一步一步学习IdentityServer3 (10)

在某些服务器环境下 identityserver3 会闹情绪， 比如在google浏览器下授权失败（陷入死循环）

查了很多资料好像然并卵

Microsoft.Owin.Security.Notifications.AuthenticationFailedNotification`2[Microsoft.IdentityModel.Protocols.OpenIdConnectMessage,Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions]

监控错误  Owin中间件cookies丢失导致授权失败

UseKentorOwinCookieSaver 用这个修复了一下 还是不行 ，解决方案在进一步研究中

找到几中方案  先足个试试

方案一  由于Google浏览器下关闭浏览器没有清除cookies，重写中间件处理

    public static class OpenIdConnectAuthenticationPatchedMiddlewareExtension
    {
        public static Owin.IAppBuilder UseOpenIdConnectAuthenticationPatched(this Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions openIdConnectOptions)
        {
            if (app == null)
            {
                throw new System.ArgumentNullException("app");
            }
            if (openIdConnectOptions == null)
            {
                throw new System.ArgumentNullException("openIdConnectOptions");
            }
            System.Type type = typeof(OpenIdConnectAuthenticationPatchedMiddleware);
            object[] objArray = new object[] { app, openIdConnectOptions };
            return app.Use(type, objArray);
        }
    }

    public class OpenIdConnectAuthenticationPatchedMiddleware : OpenIdConnectAuthenticationMiddleware
    {
        private readonly Microsoft.Owin.Logging.ILogger _logger;

        public OpenIdConnectAuthenticationPatchedMiddleware(Microsoft.Owin.OwinMiddleware next, Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions options)
                : base(next, app, options)
        {
            this._logger = Microsoft.Owin.Logging.AppBuilderLoggerExtensions.CreateLogger<OpenIdConnectAuthenticationPatchedMiddleware>(app);
        }

        protected override Microsoft.Owin.Security.Infrastructure.AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
        {
            return new SawtoothOpenIdConnectAuthenticationHandler(_logger);
        }

       
    }
    public class SawtoothOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler
    {
        public SawtoothOpenIdConnectAuthenticationHandler(Microsoft.Owin.Logging.ILogger logger)
            : base(logger) { }

        protected override void RememberNonce(OpenIdConnectMessage message, string nonce)
        {
            var oldNonces = Request.Cookies.Where(kvp => kvp.Key.StartsWith(OpenIdConnectAuthenticationDefaults.CookiePrefix + "nonce"));
            if (oldNonces.Any())
            {
                Microsoft.Owin.CookieOptions cookieOptions = new Microsoft.Owin.CookieOptions
                {
                    HttpOnly = true,
                    Secure = Request.IsSecure
                };
                foreach (KeyValuePair<string, string> oldNonce in oldNonces)
                {
                    Response.Cookies.Delete(oldNonce.Key, cookieOptions);
                }
            }
            base.RememberNonce(message, nonce);
        }
    }

   app.UseOpenIdConnectAuthenticationPatched  重写不行  Pass掉了

方案二  说是 Microsoft.Owin.Security.OpenIdConnect 版本问题  我现在用的 3.1.0   降级版本 ，但是这样原有高版本修复的问题就会出现 先试试  降级到3.0.0  相关dll 全部降级到3.0.0

发现没毛病，我的授权站点是与系统业务站点分离开的，所以这里其实只需要 业务站点中的OpenId版本降级就可以了，预编译发布可能会有问题 直接发布ok  完美解决  （只是有些服务器环境下用此方案） 毕竟3.1.0 修复了一些bug

方案三  说是 授权必须与业务站点一起，这个肯定不用测试了  我的就是分开的

方案四  Kentor.OwinCookieSaver  中间件修复  也是不行的

综上此坑：

降级是Ok的~~~~~~~ 亲身经历