DotNetOpenAuth 3.4:调用 Yahoo!停止返回响应,有时也会影响 Google

发布于 2024-08-23 16:00:39 字数 13144 浏览 4 评论 0原文

  • DotNetOpenAuth 3.4.1.10044
  • Windows 7(64 位)
  • VS 2008 SP1、.NET 3.5、C#
  • Windows Azure

ASP.NET 围绕 OpenID 调用的片段后面的代码:

OpenIdRelyingParty rp = new OpenIdRelyingParty(null);
string discoveryUri = "";
if (provider == "google") {
    discoveryUri = "https://www.google.com/accounts/08/id";
    Application.Set("Provider", "Google");
} else if (provider == "yahoo") {
    discoveryUri = "https://me.yahoo.com";
    Application.Set("Provider", "Yahoo");
}
try {
    string openIdUri = Request.Url.ToString();
    var b = new UriBuilder(openIdUri) { Query = "" };
    Response.Write("OpenId_Click: Request.Url = " + Request.Url);
    var req = rp.CreateRequest(discoveryUri, b.Uri, b.Uri);
    Response.Write("OpenId_Click: discoveryUri = " + discoveryUri);
    try {
        req.RedirectToProvider();
    } catch (ThreadAbortException tae) {
        string taem = tae.Message;
    }
} catch (Exception ex) {
    string s = ex.Message;
}
rp.Dispose();

我有以下 (3) 行为:

当我首先启动 ASP.NET(Azure 开发存储),如果我针对 Yahoo! 进行身份验证,则成功。如果我尝试针对 Yahoo! 进行身份验证一分钟后,对 RedirectToProvider 的调用再也没有返回响应。此后,又致电 Google 和 Yahoo!不要返回响应。

当我第一次启动 ASP.NET 时,如果我针对 Google 进行身份验证,则成功。如果我在一分钟后再次尝试对 Google 进行身份验证,则对 RedirectToProvider 的调用会成功,而无需询问我的用户名/密码。 (我没有选中“记住我”复选框。)此后,对 Google 的其他调用仍然成功。 (Google 似乎缓存了第一个请求的结果。)如果我随后针对 Yahoo! 进行身份验证。对 RedirectToProvider 的调用永远不会返回响应。如果我切换回 Google,我会再次成功,而无需询问我的用户名/密码。

当我第一次启动 ASP.NET(Azure 开发存储)时,如果我针对 Yahoo! 进行身份验证,则成功。如果我在一分钟后尝试对 Google 进行身份验证,则对 RedirectToProvider 的调用永远不会返回响应。

没有明显的失败(除了通常的 ThreadAbortException 噪音,无论调用是否成功都会出现)。

关于可能发生的事情有什么想法吗?

以下是来自 Yahoo! 的第三个案例的一些跟踪信息。成功了,那么Google就不成功了:

