c＃Identity Server错误请求 - 请求太长

2 回答

• 2

  我最近遇到过这个问题 . 解决方案是降级使用过的NuGet包 Microsoft.Owin.Security.OpenIdConnect . 我使用的是3.0.1 . 您必须降级到3.0.0 . 这是Owin / Katana中间件的问题 . 可以在here找到该问题的描述 . 请注意，该页面说明了如何修复库中的实际问题 . 我没有尝试过，它也可以工作，值得一试 .

  请注意，首次使用修补程序重新部署时，必须清除Cookie . 作为临时修复，您可以随时清除Cookie，然后再次访问该网站 . 但是，在某些时候，它总是会在cookie中粘贴一堆nonce字符串 . 类似的问题可以在here找到 .

  回复于 2024-04-26T07:21:23+08:00
• 1

  是什么解决了我的问题是使用AdamDotNet's Custom OpenIdConnectAuthenticationHandler删除旧的nonce cookie .

  public static class OpenIdConnectAuthenticationPatchedMiddlewareExtension
      {
          public static Owin.IAppBuilder UseOpenIdConnectAuthenticationPatched(this Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions openIdConnectOptions)
          {
              if (app == null)
              {
                  throw new System.ArgumentNullException("app");
              }
              if (openIdConnectOptions == null)
              {
                  throw new System.ArgumentNullException("openIdConnectOptions");
              }
              System.Type type = typeof(OpenIdConnectAuthenticationPatchedMiddleware);
              object[] objArray = new object[] { app, openIdConnectOptions };
              return app.Use(type, objArray);
          }
      }
  
      /// <summary>
      /// Patched to fix the issue with too many nonce cookies described here: https://github.com/IdentityServer/IdentityServer3/issues/1124
      /// Deletes all nonce cookies that weren't the current one
      /// </summary>
      public class OpenIdConnectAuthenticationPatchedMiddleware  : OpenIdConnectAuthenticationMiddleware
      {
          private readonly Microsoft.Owin.Logging.ILogger _logger;
  
          public OpenIdConnectAuthenticationPatchedMiddleware(Microsoft.Owin.OwinMiddleware next, Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions options) 
                  : base(next, app, options)
          {
              this._logger = Microsoft.Owin.Logging.AppBuilderLoggerExtensions.CreateLogger<OpenIdConnectAuthenticationPatchedMiddleware>(app);
          }
  
          protected override Microsoft.Owin.Security.Infrastructure.AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
          {
              return new SawtoothOpenIdConnectAuthenticationHandler(_logger);
          }
  
          public class SawtoothOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler
          {
              public SawtoothOpenIdConnectAuthenticationHandler(Microsoft.Owin.Logging.ILogger logger)
                  : base(logger) { }
  
              protected override void RememberNonce(OpenIdConnectMessage message, string nonce)
              {
                  var oldNonces = Request.Cookies.Where(kvp => kvp.Key.StartsWith(OpenIdConnectAuthenticationDefaults.CookiePrefix + "nonce"));
                  if (oldNonces.Any())
                  {
                      Microsoft.Owin.CookieOptions cookieOptions = new Microsoft.Owin.CookieOptions
                      {
                          HttpOnly = true,
                          Secure = Request.IsSecure
                      };
                      foreach (KeyValuePair<string, string> oldNonce in oldNonces)
                      {
                          Response.Cookies.Delete(oldNonce.Key, cookieOptions);
                      }
                  }
                  base.RememberNonce(message, nonce);
              }
          }
      }
  

  并使用：

  app.UseOpenIdConnectAuthenticationPatched(new OpenIdConnectAuthenticationOptions(){...});
  

  详情如下：https://github.com/IdentityServer/IdentityServer3/issues/1124#issuecomment-226519073

  回复于 2024-04-26T07:21:23+08:00