MVC5 Azure AD IDX21323

前端未结

关注

 1  1345

臣服心动 2021-01-28 13:12

My Azure Free subscription has expired. I\'ve since been added to my companies Azure subscription but I can no longer use SSO with Oauth2 using AD.

VS2017 reports 0 subs

1条回答

無奈伤痛 (楼主)

2021-01-28 13:44

The error above happens when the request to the application does not contain the nonce cookie.You can use the instruction below to capture a Fiddler trace containing the error.

http://blogs.aaddevsup.xyz/2018/09/12/capture-https-traffic-with-http-fiddler/

Additionally try something like below:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
    {
        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            AuthenticationFailed = AuthenticationFailedNotification authFailed =>
            {
                if (authFailed.Exception.Message.Contains("IDX21323"))
                {
                    authFailed.HandleResponse();
                    authFailed.OwinContext.Authentication.Challenge();
                }

                await Task.FromResult(true);
            }
        }
    });

Additional reference:

IDX21323 OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocolValidatedIdToken.Paylocad.Nonce was not null

Hope it helps.

0 讨论(0)