如何解决Saml没有Cookie的保存状态ASP.NET CORE
var certbase = _env.IsDevelopment() ? "" : AppDomain.CurrentDomain.BaseDirectory;
var pathpfx = Path.Combine(certbase,"xxxxx.pfx");
var pathxml = Path.Combine(certbase,"metadata.xml");
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("https://aaaa.aaa.com.tr");
options.SPOptions.ReturnUrl = new Uri("https://localhost:5003/Account/SignInPost");
options.SPOptions.MinIncomingSigningAlgorithm =
"http://www.w3.org/2000/09/xmldsig#rsa-sha1";
options.IdentityProviders.Add(
new IdentityProvider(
new EntityId("https://bbbbb.bbb.com.tr"),options.SPOptions)
{
MetadataLocation = pathxml,LoadMetadata = true,SingleSignOnServiceUrl = new Uri("https://bbbbb.bbb.com.tr/SAML/SSOService.aspx"),Binding = Sustainsys.Saml2.WebSso.Saml2Binding.UriToSaml2BindingType(new
Uri("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")),SingleLogoutServiceUrl = new Uri("https://bbbbb.bbb.com.tr/SAML/SLOService.aspx"),});
options.SPOptions.ServiceCertificates.Add(new X509Certificate2(pathpfx,"password"));
});
我的saml工作正常,但是我不知道发生了什么事,我的代码现在无法正常工作。
在Chrome上运行代码时出现此错误=>
UnexpectedInResponseToException:收到的消息_55ae387d-0b1e-4466-9b2b-d34a5254437c包含意外的InResponseTo“ iddfcfd98961654500864ee897d823ce87”。未找到该请求的cookie保留状态,因此该邮件不应具有InResponseTo属性。如果执行SP发起的登录时设置的cookie丢失,通常会发生此错误。
我的metadata.xml没问题 我的pfx也可以。
我一直在寻找解决问题的方法,但已超过2天,但是我找不到任何可以帮助我的东西。您对解决这个问题有什么建议?你能帮我吗?
在堆栈内部
UnexpectedInResponseToException: Received message _63021ef9-2b93-4b0a-ab75-88d42e8a4c9c contains unexpected InResponseTo "idc0faf551a5bf421da3a9e582b57f685a". No cookie preserving state from the request was found so the message was not expected to have an InResponseTo attribute. This error typically occurs if the cookie set when doing SP-initiated sign on have been lost.
Sustainsys.Saml2.Saml2P.Saml2Response.ValidateInResponseTo(IOptions options,IEnumerable<ClaimsIdentity> claimsIdentities)
Sustainsys.Saml2.Saml2P.Saml2Response.GetClaims(IOptions options,IDictionary<string,string> relayData)
Sustainsys.Saml2.WebSso.AcsCommand.ProcessResponse(IOptions options,Saml2Response samlResponse,StoredRequestState storedRequestState,IdentityProvider identityProvider,string relayState)
Sustainsys.Saml2.WebSso.AcsCommand.Run(HttpRequestData request,IOptions options)
Sustainsys.Saml2.AspNetCore2.Saml2Handler.HandleRequestAsync()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
解决方法
在startup.cs中设置
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.OnAppendCookie = cookieContext => SameSite.CheckSameSite(cookieContext.Context,cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext => SameSite.CheckSameSite(cookieContext.Context,cookieContext.CookieOptions);
//this is important. this will help you to solve the problem.
options.MinimumSameSitePolicy = SameSiteMode.None;
});
并将此方法添加到public void configure(){}
下 public static class SameSite
{
public static void CheckSameSite(HttpContext httpContext,CookieOptions options)
{
if (options.SameSite == SameSiteMode.None)
{
if (!BrowserSupportsSameSiteNone(httpContext.Request.Headers["User-Agent"].ToString()))
{
// Unspecified - no SameSite will be included in the Set-Cookie.
options.SameSite = (SameSiteMode)(-1);
}
}
}
private static bool BrowserSupportsSameSiteNone(string userAgent)
{
// iOS 12 browsers don't support SameSite=None.
if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12"))
{
return false;
}
// macOS 10.14 Mojave browsers don't support SameSite=None.
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && userAgent.Contains("Version/") && userAgent.Contains("Safari"))
{
return false;
}
// Old versions of Chrome don't support SameSite=None.
if (userAgent.Contains("Chrome") || userAgent.Contains("Chrome/6"))
{
return false;
}
return true;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。