Synch Queue Created with a single Message ==> Busy : Information[WaWebHost.exe] DotNetOpenAuth, Version=3.4.1.10044, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Reporting will use isolated storage with scope: User, Domain, Assembly
[WaWebHost.exe] HTTP GET https://me.yahoo .com/
[WaWebHost.exe] X-XRDS-Location found in HTTP header.  Preparing to pull XRDS from https://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
[WaWebHost.exe] HTTP GET https://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://open.login.yahooapis.com/openid/op/auth
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/server
        http://specs.openid.net/extensions/pape/1.0
        http://openid.net/sreg/1.0
        http://openid.net/extensions/sreg/1.1
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/oauth/1.0
        http://specs.openid.net/extensions/ui/1.0/lang-pref
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
        http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
        http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
        http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Performing discovery on user-supplied identifier: https://me.yahoo.com/
[WaWebHost.exe] Creating authentication request for user supplied Identifier: https://me.yahoo.com/
[WaWebHost.exe] Preparing to send CheckIdRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending message: CheckIdRequest
[WaWebHost.exe] Redirecting to https://open.login.yahooapis.com/openid/op/auth?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fme.yahoo.com&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Incoming HTTP request: GET http://127.0.0.1:5100/OpenId.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fme.yahoo.com&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fme.yahoo.com&openid.claimed_id=https%3A%2F%2Fme.yahoo.com%2Fa%2FXLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--%23afa8c&openid.identity=https%3A%2F%2Fme.yahoo.com%2Fa%2FXLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.assoc_handle=kCG5j8w0Czja2yJ.JumEVy3SNaHp4aZQ4AdjguIo.OU2SrcpQsEtBxiZvqP_wP9Yf03KI_eOet5.Qsbv2Ov7MXEyGdVP4b4p4Cewoent7pmFNBxanpkYCg_W_zvJXkUo&openid.response_nonce=2010-03-04T19%3A48%3A00ZT3svYxSveINSAkkLdpO.IApS8NhEBBSdLQ--&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Cpape.auth_level.nist&openid.op_endpoint=https%3A%2F%2Fopen.login.yahooapis.com%2Fopenid%2Fop%2Fauth&openid.pape.auth_level.nist=0&openid.sig=mnpe8U7hLo3XBpUnmuX2tRgPwHA%3D
[WaWebHost.exe] Incoming request received: PositiveAssertionResponse
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Verifying incoming PositiveAssertionResponse message signature of: mnpe8U7hLo3XBpUnmuX2tRgPwHA=
[WaWebHost.exe] Preparing to send CheckAuthenticationRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending CheckAuthenticationRequest request.
[WaWebHost.exe] HTTP POST https://open.login.yahooapis.com/openid/op/auth
[WaWebHost.exe] Received CheckAuthenticationResponse response.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Verifying assertion matches identifier discovery results...
[WaWebHost.exe] HTTP GET https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
[WaWebHost.exe] X-XRDS-Location found in HTTP header.  Preparing to pull XRDS from https://open.login.yahooapis.com/openid20/user_profile/xrds
[WaWebHost.exe] HTTP GET https://open.login.yahooapis.com/openid20/user_profile/xrds
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
    ProviderLocalIdentifier: https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
    ProviderEndpoint: https://open.login.yahooapis.com/openid/op/auth
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/signon
        http://specs.openid.net/extensions/pape/1.0
        http://openid.net/sreg/1.0
        http://openid.net/extensions/sreg/1.1
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/oauth/1.0
        http://specs.openid.net/extensions/ui/1.0/lang-pref
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
        http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
        http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
        http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Received identity assertion for https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c via https://open.login.yahooapis.com/openid/op/auth.
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Incoming HTTP request: GET http://127.0.0.1:81/[email protected]&userid=XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] HTTP GET https://www.google.com/accounts/o8/id
[WaWebHost.exe] An XRDS response was received from GET at user-supplied identifier.
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://www.google.com/accounts/o8/ud
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/server
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://specs.openid.net/extensions/ui/1.0/icon
        http://specs.openid.net/extensions/pape/1.0
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Performing discovery on user-supplied identifier: https://www.google.com/accounts/o8/id
[WaWebHost.exe] Creating authentication request for user supplied Identifier: https://www.google.com/accounts/o8/id
[WaWebHost.exe] Preparing to send CheckIdRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending message: CheckIdRequest
[WaWebHost.exe] Redirecting to https://www.google.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0

  • DotNetOpenAuth 3.4.1.10044
  • Windows 7 (64-bit)
  • VS 2008 SP1, .NET 3.5, C#
  • Windows Azure

ASP.NET code behind fragment around OpenID call:

