我有一个使用交互式服务器渲染模式运行的 Blazor Web 应用程序,以及一个使用 OpenIddict 构建的 ID 提供程序。 Blazor 应用程序配置为使用 Microsoft OpenIdConnectHandler,基本上遵循本指南:https://damienbod.com/2024/04/15/implement-a-secure-blazor-web-application-using-openid-connect-and -安全标头/
当我在本地运行这两个应用程序时,一切都按预期工作。
但是,当我将它们部署到 Azure 时,我会成功重定向到登录页面(在 IDP 上),但在成功进行身份验证后,我最终会陷入 Blazor 应用程序上的 /signin-oidc 与 Blazor 应用程序上的授权端点之间的无限循环。国内流离失所者。
当我查看生成的日志时,这似乎是唯一的例外,即使 OpenIddict 看起来已成功处理令牌请求:
Category: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler EventId: 17 SpanId: d04c97209a4248cf TraceId: f1015c14eb411718858a680b84fb7145 ParentId: 0000000000000000 RequestId: 80000052-0001-e700-b63f-84710c7967bb RequestPath: /signin-oidc Exception occurred while processing message. Exception: System.Threading.Tasks.TaskCanceledException: The operation was canceled.
---> System.Threading.Tasks.TaskCanceledException: The operation was canceled.
---> System.IO.IOException: Unable to read data from the transport connection: The I/O operation has been aborted because of either a thread exit or an application request..
---> System.Net.Sockets.SocketException (995): The I/O operation has been aborted because of either a thread exit or an application request.
--- End of inner exception stack trace ---
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource<System.Int32>.GetResult(Int16 token)
at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](CancellationToken cancellationToken, Int32 estimatedSize)
at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](Memory`1 buffer, CancellationToken cancellationToken)
at System.Runtime.CompilerServices.PoolingAsyncValueTaskMethodBuilder`1.StateMachineBox`1.System.Threading.Tasks.Sources.IValueTaskSource<TResult>.GetResult(Int16 token)
at System.Net.Http.HttpConnection.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnection.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.Metrics.MetricsHandler.SendAsyncWithMetrics(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpClient.HandleFailure(Exception e, Boolean telemetryStarted, HttpResponseMessage response, CancellationTokenSource cts, CancellationToken cancellationToken, CancellationTokenSource pendingRequestsCts)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
但是,现在我不确定这是否是实际错误,或者这是否只是在我取消请求时发生。
我已尝试克隆此存储库https://github.com/damienbod/BlazorServerOidc并更改配置以使用我的IDP,然后将其部署到Azure中,这按预期工作。
然后我将所有页面和组件添加到其中,保持配置不变,但我遇到了同样的问题。
鉴于 a) 我有许多其他可以工作的应用程序(SPA 正在运行 React)b) 它可以在 Blazor 本地工作 c) 我的“模板”未经修改的 Blazor 应用程序可以工作 - 为什么我会遇到这个问题?
我发现 AddIdentity 向应用程序添加了一堆 cookie 和身份验证模式,我认为这干扰了我想要做的事情。但是,由于我仍然需要 Identity 添加的一些服务,因此我将其更改为 AddIdentityCore 并配置了 EF Core 存储等,现在它可以工作了。