1. 首页
  2. 问答
  3. OpenID“未经请求的断言不允许来自1.0 OpenID提供者”错误

OpenID“未经请求的断言不允许来自1.0 OpenID提供者”错误

2010-01-29 199 views
0

我们试图使用OpenID jQuery插件(如StackOverflow)和DotNetOpenAuth来实现OpenID(作为依赖方)。OpenID“未经请求的断言不允许来自1.0 OpenID提供者”错误

我们无法让AOL工作。 DotNetOpenAuth重定向使用http://openid.aol.com/ {用户名}就好了,但是当我们成功进行身份验证,并将其重定向到我们的网站,运行这些代码:(略)

using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) 
{ 
    // Not sure if we want to stick with this, just trying to get it to WORK once 
    openid.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V10; 
    openid.SecuritySettings.RejectUnsolicitedAssertions = false; 

    IAuthenticationResponse resp = openid.GetResponse(); 

    // Results: 
    // resp.Status == AuthenticationStatus.Failed 
    // resp.Exception == DotNetOpenAuth.Messaging.ProtocolException 
    // resp.Exception.Message == "Unsolicited assertions are not allowed from 1.0 OpenID Providers." 
}

有谁知道什么原因呢?我发现很难搜索什么是主动断言甚至是IS。或者有关AOL支持的OpenID版本的文档。

编辑:请求log4net的日志,在这里,他们是:

2010-02-01 09:04:45,217 (GMT-6) [12] INFO DotNetOpenAuth - DotNetOpenAuth, Version=3.3.1.9337, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official) 
2010-02-01 09:04:45,246 (GMT-6) [12] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A//dev.seekitlocal.com/ 
2010-02-01 09:04:45,254 (GMT-6) [12] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A//dev.seekitlocal.com/ 
2010-02-01 09:04:56,448 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - HTTP GET http://openid.aol.com/DuctTapeNT 
2010-02-01 09:04:56,588 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - Total services discovered in HTML: 1 
2010-02-01 09:04:56,590 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - [{ 
    ClaimedIdentifier: http://openid.aol.com/DuctTapeNT 
    ProviderLocalIdentifier: http://openid.aol.com/DuctTapeNT 
    ProviderEndpoint: https://api.screenname.aol.com/auth/openidServer 
    OpenID version: 1.1 
    Service Type URIs: 
     http://openid.net/signon/1.1 
},] 
2010-02-01 09:04:56,606 (GMT-6) [10] INFO DotNetOpenAuth.Yadis - Performing discovery on user-supplied identifier: http://openid.aol.com/DuctTapeNT 
2010-02-01 09:04:56,616 (GMT-6) [10] DEBUG DotNetOpenAuth.Yadis - Filtering and sorting of endpoints did not affect the list. 
2010-02-01 09:04:56,616 (GMT-6) [10] INFO DotNetOpenAuth.OpenId - Creating authentication request for user supplied Identifier: http://openid.aol.com/DuctTapeNT 
2010-02-01 09:04:56,638 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckIdRequest (1.1) message. 
2010-02-01 09:04:56,712 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message. 
2010-02-01 09:04:56,713 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 
2010-02-01 09:04:56,715 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement applied to message. 
2010-02-01 09:04:56,716 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 
2010-02-01 09:04:56,718 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 
2010-02-01 09:04:56,724 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckIdRequest (1.1) message for https://api.screenname.aol.com/auth/openidServer: 
    openid.identity: http://openid.aol.com/DuctTapeNT 
    openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT 
    openid.trust_root: http://*.seekitlocal.com/ 
    openid.mode: checkid_setup 
    openid.ns.sreg: http://openid.net/extensions/sreg/1.1 
    openid.sreg.required: 
    openid.sreg.optional: email,fullname,gender,country 

