DotNetOpenId - “这个消息已被处理过的”误差(第2部分)已被、误差、这个消息、部分
2023-09-03 16:34:28
作者:薄荷少女暖夕夏゛
这已经被问Here,而不是由我和OP接受了答案,我没有帮助。到目前为止,我已经尝试从不同的浏览器从外部设备登录,修改网络配置,清除cookies和加载。
其实,我最终还是没发现,问题是具体到我自己的机器;当我发布到另一台机器,它工作得很好。任何建议在哪里寻找解决方案?我特意用了简单的测试code我能想到的,干净的空aspx页面和一个简单的的Page_Load 的功能。
修改:为了澄清,像原来问题的作者,我得到一个此消息已被处理的错误。这是打印出来的屏幕的Response.Write(response.Exception.ToString()); 。我相信这个问题是配置相关的,不像其他作家,因为症状只在我的本地中显示出来。请注意,症状是独立的我无论是在相同的环境中进行的code上运行。
保护无效的Page_Load(对象发件人,EventArgs的)
{
使用(OpenIdRelyingParty的OpenID =新OpenIdRelyingParty())
{
IAuthenticationResponse响应= openid.GetResponse();
如果(响应!= NULL)
{
尝试
{
回复于(response.Exception.ToString());
}
赶上(例外)
{
}
返回;
}
}
使用(OpenIdRelyingParty的OpenID =新OpenIdRelyingParty())
{
IAuthenticationRequest请求= openid.CreateRequest(@https://www.google.com/accounts/o8/id);
request.RedirectToProvider();
}
}
错误消息:
DotNetOpenAuth.Messaging.Bindings.ReplayedMessageException:该消息已被处理。这可能表明正在进行的重放攻击。在DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement.ProcessIncomingMessage(IProtocolMessage消息)在c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Bindings\StandardReplayProtectionBindingElement.cs:line 129在DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage消息)在C:\ TeamCity的\ buildAgent \工作\ bf9e2ca68b75a334的\ src \ DotNetOpenAuth \通讯\ Channel.cs:990线在DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage消息) 在c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172在DotNetOpenAuth.Messaging.Channel.ReadFromRequest(Htt的prequestInfo HTT prequest)在C:\ TeamCity的\ buildAgent \工作\ bf9e2ca68b75a334的\ src \ DotNetOpenAuth \通讯\ Channel.cs:375线在DotNetOpenAuth.OpenId。 RelyingParty.OpenIdRelyingParty.GetResponse(Htt的prequestInfo HTT prequestInfo)在c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 498
日志:
2010-02-01 14:19:57238(GMT-5)[4]信息DotNetOpenAuth - DotNetOpenAuth,版本= 3.4.0.10015,文化=中性公钥= 2780ccd10d57b246(官方)
2010-02-01 14:19:57253(GMT-5)[4]信息DotNetOpenAuth - 报告将使用独立存储与范围:用户,域,大会
2010-02-01 14:19:57270(GMT-5)[4]信息DotNetOpenAuth.Messaging.Channel - 扫描传入的请求消息: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57272(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Channel - 传入HTTP请求:GET http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57360(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Channel - 接收传入的请求:PositiveAssertionResponse
2010-02-01 14:19:57364(GMT-5)[4]信息DotNetOpenAuth.Messaging.Channel - 处理传入PositiveAssertionResponse(2.0)消息:
openid.claimed_id:https://www.google.com/accounts/o8/id?id=[snip1]
openid.identity:https://www.google.com/accounts/o8/id?id=[snip1]
openid.sig:[snip2] / [snip7] =
和openid.signed:op_endpoint,claimed_id,身份的return_to,response_nonce,把assoc_handle
openid.assoc_handle:[snip3]
openid.op_endpoint:https://www.google.com/accounts/o8/ud
openid.return_to指定: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
openid.response_nonce:[snip4]:[snip5]:[snip6]
openid.mode:id_res
openid.ns:http://specs.openid.net/auth/2.0
dnoa.userSuppliedIdentifier:https://www.google.com/accounts/o8/id
2010-02-01 14:19:57373(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement并不适用于邮件。
2010-02-01 14:19:57374(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement并不适用于邮件。
2010-02-01 14:19:57376(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 验证的传入PositiveAssertionResponse消息签名:[snip2] =
2010-02-01 14:19:57388(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Channel - preparing发送CheckAuthenticationRequest(2.0)的消息。
2010-02-01 14:19:57399(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement并不适用于邮件。
