1. 首頁
  2. 問答
  3. OpenID「未經請求的斷言不允許來自1.0 OpenID提供者」錯誤

OpenID「未經請求的斷言不允許來自1.0 OpenID提供者」錯誤

2010-01-29 49 views
0

我們試圖使用OpenID jQuery插件(如StackOverflow)和DotNetOpenAuth來實現OpenID(作爲依賴方)。OpenID「未經請求的斷言不允許來自1.0 OpenID提供者」錯誤

我們無法讓AOL工作。 DotNetOpenAuth重定向使用http://openid.aol.com/ {用戶名}就好了,但是當我們成功進行身份驗證,並將其重定向到我們的網站,運行這些代碼:(略)

using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) 
{ 
    // Not sure if we want to stick with this, just trying to get it to WORK once 
    openid.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V10; 
    openid.SecuritySettings.RejectUnsolicitedAssertions = false; 

    IAuthenticationResponse resp = openid.GetResponse(); 

    // Results: 
    // resp.Status == AuthenticationStatus.Failed 
    // resp.Exception == DotNetOpenAuth.Messaging.ProtocolException 
    // resp.Exception.Message == "Unsolicited assertions are not allowed from 1.0 OpenID Providers." 
}

有誰知道什麼原因呢?我發現很難搜索什麼是主動斷言甚至是IS。或者有關AOL支持的OpenID版本的文檔。

編輯:請求log4net的日誌,在這裏,他們是:

2010-02-01 09:04:45,217 (GMT-6) [12] INFO DotNetOpenAuth - DotNetOpenAuth, Version=3.3.1.9337, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official) 
2010-02-01 09:04:45,246 (GMT-6) [12] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A//dev.seekitlocal.com/ 
2010-02-01 09:04:45,254 (GMT-6) [12] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A//dev.seekitlocal.com/ 
2010-02-01 09:04:56,448 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - HTTP GET http://openid.aol.com/DuctTapeNT 
2010-02-01 09:04:56,588 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - Total services discovered in HTML: 1 
2010-02-01 09:04:56,590 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - [{ 
    ClaimedIdentifier: http://openid.aol.com/DuctTapeNT 
    ProviderLocalIdentifier: http://openid.aol.com/DuctTapeNT 
    ProviderEndpoint: https://api.screenname.aol.com/auth/openidServer 
    OpenID version: 1.1 
    Service Type URIs: 
     http://openid.net/signon/1.1 
},] 
2010-02-01 09:04:56,606 (GMT-6) [10] INFO DotNetOpenAuth.Yadis - Performing discovery on user-supplied identifier: http://openid.aol.com/DuctTapeNT 
2010-02-01 09:04:56,616 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - Filtering and sorting of endpoints did not affect the list. 
2010-02-01 09:04:56,616 (GMT-6) [10] INFO DotNetOpenAuth.OpenId - Creating authentication request for user supplied Identifier: http://openid.aol.com/DuctTapeNT 
2010-02-01 09:04:56,638 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckIdRequest (1.1) message. 
2010-02-01 09:04:56,712 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message. 
2010-02-01 09:04:56,713 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 
2010-02-01 09:04:56,715 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement applied to message. 
2010-02-01 09:04:56,716 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 
2010-02-01 09:04:56,718 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 
2010-02-01 09:04:56,724 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckIdRequest (1.1) message for https://api.screenname.aol.com/auth/openidServer: 
    openid.identity: http://openid.aol.com/DuctTapeNT 
    openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT 
    openid.trust_root: http://*.seekitlocal.com/ 
    openid.mode: checkid_setup 
    openid.ns.sreg: http://openid.net/extensions/sreg/1.1 
    openid.sreg.required: 
    openid.sreg.optional: email,fullname,gender,country 