2010-02-01 09:04:56,726 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending message: CheckIdRequest 
2010-02-01 09:04:56,730 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - Redirecting to https://api.screenname.aol.com/auth/openidServer?openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.trust_root=http%3A%2F%2F%2A.seekitlocal.com%2F&openid.mode=checkid_setup&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.sreg.required=&openid.sreg.optional=email%2Cfullname%2Cgender%2Ccountry 
2010-02-01 09:05:13,253 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.mode=id_res&openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.assoc_handle=diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%253D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%252BBcrVIrSAI%253D&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.signed=identity%2Creturn_to&openid.sig=utUiJJNfsRYobq3BiPraBubeI9c%3D 
2010-02-01 09:05:13,254 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.mode=id_res&openid.identity=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&openid.assoc_handle=diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%253D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%252BBcrVIrSAI%253D&openid.return_to=http%3A%2F%2Fdev.seekitlocal.com%2Fuser%2Flogin.aspx%3FReturnUrl%3Dhttp%253A%252F%252Fdev.seekitlocal.com%252F%26dnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT%26dnoa.op_endpoint%3Dhttps%253A%252F%252Fapi.screenname.aol.com%252Fauth%252FopenidServer%26dnoa.claimed_id%3Dhttp%253A%252F%252Fopenid.aol.com%252FDuctTapeNT&openid.signed=identity%2Creturn_to&openid.sig=utUiJJNfsRYobq3BiPraBubeI9c%3D 
2010-02-01 09:05:13,271 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse 
2010-02-01 09:05:13,277 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (1.1) message: 
    openid.identity: http://openid.aol.com/DuctTapeNT 
    openid.sig: utUiJJNfsRYobq3BiPraBubeI9c= 
    openid.signed: identity,return_to 
    openid.assoc_handle: diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%3D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%2BBcrVIrSAI%3D 
    openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT 
    openid.response_nonce: 2010-02-01T15:05:13Z 
    openid.mode: id_res 
    ReturnUrl: http://dev.seekitlocal.com/ 
    dnoa.userSuppliedIdentifier: http://openid.aol.com/DuctTapeNT 
    dnoa.op_endpoint: https://api.screenname.aol.com/auth/openidServer 
    dnoa.claimed_id: http://openid.aol.com/DuctTapeNT 

2010-02-01 09:05:13,282 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 
2010-02-01 09:05:13,286 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement applied to message. 
2010-02-01 09:05:13,289 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: utUiJJNfsRYobq3BiPraBubeI9c= 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (1.1) message. 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message. 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 
2010-02-01 09:05:13,307 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 
2010-02-01 09:05:13,309 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message. 
2010-02-01 09:05:13,310 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 
2010-02-01 09:05:13,312 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (1.1) message for https://api.screenname.aol.com/auth/openidServer: 
    openid.return_to: http://dev.seekitlocal.com/user/login.aspx?ReturnUrl=http%3A%2F%2Fdev.seekitlocal.com%2F&dnoa.userSuppliedIdentifier=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT&dnoa.op_endpoint=https%3A%2F%2Fapi.screenname.aol.com%2Fauth%2FopenidServer&dnoa.claimed_id=http%3A%2F%2Fopenid.aol.com%2FDuctTapeNT 
    openid.mode: check_authentication 
    openid.identity: http://openid.aol.com/DuctTapeNT 
    openid.sig: utUiJJNfsRYobq3BiPraBubeI9c= 
    openid.signed: identity,return_to 
    openid.assoc_handle: diAyLjAgayAwIG53VldlczRiWWFTR2M2SmYyQXgvN3U3alBvWT0%3D-j5HRXRB1VbPyg48jGKE1Q2MpHpkFkaUaOxWzZ44gUVrIf6wXQo2g2UtSNCbdz6IPS%2BBcrVIrSAI%3D 
    openid.response_nonce: 2010-02-01T15:05:13Z 
    ReturnUrl: http://dev.seekitlocal.com/ 
    dnoa.userSuppliedIdentifier: http://openid.aol.com/DuctTapeNT 
    dnoa.op_endpoint: https://api.screenname.aol.com/auth/openidServer 
    dnoa.claimed_id: http://openid.aol.com/DuctTapeNT 

2010-02-01 09:05:13,312 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request. 
2010-02-01 09:05:13,548 (GMT-6) [10] DEBUG DotNetOpenAuth.Http - HTTP POST https://api.screenname.aol.com/auth/openidServer 
2010-02-01 09:05:13,612 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response. 
2010-02-01 09:05:13,612 (GMT-6) [10] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (1.1) message: 
    is_valid: true 
    openid.mode: id_res 

2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 
2010-02-01 09:05:13,613 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 
2010-02-01 09:05:13,615 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 
2010-02-01 09:05:13,616 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 
2010-02-01 09:05:13,619 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message. 
2010-02-01 09:05:13,620 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 
2010-02-01 09:05:13,624 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message. 
2010-02-01 09:05:13,625 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (1.1) message is: 
    is_valid: true 
    openid.mode: id_res 