2010-02-01 14:19:57399(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions并不适用于邮件。
2010-02-01 14:19:57,400(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement并不适用于邮件。
2010-02-01 14:19:57,400(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement并不适用于邮件。
2010-02-01 14:19:57401(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement并不适用于邮件。
2010-02-01 14:19:57401(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement并不适用于邮件。
2010-02-01 14:19:57402(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement并不适用于邮件。
2010-02-01 14:19:57402(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement并不适用于邮件。
2010-02-01 14:19:57403(GMT-5)[4]信息DotNetOpenAuth.Messaging.Channel - ppared传出CheckAuthenticationRequest(2.0)消息https://www.google.com/accounts/o8/ $ P $ UD:
openid.return_to指定: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
openid.mode:check_authentication
openid.ns:http://specs.openid.net/auth/2.0
openid.claimed_id:https://www.google.com/accounts/o8/id?id=[snip1]
openid.identity:https://www.google.com/accounts/o8/id?id=[snip1]
openid.sig:[snip2] =
和openid.signed:op_endpoint,claimed_id,身份的return_to,response_nonce,把assoc_handle
openid.assoc_handle:[snip3]
openid.op_endpoint:https://www.google.com/accounts/o8/ud
openid.response_nonce:[snip4]:[snip5]:[snip6]
dnoa.userSuppliedIdentifier:https://www.google.com/accounts/o8/id
2010-02-01 14:19:57403(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Channel - 发送CheckAuthenticationRequest请求。
2010-02-01 14:19:57916(GMT-5)[4] DEBUG DotNetOpenAuth.Http - HTTP POST https://www.google.com/accounts/o8/ud
2010-02-01 14:19:57992(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Channel - 收到CheckAuthenticationResponse响应。
2010-02-01 14:19:57992(GMT-5)[4]信息DotNetOpenAuth.Messaging.Channel - 处理传入CheckAuthenticationResponse(2.0)消息:
is_valid:真
NS:http://specs.openid.net/auth/2.0
2010-02-01 14:19:57993(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement并不适用于邮件。
2010-02-01 14:19:57993(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement并不适用于邮件。
2010-02-01 14:19:57993(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement并不适用于邮件。
2010-02-01 14:19:57993(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement并不适用于邮件。
2010-02-01 14:19:57994(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement并不适用于邮件。
2010-02-01 14:19:57995(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement并不适用于邮件。
2010-02-01 14:19:57995(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions并不适用于邮件。
2010-02-01 14:19:57997(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement并不适用于邮件。
2010-02-01 14:19:57997(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Channel - 后绑定元素的处理,接收CheckAuthenticationResponse(2.0)的消息是:
is_valid:真
NS:http://specs.openid.net/auth/2.0
2010-02-01 14:19:57997(GMT-5)[4] DEBUG DotNetOpenAuth.Messaging.Bindings - 绑定元素DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement应用于消息。
web.config中:
< XML版本=1.0&GT?;
<结构>
< configSections>
<节名称=log4net的TYPE =log4net.Config.Log4NetConfigurationSectionHandlerrequirePermission =FALSE/>
<节名称=URITYPE =System.Configuration.UriSection,
系统,版本= 2.0.0.0,文化=中性公钥= b77a5c561934e089/>
<节名称=dotNetOpenAuthTYPE =DotNetOpenAuth.Configuration.DotNetOpenAuthSection
requirePermission =假allowLocation =真/>
< / configSections>
< URI>
< IDN启用=全部/>
< iriParsing启用=真/>
< / URI>
<的appSettings />
<的ConnectionStrings />
<的System.Web>
<! -
设置编译调试=true以将调试