2010-02-01 09:04:56,726 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending message: CheckIdRequest 
2010-02-01 09:04:56,730 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - Redirecting to https://api.screenname.aol.com/auth/openidServer?openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.trust_root=http%3A%2F%2F%2A.seekitlocal.com%2F&openid.mode=checkid_setup&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.required=&openid.sreg.optional=email%2Cfullname%2Cgender%2Ccountry 
2010-02-01 09:05:13,253 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.mode=id_res&openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.assoc_handle=diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%253D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%252BBcrVIrSAI%253D&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.signed=identity%2Creturn_to&openid.sig=utUiJJNfsRYobq3BiPraBubeI9c%3D 
2010-02-01 09:05:13,254 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.mode=id_res&openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.assoc_handle=diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%253D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%252BBcrVIrSAI%253D&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.signed=identity%2Creturn_to&openid.sig=utUiJJNfsRYobq3BiPraBubeI9c%3D 
2010-02-01 09:05:13,271 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse 
2010-02-01 09:05:13,277 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (1.1) message: 
    openid.identity: http://openid.aol.com/DuctTapeNT 
    openid.sig: utUiJJNfsRYobq3BiPraBubeI9c= 
    openid.signed: identity,return_to 
    openid.assoc_handle: diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%3D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%2BBcrVIrSAI%3D 
    openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT 
    openid.response_nonce: 2010-02-01T15:05:13Z 
    openid.mode: id_res 
    ReturnUrl: http://dev.seekitlocal.com/ 
    dnoa.userSuppliedIdentifier: http://openid.aol.com/DuctTapeNT 
    dnoa.op_endpoint: https://api.screenname.aol.com/auth/openidServer 
    dnoa.claimed_id: http://openid.aol.com/DuctTapeNT 

2010-02-01 09:05:13,282 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 
2010-02-01 09:05:13,286 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement applied to message. 
2010-02-01 09:05:13,289 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: utUiJJNfsRYobq3BiPraBubeI9c= 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (1.1) message. 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message. 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 
2010-02-01 09:05:13,309 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message. 
2010-02-01 09:05:13,310 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (1.1) message for https://api.screenname.aol.com/auth/openidServer: 
    openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT 
    openid.mode: check_authentication 
    openid.identity: http://openid.aol.com/DuctTapeNT 
    openid.sig: utUiJJNfsRYobq3BiPraBubeI9c= 
    openid.signed: identity,return_to 
    openid.assoc_handle: diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%3D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%2BBcrVIrSAI%3D 
    openid.response_nonce: 2010-02-01T15:05:13Z 
    ReturnUrl: http://dev.seekitlocal.com/ 
    dnoa.userSuppliedIdentifier: http://openid.aol.com/DuctTapeNT 
    dnoa.op_endpoint: https://api.screenname.aol.com/auth/openidServer 
    dnoa.claimed_id: http://openid.aol.com/DuctTapeNT 

2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request. 
2010-02-01 09:05:13,548 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - HTTP POST https://api.screenname.aol.com/auth/openidServer 
2010-02-01 09:05:13,612 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response. 
2010-02-01 09:05:13,612 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (1.1) message: 
    is_valid: true 
    openid.mode: id_res 

2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 
2010-02-01 09:05:13,615 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 
2010-02-01 09:05:13,616 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 
2010-02-01 09:05:13,619 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message. 
2010-02-01 09:05:13,620 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 
2010-02-01 09:05:13,624 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message. 
2010-02-01 09:05:13,625 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (1.1) message is: 
    is_valid: true 
    openid.mode: id_res 

