第一次断开连接后,Razor 页面@attibute[Authorize] 失败 - Blazor 服务器
请帮助任何建议,我们将不胜感激。 在生产中,第一个用户没有问题,但包含第一个用户后的任何用户如果返回,则无法使用 @attibute[Authorize] 访问任何页面。我使用 Auth0 来管理用户池。
这种情况不会在本地发生,因为只有一名用户“开发人员”测试该站点。第一个用户已连接。
网站在这些日志后崩溃了。
连接 ID“0HMFRUPK7S99E”发送 FIN,因为:“客户端已关闭 连接。” 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] 连接 ID “0HMFRUPK7S99E”断开连接。 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] 连接 ID “0HMFRUPK7S99E”完成保持活动响应。 02:43:34 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] 请求已完成 HTTP/1.1 POST https://example.com/_blazor/disconnect 多部分/表单数据;+边界=----------------------------------------139792296522211296111044067565 397 - 200 0 - 54.1590 毫秒 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] 连接 ID “0HMFRUPK7S99E”已停止。
之后,导航菜单会加载,但没有人可以导航到任何具有 @attibute[Authorize] 的页面
02:44:09
[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport] 收到消息。类型:二进制,大小:26,EndOfMessage:True。 02:44:10 [VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport] 收到消息。类型:二进制,大小:3,EndOfMessage:True。
我不确定它是否是中间件或其他位置:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
// Configure the HTTP request pipeline.
if (!env.IsDevelopment())
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
这是 Auth0 的配置。在 appsetting.json 中,我有:
"Auth0": {
"Authority": "https://************************",
"ClientId": "*******************************",
"ClientSecret": "*************************************************",
"Audience": "************************",
"ResponseType": "code",
"DefaultScopes": "email"
}
这是我将 Auth0 配置为服务:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("Auth0", options => {
Configuration.Bind("Auth0", options);
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/callback");
options.ClaimsIssuer = "Auth0";
options.SaveTokens = true;
options.TokenValidationParameters = new()
{
NameClaimType = "name",
};
options.Events = new OpenIdConnectEvents
{
// handle the logout redirection
OnRedirectToIdentityProviderForSignOut = (context) =>
{
var logoutUri = $"https://{Configuration["Auth0:Domain"]}/v2/logout?client_id={Configuration["Auth0:ClientId"]}";
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = context.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
});
我非常感谢任何帮助。先感谢您
PLEASE HELP ANY SUGGESTION WOULD BE APPRECIATED.
In production the first user has no issue but any user after including the first, if they return, cannot access any page with @attibute[Authorize]. I use Auth0 to manage User Pools.
This does not occur locally simply because only one user "developer" tests the site. First user connected.
The site breaks after these logs.
Connection id "0HMFRUPK7S99E" sending FIN because: "The client closed
the connection." 02:43:34
[DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id
"0HMFRUPK7S99E" disconnecting. 02:43:34
[DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id
"0HMFRUPK7S99E" completed keep alive response. 02:43:34
[INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished
HTTP/1.1 POST https://example.com/_blazor/disconnect
multipart/form-data;+boundary=---------------------------139792296522211296111044067565
397 - 200 0 - 54.1590ms 02:43:34
[DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id
"0HMFRUPK7S99E" stopped.
Afterwards, the nav menu loads but no one can navigate to any page that has @attibute[Authorize]
02:44:09
[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport]
Message received. Type: Binary, size: 26, EndOfMessage: True. 02:44:10
[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport]
Message received. Type: Binary, size: 3, EndOfMessage: True.
I'm not sure if it's middleware or else where:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
// Configure the HTTP request pipeline.
if (!env.IsDevelopment())
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
//app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
This is the config for Auth0. In appsetting.json I have:
"Auth0": {
"Authority": "https://************************",
"ClientId": "*******************************",
"ClientSecret": "*************************************************",
"Audience": "************************",
"ResponseType": "code",
"DefaultScopes": "email"
}
This is my configure Auth0 as a service:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("Auth0", options => {
Configuration.Bind("Auth0", options);
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/callback");
options.ClaimsIssuer = "Auth0";
options.SaveTokens = true;
options.TokenValidationParameters = new()
{
NameClaimType = "name",
};
options.Events = new OpenIdConnectEvents
{
// handle the logout redirection
OnRedirectToIdentityProviderForSignOut = (context) =>
{
var logoutUri = quot;https://{Configuration["Auth0:Domain"]}/v2/logout?client_id={Configuration["Auth0:ClientId"]}";
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = context.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += quot;&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
});
I would really appreciate any help. Thank you in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过大量调查后,我的问题的真正答案是我无法使用 AddScope 来注入我的实体框架数据存储。我不得不将其更改为 AddSingleton。
After much investigation the true answer to my problem was that I could not use AddScope to inject my Entity Framework data store. I had to change it to AddSingleton.