符号插入到编译页。因为这
影响性能,因此将该值设置为唯一的真
在开发过程中。
- >
<编译调试=真/>
<! -
在<验证>节可以配置
所使用的安全性的认证模式的
ASP.NET识别传入的用户。
- >
<身份验证模式=窗口/>
<! -
在<&的customErrors GT;节可以配置
当未处理的错误发生时该怎么做,如果/
在一个请求的执行。特别,
它允许开发人员配置HTML错误页面
要显示代替错误堆栈跟踪。
<的customErrors模式=仅限远程的defaultRedirect =GenericErrorPage.htm>
<错误状态code =403重定向=NoAccess.htm/>
<错误状态code =404重定向=FileNotFound.htm/>
< /的customErrors>
- >
< /system.web>
< dotNetOpenAuth>
< OpenID的maxAuthenticationTime =0:05cacheDiscovery =真正的>
< relyingParty>
<安全
requireSsl =假
minimumRequiredOpenIdVersion =V10
minimumHashBitLength =160
maximumHashBitLength =256
requireDirectedIdentity =假
requireAssociation =假
rejectUnsolicitedAssertions =假
rejectDelegatingIdentifiers =假
ignoreUnsignedExtensions =假
privateSecretMaximumAge =07:00:00/>
<行为>
<! - <加上TYPE =Fully.Qualified.ClassName,集结号/> - >
< /行为>
<存储类型=Fully.Qualified.ClassName,集结号/>
< / relyingParty>
<供应商>
<安全
requireSsl =假
protectDownlevelReplayAttacks =真
minimumHashBitLength =160
maximumHashBitLength =512>
<协会>
<加上TYPE =HMAC-SHA1终身=14.00:00:00/>
<加上TYPE =HMAC-SHA256终身=14.00:00:00/>
< /协会>
< /安全>
<行为>
<! - <加上TYPE =Fully.Qualified.ClassName,集结号/> - >
< /行为>
<存储类型=Fully.Qualified.ClassName,集结号/>
< /供应商>
< extensionFactories>
<加上TYPE =FullyQualifiedClass.Implementing.IOpenIdExtensionFactory,集结号/>
< / extensionFactories>
< / OpenID的>
<通信时钟相位差=00:10:00终身=00:03:00>
< untrustedWebRequest
超时=0时○一分10秒
readWriteTimeout =00:00:21.500
maximumBytesToRead =1048576
maximumRedirections =10>
< whitelistHosts>
&所述;! - 因为这是一个示例,并且将通常用于与本地主机 - >
<! - <添加名称=本地主机/> - >
< / whitelistHosts>
< whitelistHostsRegex>
&所述;! - 因为这是一个示例,并且将通常用于与本地主机 - >
<! - <添加名称=\ owndomain \ .COM $。/> - >
< / whitelistHostsRegex>
< blacklistHosts>
< / blacklistHosts>
< blacklistHostsRegex>
< / blacklistHostsRegex>
< / untrustedWebRequest>
< /消息>
< / dotNetOpenAuth>
&所述;! - log4net的是,如果dotnetopenid present将使用,但不要求一第三方(免费)记录器库。 - >
< log4net的>
<附加目的地名称=RollingFileAppender进行式=log4net.Appender.RollingFileAppender>
<文件值=C:\\ TMP \\ \\ TOTO RelyingParty2.log/>
< appendToFile值=真/>
< immediateFlush值=真/>
< rollingStyle值=大小/>
< maxSizeRollBackups值=10/>
< maximumFileSize值=100KB/>
< staticLogFileName值=真/>
<布局类型=log4net.Layout.PatternLayout>
< conversionPattern值=%DATE(GMT%日期{%Z})[%线程]%-5level%记录仪 - %消息%换行/>
< /布局>
< /附加器>
<附加目的地名称=TracePageAppender型=&GTOpenIdRelyingPartyWebForms code.TracePageAppender,OpenIdRelyingPartyWebForms。
<布局类型=log4net.Layout.PatternLayout>
< conversionPattern值=%DATE(GMT%日期{%Z})[%线程]%-5level%记录仪 - %消息%换行/>
< /布局>
< /附加器>
<! - 设置根类别,添加附加目的地,并设置默认级别 - >
<根>
<电平值=INFO/>
<附加目的地-REF REF =RollingFileAppender进行/>
<! - <附加目的地-REF REF =TracePageAppender/> - >
< /根>
<! - 指定的级别对一些特定类别 - >
<记录器名称=DotNetOpenAuth>
<电平值=ALL/>
< /记录器>
< / log4net的>
< /结构>
解决方案
在某些版本的dotnetopenauth还可以获得:
此消息已被 处理。这可能表明 重放攻击进行中。
如果您maxAuthenticationTime值太低(这显然是不相关的以任何方式错误 - 但这是一个不同的问题)。我经历过这种就在今天。
要增加此值,编辑配置条目显示在 https://github.com/ DotNetOpenAuth / DotNetOpenAuth /维基/配置(我建议设置为0:10)。
This has already been asked Here, but not by me and the OP accepted an answer which did not help me. Thus far, I've tried logging in from different browsers, changing the web config, clearing cookies, and loading from an external machine.
In fact, I eventually did discover that the problem is specific to my own machine; when I published to another machine, it worked fine. Any suggestions for where to look for solutions? I deliberately used the simplest test code I could think of, a clean empty aspx page and a simple Page_Load function.
