
var response = openid.GetResponse();
if (response == null) {
if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {
} else {
string strIdentifier = "testidentifier";
var request = openid.CreateRequest(
strIdentifier,
realm,
returnTo);
var fetchRequest = new FetchRequest();
request.AddExtension(fetchRequest);
request.RedirectToProvider();
}
} else {
switch (response.Status) {
case AuthenticationStatus.Canceled:
//stuff got cancelled for some reason
break;
case AuthenticationStatus.Failed:
//response.Exception.Message;
break;
case AuthenticationStatus.Authenticated:
//a bunch of applying roles that i don't think we care about
break;
}
}
return new EmptyResult();
}
提供者代码:
public ActionResult Index()
{
IAuthenticationRequest iR = (IAuthenticationRequest)Request;
if (iR.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success) {
iR.IsAuthenticated = false;
return new EmptyResult();
}
if (iR.IsDirectedIdentity) {
if (User.Identity.IsAuthenticated) {
iR.LocalIdentifier = BuildIdentityUrl();
iR.IsAuthenticated = true;
} else {
if (iR.Immediate || ImplicitAuth) {
iR.IsAuthenticated = false;
} else {
if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
return RedirectToAction("Login", "User");
}
}
}
} else {
string userOwningOpenIdUrl = ExtractUserName(iR.LocalIdentifier);
iR.IsAuthenticated = userOwningOpenIdUrl == User.Identity.Name;
if (!iR.IsAuthenticated.Value && !ImplicitAuth && !iR.Immediate) {
if (!Request.Path.EndsWith("Login", StringComparison.OrdinalIgnoreCase)) {
return RedirectToAction("Login", "User");
}
}
}
if (iR.IsAuthenticated.Value) {
var fetchRequest = iR.GetExtension<FetchRequest>();
if (fetchRequest != null) {
var fetchResponse = new FetchResponse();
//roles and stuff
iR.AddResponseExtension(fetchResponse);
}
}
return new EmptyResult();
}
我在openid.CreateRequest方法上运行依赖方代码时收到错误.我在提供程序代码上启用了调试功能,但从未成功.
研究错误后,我发现了很多有关代理问题的建议,但这对我来说不应该是个问题,因为我只打算去本地主机.
也许这很明显,但是我对自己做错了事感到茫然.
先谢谢您的帮助!
编辑:仅供参考,我从DotNetOpenAuth示例中获得了此代码.
解决方法:
好吧,我最终手动浏览了源代码,并发现了问题所在.
原来dumdum有点正确-我的第一个问题是它确实希望使用URI作为标识符,所以一旦我将标识符更改为http:// localhost:3314 / OpenId /(即使它本身无效),我克服了那个例外.
第二个问题是我忘记将信息添加到web.config中-因此localhost未列入白名单,并且CreateRequest在该处失败.
在修复了这两个问题之后,我的提供程序代码受到了很好的攻击-我在那里遇到其他错误,但这是我想象的一个单独问题.
Web.Config:
<configSections>
<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth">
<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
<section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
<section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth" requirePermission="false" allowLocation="true"/>
</sectionGroup>
</configSections>
<dotNetOpenAuth>
<openid>
<relyingParty>
<security requireSsl="false">
<!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
<!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
<add endpoint="https://www.google.com/accounts/o8/ud" />
</trustedProviders>-->
</security>
<behaviors>
<!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
with OPs that use Attribute Exchange (in various formats). -->
<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/>
<!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth" />-->
</behaviors>
<!-- Uncomment the following to activate the sample custom store. -->
<!--<store type="OpenIdRelyingPartyWebForms.CustomStore, OpenIdRelyingPartyWebForms" />-->
</relyingParty>
</openid>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<!-- since this is a sample, and will often be used with localhost -->
<add name="localhost"/>
</whitelistHosts>
</untrustedWebRequest>
</messaging>
<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
<reporting enabled="true"/>
</dotNetOpenAuth>
标签:openid,dotnetopenauth,single-sign-on,c,asp-net-mvc 来源: https://codeday.me/bug/20191127/2075797.html