OpenIdRelyingParty rp = new OpenIdRelyingParty(null);
string discoveryUri = "";
if (provider == "google") {
    discoveryUri = "https://www.google.com/accounts/08/id";
    Application.Set("Provider", "Google");
} else if (provider == "yahoo") {
    discoveryUri = "https://me.yahoo.com";
    Application.Set("Provider", "Yahoo");
}
try {
    string openIdUri = Request.Url.ToString();
    var b = new UriBuilder(openIdUri) { Query = "" };
    Response.Write("OpenId_Click: Request.Url = " + Request.Url);
    var req = rp.CreateRequest(discoveryUri, b.Uri, b.Uri);
    Response.Write("OpenId_Click: discoveryUri = " + discoveryUri);
    try {
        req.RedirectToProvider();
    } catch (ThreadAbortException tae) {
        string taem = tae.Message;
    }
} catch (Exception ex) {
    string s = ex.Message;
}
rp.Dispose();

I have the following (3) behaviors:

When I first start ASP.NET (Azure Development Storage), if I authenticate against Yahoo!, it is successful. If I try to authenticate against Yahoo! A minute later, the call to RedirectToProvider never returns a response. After that, additional calls to Google and Yahoo! Do not return a response.

When I first start ASP.NET, if I authenticate against Google, it is successful. If I try to authenticate against Google again a minute later, the call to RedirectToProvider is successful without asking me for my username/password. (I did not check the remember-me checkbox.) After that, additional calls to Google remain successful. (Google seems to cache the results of the first request.) If I then authenticate against Yahoo! the call to RedirectToProvider never returns a response. If I switch back to Google, again I am successful without asking me for my username/password.

When I first start ASP.NET (Azure Development Storage), if I authenticate against Yahoo!, it is successful. If I try to authenticate against Google a minute later, the call to RedirectToProvider never returns a response.

There is no obvious failure (other than the usual ThreadAbortException noise that seems to occur whether or not the calls are successful).

Any ideas around what might be happening?

Here is some trace information from the third case where Yahoo! Is succesful, then Google is not:

Synch Queue Created with a single Message ==> Busy : Information[WaWebHost.exe] DotNetOpenAuth, Version=3.4.1.10044, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Reporting will use isolated storage with scope: User, Domain, Assembly
[WaWebHost.exe] HTTP GET https://me.yahoo .com/
[WaWebHost.exe] X-XRDS-Location found in HTTP header.  Preparing to pull XRDS from https://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
[WaWebHost.exe] HTTP GET https://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://open.login.yahooapis.com/openid/op/auth
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/server
        http://specs.openid.net/extensions/pape/1.0
        http://openid.net/sreg/1.0
        http://openid.net/extensions/sreg/1.1
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/oauth/1.0
        http://specs.openid.net/extensions/ui/1.0/lang-pref
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
        http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
        http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
        http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Performing discovery on user-supplied identifier: https://me.yahoo.com/
[WaWebHost.exe] Creating authentication request for user supplied Identifier: https://me.yahoo.com/
[WaWebHost.exe] Preparing to send CheckIdRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending message: CheckIdRequest
[WaWebHost.exe] Redirecting to https://open.login.yahooapis.com/openid/op/auth?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fme.yahoo.com&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Incoming HTTP request: GET http://127.0.0.1:5100/OpenId.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fme.yahoo.com&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fme.yahoo.com&openid.claimed_id=https%3A%2F%2Fme.yahoo.com%2Fa%2FXLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--%23afa8c&openid.identity=https%3A%2F%2Fme.yahoo.com%2Fa%2FXLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.assoc_handle=kCG5j8w0Czja2yJ.JumEVy3SNaHp4aZQ4AdjguIo.OU2SrcpQsEtBxiZvqP_wP9Yf03KI_eOet5.Qsbv2Ov7MXEyGdVP4b4p4Cewoent7pmFNBxanpkYCg_W_zvJXkUo&openid.response_nonce=2010-03-04T19%3A48%3A00ZT3svYxSveINSAkkLdpO.IApS8NhEBBSdLQ--&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Cpape.auth_level.nist&openid.op_endpoint=https%3A%2F%2Fopen.login.yahooapis.com%2Fopenid%2Fop%2Fauth&openid.pape.auth_level.nist=0&openid.sig=mnpe8U7hLo3XBpUnmuX2tRgPwHA%3D
[WaWebHost.exe] Incoming request received: PositiveAssertionResponse
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Verifying incoming PositiveAssertionResponse message signature of: mnpe8U7hLo3XBpUnmuX2tRgPwHA=
[WaWebHost.exe] Preparing to send CheckAuthenticationRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending CheckAuthenticationRequest request.
[WaWebHost.exe] HTTP POST https://open.login.yahooapis.com/openid/op/auth
[WaWebHost.exe] Received CheckAuthenticationResponse response.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Verifying assertion matches identifier discovery results...
[WaWebHost.exe] HTTP GET https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
[WaWebHost.exe] X-XRDS-Location found in HTTP header.  Preparing to pull XRDS from https://open.login.yahooapis.com/openid20/user_profile/xrds
[WaWebHost.exe] HTTP GET https://open.login.yahooapis.com/openid20/user_profile/xrds
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
    ProviderLocalIdentifier: https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
    ProviderEndpoint: https://open.login.yahooapis.com/openid/op/auth
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/signon
        http://specs.openid.net/extensions/pape/1.0
        http://openid.net/sreg/1.0
        http://openid.net/extensions/sreg/1.1
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/oauth/1.0
        http://specs.openid.net/extensions/ui/1.0/lang-pref
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
        http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
        http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
        http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Received identity assertion for https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c via https://open.login.yahooapis.com/openid/op/auth.
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Incoming HTTP request: GET http://127.0.0.1:81/[email protected]&userid=XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] HTTP GET https://www.google.com/accounts/o8/id
[WaWebHost.exe] An XRDS response was received from GET at user-supplied identifier.
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://www.google.com/accounts/o8/ud
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/server
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://specs.openid.net/extensions/ui/1.0/icon
        http://specs.openid.net/extensions/pape/1.0
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Performing discovery on user-supplied identifier: https://www.google.com/accounts/o8/id
[WaWebHost.exe] Creating authentication request for user supplied Identifier: https://www.google.com/accounts/o8/id
[WaWebHost.exe] Preparing to send CheckIdRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending message: CheckIdRequest
[WaWebHost.exe] Redirecting to https://www.google.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

何以畏孤独 2024-08-30 16:00:39

看起来您正在捕获异常而不是重新抛出它们,在 ThreadAbortException 的情况下,这可能会改变它应该如何工作。我不知道这是否是问题的一部分,但这只是一个想法。

另外,我注意到您正在使用请求 URL(无论是什么)作为 return_to 和领域。我建议不要允许领域为任何请求 URL,因为 Google 使用定向身份,如果一个用户访问“login.aspx”,稍后同一用户访问“Login.aspx”(仅大小写不同)Google 会将其视为两个不同站点并向您发送两个不同的身份。您必须确保您网站上的“领域”、大小写等始终相同。

至于间歇性重定向问题,我没有看到任何会导致这种情况的原因。该日志表明正在发生重定向。尽管您捕获的异常可能再次导致此处失败。当重定向没有发生时,您会得到什么?

It looks like you're catching exceptions and not rethrowing them, which in the case of ThreadAbortException may be changing how it's supposed to work. I don't know if that's part of the problem, but it's just a thought.

Also, I notice you're using the request URL (whatever that is) as both the return_to and the realm. I recommend against allowing realm to be whatever the request URL is, as Google uses directed identity and if one user visits "login.aspx" and later the same user visits "Login.aspx" (capitalization different only) Google will see it as two different sites and send two different identities to you. You must ensure that "realm" is always the same from your site, capitalization and all.

As far as the intermittent redirect problem, I don't see anything that would cause that. The log suggests that the redirection is occurring. Although again your catching of the exception might be causing failures here. What do you get when the redirection doesn't happen?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文