2010-02-01 09:05:13,626 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message. 
2010-02-01 09:05:13,627 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message. 
2010-02-01 09:05:13,627 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 
2010-02-01 09:05:13,627 (GMT-6) [10] ERROR DotNetOpenAuth.OpenId - Incoming message is expected to have a nonce, but the return_to parameter is not signed. 
2010-02-01 09:05:13,629 (GMT-6) [10] ERROR DotNetOpenAuth.Messaging - Protocol error: Unsolicited assertions are not allowed from 1.0 OpenID Providers. 
    at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args) 
    at DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement.ProcessIncomingMessage(IProtocolMessage message) 
    at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) 
    at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) 
    at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) 
    at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) 
    at IDM.Controls.OpenIDLogin.OnInit(EventArgs e) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 
    at System.Web.HttpContext.InvokeCancellableCallback(WaitCallback callback, Object state) 
    at System.Web.UI.Page.AsyncPageBeginProcessRequest(HttpContext context, AsyncCallback callback, Object extraData) 
    at IDM.Components.SILBasePage.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) 
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 
    at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) 
    at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) 
    at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

來源

2010-01-29 David Boike

+0

它適用於現場樣品http://samples.dotnetopenauth.net/v3.4/OpenIdRelyingPartyWebForms/爲了弄清楚是怎麼回事在您的服務器上,我們需要查看日誌:http://www.dotnetopenauth.net/developers/code-snippets/loggingdebugging-dotnetopenauth-with-log4net/您可以將日誌添加到問題中嗎? – 2010-01-30 04:12:03

+0

@Andrew添加了log4net日誌。我很喜歡他們的詳細程度,但不幸的是我依然對希臘很不滿。希望你能指出我正確的方向。謝謝! – 2010-02-01 15:21:39

+0

RP處於無狀態模式? – 2010-02-02 04:35:24

回答

2

我相信這是怎麼回事就在於OpenIdRelyingParty比如你用它來創建該認證請求是無狀態(‘啞’)模式。也就是說,您將null傳遞給其構造函數,或者在其中一個ASP.NET控件上設置Stateless="true"。但是,當身份驗證響應返回時,您將使用在有狀態模式下創建的OpenIdRelyingParty實例處理該響應(您沒有顯式向其構造函數傳遞null)。

這會導致認證響應不兼容。該請求以較低的安全級別創建,因爲該額外安全性所需的狀態不可用。但是,當身份驗證響應返回時,狀態可用,因此安全性要求更高,並且拒絕對較低級別請求的響應。

最好創建一個OpenIdRelyingParty實例,將其存儲在某個靜態字段中,然後將其用於所有登錄。它是線程安全的,專門爲此設計的。它可以幫助您避免將來出現這種問題,並且性能更高一些。順便說一句,我也希望你在創建它之後明確地設置SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V10OpenIdRelyingParty實例,否則我不認爲這種無狀態模式將允許與AOL一起工作。在您的站點和OpenID 1.1提供程序中的無狀態模式RP是DotNetOpenAuth默認禁止的低安全性組合,因爲協議易受重播攻擊。只要你知道你在那裏壓倒一切(如果你實際上是這樣做的話)。

(哇,這是一個很大的日誌挖掘的...)

來源

2010-02-02 05:01:11

+0

你說得對 - 我正在使用單獨的OpenIdRelyingParty實例來啓動並完成登錄過程,其中一個未在構造函數中傳遞null。我是在假設實現IDisposable的類應該處置的情況下運行的,所以很高興聽到可以安全地實例化一個靜態實例。我使用的是無狀態的,因爲我正在計劃一個負載均衡的環境 - 您是否會建議實施IRelyingPartyApplicationStore以實現AOL和其他OpenID 1.1提供商的安全攻擊? – 2010-02-02 15:34:25

+0

如果您可以實施它,我總是會推薦一家州立店。否則,我會在其無狀態默認值off的情況下離開OpenID 1.1 OP支持。無論如何,AOL應該儘快完成2.0 OP的發佈。 – 2010-02-03 00:01:58

0

「不請自來的斷言」意味着你的應用程序認爲AOL派人在與id_res消息,而無需您的應用程序不斷做該標識符的checkid_setup 。我會把它留給安德魯說出DotNetOpenAuth如何處理這個或AOL。

('因爲它在Python。作品)

來源

2010-01-29 23:57:26 keturn

相關問題

 相關問題