c# Identity Server Bad Request - Request Too Long
I have an odd issue that I am trying to track down.
If I deploy my client and Identity Server to Azure, using a self signed certificate then the code works.
-
I've had this issue recently. The solution was to downgrade the used NuGet package
Microsoft.Owin.Security.OpenIdConnect. I was using 3.0.1. You must downgrade to 3.0.0. This is an issue with Owin/Katana middleware. Descriptioin of the issue can be found here. Note that the page states how to fix the actual issue in the library. I haven't tried that, it could also work and is worth the try.Note that you must clear your cookies the first time you redeploy with the fix in place. As temporary fix, you can always clear your cookies, and just visit the site again. At some point however, it will always stick bunch of nonce strings in the cookie. Similar issue can be found here.
讨论(0) -
Just clearing cookies worked for me. It is the easiest answer to try first.
讨论(0) -
What solved the problem for me was using AdamDotNet's Custom OpenIdConnectAuthenticationHandler to delete old nonce cookies.
public static class OpenIdConnectAuthenticationPatchedMiddlewareExtension { public static Owin.IAppBuilder UseOpenIdConnectAuthenticationPatched(this Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions openIdConnectOptions) { if (app == null) { throw new System.ArgumentNullException("app"); } if (openIdConnectOptions == null) { throw new System.ArgumentNullException("openIdConnectOptions"); } System.Type type = typeof(OpenIdConnectAuthenticationPatchedMiddleware); object[] objArray = new object[] { app, openIdConnectOptions }; return app.Use(type, objArray); } } /// <summary> /// Patched to fix the issue with too many nonce cookies described here: https://github.com/IdentityServer/IdentityServer3/issues/1124 /// Deletes all nonce cookies that weren't the current one /// </summary> public class OpenIdConnectAuthenticationPatchedMiddleware : OpenIdConnectAuthenticationMiddleware { private readonly Microsoft.Owin.Logging.ILogger _logger; public OpenIdConnectAuthenticationPatchedMiddleware(Microsoft.Owin.OwinMiddleware next, Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions options) : base(next, app, options) { this._logger = Microsoft.Owin.Logging.AppBuilderLoggerExtensions.CreateLogger<OpenIdConnectAuthenticationPatchedMiddleware>(app); } protected override Microsoft.Owin.Security.Infrastructure.AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler() { return new SawtoothOpenIdConnectAuthenticationHandler(_logger); } public class SawtoothOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler { public SawtoothOpenIdConnectAuthenticationHandler(Microsoft.Owin.Logging.ILogger logger) : base(logger) { } protected override void RememberNonce(OpenIdConnectMessage message, string nonce) { var oldNonces = Request.Cookies.Where(kvp => kvp.Key.StartsWith(OpenIdConnectAuthenticationDefaults.CookiePrefix + "nonce")); if (oldNonces.Any()) { Microsoft.Owin.CookieOptions cookieOptions = new Microsoft.Owin.CookieOptions { HttpOnly = true, Secure = Request.IsSecure }; foreach (KeyValuePair<string, string> oldNonce in oldNonces) { Response.Cookies.Delete(oldNonce.Key, cookieOptions); } } base.RememberNonce(message, nonce); } } }And use:
app.UseOpenIdConnectAuthenticationPatched(new OpenIdConnectAuthenticationOptions(){...});As detailed here: https://github.com/IdentityServer/IdentityServer3/issues/1124#issuecomment-226519073
讨论(0)
加载中...
- 热议问题