首页 文章

回复地址中没有ASP.NET Core 2.0,Kubernetes,https?

提问于
浏览
1

我有一个部署到Kubernetes集群的ASP.NET Core 2.0 Web应用程序 . 该应用程序使用Azure AD对某些受保护的页面进行身份验证 . Kubernetes集群设置了Nginx入口控制器,Let's加密以支持https .

我可以毫无问题地访问https://x.eastus.cloudapp.azure.com,点击我指向https://x.eastus.cloudapp.azure.com/link的网站上的链接,也没有问题 .

但是,当我点击一个需要登录用户的链接时,我得到:

Sign in
Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply address 'http://x.eastus.cloudapp.azure.com/signin-oidc' does not match the reply addresses configured for the application: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'. More details: not specified

请注意,上面的URL错过了https,这就是问题所在 .

我已将“https://x.eastus.cloudapp.azure.com/signin-oidc”注册为Azure AD中应用程序的回复URL .

但是,我不明白为什么登录时使用的回复网址缺少https .

如果我将完全相同的应用程序部署到Azure Web App,我不会遇到此问题 .

可能是什么问题?

这是我的Ingress YAML文件:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: x-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    # Add to generate certificates for this ingress
    kubernetes.io/tls-acme: 'true'
spec:
  rules:
    - host: x.eastus.cloudapp.azure.com
      http:
        paths:
          - path: /
            backend:
              serviceName: x-service
              servicePort: 80
  tls:
    # With this configuration kube-lego will generate a secret called `x-tls-secret`
    # for the URL `x.eastus.cloudapp.azure.com`
    - hosts:
        - "x.eastus.cloudapp.azure.com"
      secretName: x-tls-secret

我在Startup.cs中有以下代码:

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<ForwardedHeadersOptions>(options =>
    {
        options.ForwardedHeaders =
            ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
    });

    services.Configure<MvcOptions>(options =>
    {
        options.Filters.Add(new RequireHttpsAttribute());
    });

    services.AddAuthentication(sharedOptions =>
    {
        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddAzureAd(options => Configuration.Bind("AzureAd", options))
    .AddCookie();

    services.AddMvc();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseForwardedHeaders();

    app.UseStaticFiles();

    app.UseAuthentication();
}
nginx asp.net-core kubernetes azure-active-directory kubernetes-ingress

1 回答

  • 0

    在Configure方法中添加自定义中间件以执行手动http-https重定向

    app.Use(async (context, next) =>
{
    if (context.Request.IsHttps || context.Request.Headers["X-Forwarded-Proto"] == Uri.UriSchemeHttps)
    {
        await next();
    }
    else
    {
        string queryString = context.Request.QueryString.HasValue ? context.Request.QueryString.Value : string.Empty;
        var https = "https://" + context.Request.Host + context.Request.Path + queryString;
        context.Response.Redirect(https);
    }
});
    回复于

相关问题