2010-02-01 09:05:13,626 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message. 
2010-02-01 09:05:13,627 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message. 
2010-02-01 09:05:13,627 (GMT-6) [10] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 
2010-02-01 09:05:13,627 (GMT-6) [10] ERROR DotNetOpenAuth.OpenId - Incoming message is expected to have a nonce, but the return_to parameter is not signed. 
2010-02-01 09:05:13,629 (GMT-6) [10] ERROR DotNetOpenAuth.Messaging - Protocol error: Unsolicited assertions are not allowed from 1.0 OpenID Providers. 
    at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args) 
    at DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement.ProcessIncomingMessage(IProtocolMessage message) 
    at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) 
    at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) 
    at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) 
    at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) 
    at IDM.Controls.OpenIDLogin.OnInit(EventArgs e) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 
    at System.Web.HttpContext.InvokeCancellableCallback(WaitCallback callback, Object state) 
    at System.Web.UI.Page.AsyncPageBeginProcessRequest(HttpContext context, AsyncCallback callback, Object extraData) 
    at IDM.Components.SILBasePage.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) 
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 
    at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) 
    at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) 
    at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) 
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

来源

2010-01-29 David Boike

+0

它适用于现场样品http://samples.dotnetopenauth.net/v3.4/OpenIdRelyingPartyWebForms/为了弄清楚是怎么回事在您的服务器上,我们需要查看日志:http://www.dotnetopenauth.net/developers/code-snippets/loggingdebugging-dotnetopenauth-with-log4net/您可以将日志添加到问题中吗? – 2010-01-30 04:12:03

+0

@Andrew添加了log4net日志。我很喜欢他们的详细程度,但不幸的是我依然对希腊很不满。希望你能指出我正确的方向。谢谢! – 2010-02-01 15:21:39

+0

RP处于无状态模式? – 2010-02-02 04:35:24

回答

2

我相信这是怎么回事就在于OpenIdRelyingParty比如你用它来创建该认证请求是无状态(‘哑’)模式。也就是说,您将null传递给其构造函数,或者在其中一个ASP.NET控件上设置Stateless="true"。但是,当身份验证响应返回时,您将使用在有状态模式下创建的OpenIdRelyingParty实例处理该响应(您没有显式向其构造函数传递null)。

这会导致认证响应不兼容。该请求以较低的安全级别创建,因为该额外安全性所需的状态不可用。但是,当身份验证响应返回时,状态可用,因此安全性要求更高,并且拒绝对较低级别请求的响应。

最好创建一个OpenIdRelyingParty实例,将其存储在某个静态字段中,然后将其用于所有登录。它是线程安全的,专门为此设计的。它可以帮助您避免将来出现这种问题,并且性能更高一些。顺便说一句,我也希望你在创建它之后明确地设置SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V10OpenIdRelyingParty实例,否则我不认为这种无状态模式将允许与AOL一起工作。在您的站点和OpenID 1.1提供程序中的无状态模式RP是DotNetOpenAuth默认禁止的低安全性组合,因为协议易受重播攻击。只要你知道你在那里压倒一切(如果你实际上是这样做的话)。

(哇,这是一个很大的日志挖掘的...)

来源

2010-02-02 05:01:11

+0

你说得对 - 我正在使用单独的OpenIdRelyingParty实例来启动并完成登录过程,其中一个未在构造函数中传递null。我是在假设实现IDisposable的类应该处置的情况下运行的,所以很高兴听到可以安全地实例化一个静态实例。我使用的是无状态的,因为我正在计划一个负载均衡的环境 - 您是否会建议实施IRelyingPartyApplicationStore以实现AOL和其他OpenID 1.1提供商的安全攻击? – 2010-02-02 15:34:25

+0

如果您可以实施它,我总是会推荐一家州立店。否则,我会在其无状态默认值off的情况下离开OpenID 1.1 OP支持。无论如何,AOL应该尽快完成2.0 OP的发布。 – 2010-02-03 00:01:58

0

“不请自来的断言”意味着你的应用程序认为AOL派人在与id_res消息,而无需您的应用程序不断做该标识符的checkid_setup 。我会把它留给安德鲁说出DotNetOpenAuth如何处理这个或AOL。

('因为它在Python。作品)

来源

2010-01-29 23:57:26 keturn

相关问题

 相关问题