1. 技术文章
  2. OpenID Relying Party response status shows Failed even with Provider authenticates - DotNetOpenAuth

OpenID Relying Party response status shows Failed even with Provider authenticates - DotNetOpenAuth

筅森魡賤 提交于 2019-12-12 05:18:42

问题


Using the DNOA library, I created a Provider which authenticates a request and sends back the user information (like email, first name, etc). To test this, I created a Relying Party. This system works well on my localhost. When I put the Provider in my server, it worked fine but suddenly, I keep getting failed response.

Looking at the response URL, I CAN see the email, first name being sent back from the Provider, but the RP is not recognizing it and goes into the 'Failed' case. The exact same code on my localhost works fine.

Here is a sample respose - 

http://localhost:50952/Default.aspx?dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%2Fuser123&openid.claimed_id=http%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%2Fuser123&openid.identity=http%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%2Fuser123&openid.sig=1bCd7KJjvtBqEObuQccO9fIx9FMBDiz2zkl8FrIbguw%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2%2Calias3.type.alias3%2Calias3.value.alias3%2Calias3.type.alias4%2Calias3.value.alias4%2Calias3.type.alias5%2Calias3.value.alias5%2Calias3.type.alias6%2Calias3.value.alias6%2Calias3.type.alias7%2Calias3.value.alias7&openid.assoc_handle=Bw5H%21IAAAAHoxEw3Q_7vF6XVheBEr7uMn03oSJXmatbjAbWReLG7tQQAAAAGuW5aLeRJZRqnrlrT6CdzWGVtOEgD-4CuYOVcJZLopnig3xaAjzoJaVePTEhPigbL4dtWQqJzmSo7bgivW8815&openid.op_endpoint=http%3A%2F%2Fopenid.xyz.com%2Fserver.aspx&openid.return_to=http%3A%2F%2Flocalhost%3A50952%2FDefault.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.xyz.com%252Fuser.aspx%252Fuser123&openid.response_nonce=2013-07-27T23%3A46%3A49ZFINSwMcn&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=UserName&openid.alias3.value.aluser123&openid.alias3.type.alias2=FirstName&openid.alias3.value.alias2=N&openid.alias3.type.alias3=LastName&openid.alias3.value.alias3=Smith&openid.alias3.type.alias4=RemoteLogin&openid.alias3.value.alias4=1&openid.alias3.type.alias5=StaffType&openid.alias3.value.alias5=&openid.alias3.type.alias6=DEANumber&openid.alias3.value.alias6=&openid.alias3.type.alias7=StateNumber&openid.alias3.value.alias7=

You can see that the fields with personal information is present! why does the RP still show 'failed'?

EDIT: So the RP gets a proper response when Provider is from LocalHost but fails when Provider is on the server. Here the value of the immediate window of the RP with the Localhost provider:

 WebDev.WebServer40.exe Information: 0 : HTTP GET http://localhost:58242/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : An XRDS response was received from GET at user-supplied identifier.
WebDev.WebServer40.exe Information: 0 : Total services discovered in XRDS: 2
WebDev.WebServer40.exe Information: 0 : [{
    ClaimedIdentifier: http://localhost:58242/user.aspx/user123
    ProviderLocalIdentifier: http://localhost:58242/user.aspx/user123
    ProviderEndpoint: http://localhost:58242/server.aspx
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/signon
        http://openid.net/extensions/sreg/1.1
}, {
    ClaimedIdentifier: http://localhost:58242/user.aspx/user123
    ProviderLocalIdentifier: http://localhost:58242/user.aspx/user123
    ProviderEndpoint: http://localhost:58242/server.aspx
    OpenID version: 1.0
    Service Type URIs:
        http://openid.net/signon/1.0
        http://openid.net/extensions/sreg/1.1
},]
WebDev.WebServer40.exe Information: 0 : Skipping HTML discovery because XRDS contained service endpoints.
WebDev.WebServer40.exe Information: 0 : Received identity assertion for http://localhost:58242/user.aspx/user123 via http://localhost:58242/server.aspx.

And here is the RP immediate window with the Provider on the server:

WebDev.WebServer40.exe Information: 0 : HTTP GET https://openid.xyz.com/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : An XRDS response was received from GET at user-supplied identifier.
WebDev.WebServer40.exe Information: 0 : Total services discovered in XRDS: 2
WebDev.WebServer40.exe Information: 0 : [{
    ClaimedIdentifier: https://openid.xyz.com/user.aspx/user123
    ProviderLocalIdentifier: https://openid.xyz.com/user.aspx/user123
    ProviderEndpoint: https://openid.xyz.com/server.aspx
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/signon
        http://openid.net/extensions/sreg/1.1
}, {
    ClaimedIdentifier: https://openid.xyz.com/user.aspx/user123
    ProviderLocalIdentifier: https://openid.xyz.com/user.aspx/user123
    ProviderEndpoint: https://openid.xyz.com/server.aspx
    OpenID version: 1.0
    Service Type URIs:
        http://openid.net/signon/1.0
        http://openid.net/extensions/sreg/1.1
},]
WebDev.WebServer40.exe Information: 0 : Skipping HTML discovery because XRDS contained service endpoints.
WebDev.WebServer40.exe Information: 0 : Performing discovery on user-supplied identifier: https://openid.xyz.com/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : Creating authentication request for user supplied Identifier: https://openid.xyz.com/user.aspx/user123
WebDev.WebServer40.exe Information: 0 : Preparing to send CheckIdRequest (2.0) message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty applied to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Sending message: CheckIdRequest
WebDev.WebServer40.exe Information: 0 : Redirecting to https://openid.xyz.com/server.aspx?openid.claimed_id=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.identity=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.assoc_handle=woRX%21IAAAAI8Cn8mo2fHDzAFTyfYMZo7lsBbLcv5iKzliqwfmhxyjQQAAAAFNfXjeTdiwJif_mcgZSqkQOe1wQ79P1GaU1FZw1A4LonBK0rO2OjBpgr8uqCZ4VYYv2C9AJICbSDGN-z19OoqI&openid.return_to=http%3A%2F%2Flocalhost%3A50952%2FDefault.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.xyz.com%252Fuser.aspx%user123&openid.realm=http%3A%2F%2Flocalhost%3A50952%2F&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.if_available=alias1%2Calias2%2Calias3%2Calias4%2Calias5%2Calias6%2Calias7&openid.alias3.mode=fetch_request&openid.alias3.type.alias1=UserName&openid.alias3.count.alias1=1&openid.alias3.type.alias2=FirstName&openid.alias3.count.alias2=1&openid.al
ias3.type.alias3=LastName&openid.alias3.count.alias3=1&openid.alias3.type.alias4=RemoteLogin&openid.alias3.count.alias4=1&openid.alias3.type.alias5=DEANumber&openid.alias3.count.alias5=1&openid.alias3.type.alias6=StateNumber&openid.alias3.count.alias6=1&openid.alias3.type.alias7=StaffType&openid.alias3.count.alias7=1
A first chance exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll
An exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll but was not handled in user code
WebDev.WebServer40.exe Information: 0 : Incoming HTTP request: GET http://localhost:50952/Default.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.claimed_id=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.identity=https%3A%2F%2Fopenid.xyz.com%2Fuser.aspx%user123&openid.sig=narSsDwDWz69GrdFNuz%2F57Gy%2BOO4%2BFDdNTIWM5BpJBE%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce%2Cns.alias3%2Calias3.mode%2Calias3.type.alias1%2Calias3.value.alias1%2Calias3.type.alias2%2Calias3.value.alias2%2Calias3.type.alias3%2Calias3.value.alias3%2Calias3.type.alias4%2Calias3.value.alias4%2Calias3.type.alias5%2Calias3.value.alias5%2Calias3.type.alias6%2Calias3.value.alias6%2Calias3.type.alias7%2Calias3.value.alias7&openid.assoc_handle=woRX%21IAAAAI8Cn8mo2fHDzAFTyfYMZo7lsBbLcv5iKzliqwfmhxyjQQAAAAFNfXjeTdiwJif_mcgZSqkQOe1wQ79P1GaU1FZw1A4LonBK0rO2OjBpgr8uqCZ4VYYv2C9AJICbSDGN-z19OoqI&openid.op_endpoint=https%3A
%2F%2Fopenid.xyz.com%2Fserver.aspx&openid.return_to=http%3A%2F%2Flocalhost%3A50952%2FDefault.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fopenid.xyz.com%252Fuser.aspx%user123&openid.response_nonce=2013-07-29T01%3A05%3A41ZNuPERYFm&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.alias3=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=UserName&openid.alias3.value.alias1=user123&openid.alias3.type.alias2=FirstName&openid.alias3.value.alias2=N&openid.alias3.type.alias3=LastName&openid.alias3.value.alias3=Smith&openid.alias3.type.alias4=RemoteLogin&openid.alias3.value.alias4=1&openid.alias3.type.alias5=StaffType&openid.alias3.value.alias5=&openid.alias3.type.alias6=DEANumber&openid.alias3.value.alias6=&openid.alias3.type.alias7=StateNumber&openid.alias3.value.alias7=
WebDev.WebServer40.exe Information: 0 : Incoming request received: PositiveAssertionResponse
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
WebDev.WebServer40.exe Information: 0 : Verifying incoming PositiveAssertionResponse message signature of: narSsDwDWz69GrdFNuz/57Gy+OO4+FDdNTIWM5BpJBE=
WebDev.WebServer40.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement applied to message.
A first chance exception of type 'DotNetOpenAuth.Messaging.ProtocolException' occurred in DotNetOpenAuth.DLL

The difference that I see is the line Received identity assertion which is not present for the server provider.

来源:https://stackoverflow.com/questions/17903704/openid-relying-party-response-status-shows-failed-even-with-provider-authenticat

标签
c#
ASP.NET
iis
openid
dotnetopenauth
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!