IDX21323：RequireNonce 是“[PII 已隐藏]”。 OpenIdConnectProtocolValidationContext.Nonce 为空

Question

我知道同一线程上有多个线程，但没有一个解决方案适合我，有什么解决方案吗？奇怪的是，当我在 IE 中运行应用程序时，它在 Edge 中运行时遇到了这个问题

IDX21323：RequireNonce 是“[PII 被隐藏]”。 OpenIdConnectProtocolValidationContext.Nonce 为空， OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce 不为空。这 nonce 无法验证。如果您不需要检查随机数，请设置 OpenIdConnectProtocolValidator.RequireNonce 为“假”。请注意，如果 找到'nonce'，它将被评估。

这里是代码

public class Startup
{
    // The Client ID is used by the application to uniquely identify itself to Azure AD.
    string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];

    // RedirectUri is the URL where the user will be redirected to after they sign in.
    string redirectUri = System.Configuration.ConfigurationManager.AppSettings["RedirectUri"];

    // Tenant is the tenant ID (e.g. contoso.onmicrosoft.com, or 'common' for multi-tenant)
    static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];

    // Authority is the URL for authority, composed by Microsoft identity platform endpoint and the tenant name (e.g. https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0)
    string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);

    /// <summary>
    /// Configure OWIN to use OpenIdConnect 
    /// </summary>
    /// <param name="app"></param>
    public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            // Sets the ClientId, authority, RedirectUri as obtained from web.config
            ClientId = clientId,
            Authority = authority,
            RedirectUri = redirectUri,
            // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
            PostLogoutRedirectUri = redirectUri,
            Scope = OpenIdConnectScope.OpenIdProfile,
            // ResponseType is set to request the code id_token - which contains basic information about the signed-in user
            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed
            }
        }
    );
    }

    /// <summary>
    /// Handle failed authentication requests by redirecting the user to the home page with an error in the query string
    /// </summary>
    /// <param name="context"></param>
    /// <returns></returns>
    private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
    {
        context.HandleResponse();
        context.Response.Redirect("/?errormessage=" + context.Exception.Message);
        return Task.FromResult(0);
    }
}

我厌倦了可用的选项，但没有任何效果，是否有任何可能的解决方案

参考了这个OpenIdConnectProtocolValidationContext.Nonce was null

Answer 1

请尝试更新您的 Microsoft.Owin.Security.OpenIdConnect 软件包以匹配您其他 Owin 软件包的版本号，如 this related thread 中所述。

Microsoft.Owin [4.1.1]
Microsoft.Owin.Security [4.1.1]
Microsoft.Owin.Security.Cookies [4.1.1]

如果您使用的是 Google Chrome，请确保您也已更新到最新版本的 Chrome，或者在其他浏览器中进行测试。 （This guide 讨论了导致此错误的 Chrome 问题。）