问题描述

我通过以下组合实现这一目标:1)浏览器隐身模式(Chrome)2)应用程序位于Azure应用程序网关的后面(如果不是，则不会复制).基于Cookie的关联性已关闭(默认)；如果将其打开，似乎会使重现发生的频率更高.

I am hitting this with the following combination:1) Browser incognito mode (Chrome)2) Application is behind Azure application gateway (no repro if it isnt). Cookie based affinity is turned OFF (default); if turned ON, seems to make repro happen more often.

代码是普通的OIDC authN + Cookie.

Code is rather plain vanilla OIDC authN + cookies.

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddAzureAd(options => {
            Configuration.Bind("AzureAd", options);
        })
        .AddCookie(p => p.SlidingExpiration = true);

我正在按照建议将X-Forwarded-Proto标头转发到auth中间件，以便redirect_uri使用正确的协议方案.

I am forwarding the X-Forwarded-Proto header to the auth middleware as recommended so the redirect_uri uses the correct protocol scheme.

处理代码

我试图处理 OnRemoteFailure()事件，并重定向到"/Home/AuthRedirect"，这是一个等待20秒的匿名页面，然后重定向到"/"(主页页).似乎有时会奏效，但并非总是如此.我没主意了.

I tried to handle the OnRemoteFailure() event, and redirect to "/Home/AuthRedirect" which is an anon page that waits for 20 secs, and then redirects to the "/" (home page). It seems to work sometimes, but not always. I am out of ideas.

WORKAROUND

1)用户可以再次转到主页，然后按F5键，直到它起作用为止.似乎每个F5都使它们向前迈进了一步，一旦填充了OpenID cookie，其他所有内容(在openid完成后，我通过adal.js可以使用AJAX获得更多身份验证).2)绕过应用程序网关，并使用直接服务结构群集DNS名称(不可接受，因为它是http).

1) Users can go to the homepage again and hit F5 until this works. It seems that each F5 gets them moving a step ahead and once the OpenID cookies are populated, everything else (I have more auth after openid finishes, via adal.js for AJAX use).2) Bypass the application gateway and use the direct service fabric cluster DNS name (not acceptable as it is http).

详细信息

System.Exception:关联失败. 在Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.d__12.MoveNext()---从上一个引发异常的位置开始的堆栈结束跟踪--- 在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) 在Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.d__6.MoveNext()---从先前引发异常的位置开始的堆栈结束跟踪--- 在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) 在Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext()---从上一个引发异常的位置开始的堆栈结束跟踪--- 在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) 在Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext()---从上一个引发异常的位置开始的堆栈结束跟踪--- 在System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 在System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务) 在Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.d__7.MoveNext()

System.Exception: Correlation failed. at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.d__12.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.d__6.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.d__7.MoveNext()

推荐答案

我有同样的问题，如果您的环境是Web场，则应使用DataProtection共享密钥.

I have same problem, if your environment is web farm, you should use DataProtection to share key.

这篇关于关联失败. OIDC身份验证期间，在Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler处的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！