asp.net – DotNetOpenAuth.WebServerClient.XSRF-会话在回调期

发布时间：2020-12-16 04:06:13 所属栏目：asp.Net 来源：网络整理

导读：我正在尝试设置一个简单的Oauth2登录身份验证.但是我停留在抛出以下异常的回调： [ProtocolException: Unexpected OAuth authorization response received with callback and client state that does not match an expected value.] DotNetOpenAuth.Messagin

我正在尝试设置一个简单的Oauth2登录身份验证.但是我停留在抛出以下异常的回调：

[ProtocolException: Unexpected OAuth authorization response received with callback and client state that does not match an expected value.]
   DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition,String unformattedMessage,Object[] args) +426
   DotNetOpenAuth.OAuth2.WebServerClient.ProcessUserAuthorization(HttpRequestBase request) +771

在here讨论了完全相同的问题

在我的例子中,SessionID保持不变,但DotNetOpenAuth.WebServerClient.XSRF-Session cookie在回调时更改了它的值.

执行：

public void Authorize(HttpRequest request)
    {
        string callbackString = request.Url.AbsoluteUri;
        Uri callbackUri = new Uri(callbackString);;

        IAuthorizationState authorization = nimbleClient.ProcessUserAuthorization();

        if (authorization == null)
        {
            // Kick off authorization request
            nimbleClient.RequestUserAuthorization(returnTo: callbackUri);
        }
        else
        {
            //Get AccesToken
            Uri.EscapeDataString(authorization.AccessToken);
        }

解决方法

您是否已将Cookie声明为常量,如下所示：

private const string XsrfCookieName = "DotNetOpenAuth.WebServerClient.XSRF-Session"

这有助于在回调时保持该值.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!