Edit: To clarify, like the author of the original question, I am getting a "This message has already been processed" error. This is printed out to screen with Response.Write(response.Exception.ToString());. I believe the issue is configuration-related, unlike the other author, since the symptoms only show up on my local box. Note that the symptoms are independent of whether I test on the same box as the code is running on.
protected void Page_Load(object sender, EventArgs e)
{
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationResponse response = openid.GetResponse();
if (response != null)
{
try
{
Response.Write(response.Exception.ToString());
}
catch (Exception)
{
}
return;
}
}
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationRequest request = openid.CreateRequest(@"https://www.google.com/accounts/o8/id");
request.RedirectToProvider();
}
}
Error Message:
DotNetOpenAuth.Messaging.Bindings.ReplayedMessageException: This message has already been processed. This could indicate a replay attack in progress. at DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Bindings\StandardReplayProtectionBindingElement.cs:line 129 at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 990 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172 at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 375 at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 498
Logs:
2010-02-01 14:19:57,238 (GMT-5) [4] INFO DotNetOpenAuth - DotNetOpenAuth, Version=3.4.0.10015, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
2010-02-01 14:19:57,253 (GMT-5) [4] INFO DotNetOpenAuth - Reporting will use isolated storage with scope: User, Domain, Assembly
2010-02-01 14:19:57,270 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57,272 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57,360 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse
2010-02-01 14:19:57,364 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (2.0) message:
openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1]
openid.identity: https://www.google.com/accounts/o8/id?id=[snip1]
openid.sig: [snip2]/[snip7]=
openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.assoc_handle: [snip3]
openid.op_endpoint: https://www.google.com/accounts/o8/ud
openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
openid.response_nonce: [snip4]:[snip5]:[snip6]
openid.mode: id_res
openid.ns: http://specs.openid.net/auth/2.0
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
2010-02-01 14:19:57,373 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,374 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,376 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: [snip2]=
2010-02-01 14:19:57,388 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (2.0) message.
2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 14:19:57,403 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (2.0) message for https://www.google.com/accounts/o8/ud:
openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
openid.mode: check_authentication
openid.ns: http://specs.openid.net/auth/2.0
openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1]
openid.identity: https://www.google.com/accounts/o8/id?id=[snip1]
openid.sig: [snip2]=
openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.assoc_handle: [snip3]
openid.op_endpoint: https://www.google.com/accounts/o8/ud
openid.response_nonce: [snip4]:[snip5]:[snip6]
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
2010-02-01 14:19:57,403 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request.
2010-02-01 14:19:57,916 (GMT-5) [4] DEBUG DotNetOpenAuth.Http - HTTP POST https://www.google.com/accounts/o8/ud
2010-02-01 14:19:57,992 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response.
2010-02-01 14:19:57,992 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (2.0) message:
is_valid: true
ns: http://specs.openid.net/auth/2.0
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 14:19:57,994 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (2.0) message is:
is_valid: true
ns: http://specs.openid.net/auth/2.0
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.
web.config:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
<section name="uri" type="System.Configuration.UriSection,
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection"
requirePermission="false" allowLocation="true"/>
</configSections>
<uri>
<idn enabled="All"/>
<iriParsing enabled="true"/>
</uri>
<appSettings/>
<connectionStrings/>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" />
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows" />
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
<dotNetOpenAuth>
<openid maxAuthenticationTime="0:05" cacheDiscovery="true">
<relyingParty>
<security
requireSsl="false"
minimumRequiredOpenIdVersion="V10"
minimumHashBitLength="160"
maximumHashBitLength="256"
requireDirectedIdentity="false"
requireAssociation="false"
rejectUnsolicitedAssertions="false"
rejectDelegatingIdentifiers="false"
ignoreUnsignedExtensions="false"
privateSecretMaximumAge="07:00:00" />
<behaviors>
<!-- <add type="Fully.Qualified.ClassName, Assembly" /> -->
</behaviors>
<store type="Fully.Qualified.ClassName, Assembly" />
</relyingParty>
<provider>
<security
requireSsl="false"
protectDownlevelReplayAttacks="true"
minimumHashBitLength="160"
maximumHashBitLength="512">
<associations>
<add type="HMAC-SHA1" lifetime="14.00:00:00" />
<add type="HMAC-SHA256" lifetime="14.00:00:00" />
</associations>
</security>
<behaviors>
<!-- <add type="Fully.Qualified.ClassName, Assembly" /> -->
</behaviors>
<store type="Fully.Qualified.ClassName, Assembly" />
</provider>
<extensionFactories>
<add type="FullyQualifiedClass.Implementing.IOpenIdExtensionFactory, Assembly" />
</extensionFactories>
</openid>
<messaging clockSkew="00:10:00" lifetime="00:03:00">
<untrustedWebRequest
timeout="00:01:10"
readWriteTimeout="00:00:21.500"
maximumBytesToRead="1048576"
maximumRedirections="10">
<whitelistHosts>
<!-- since this is a sample, and will often be used with localhost -->
<!-- <add name="localhost" /> -->
</whitelistHosts>
<whitelistHostsRegex>
<!-- since this is a sample, and will often be used with localhost -->
<!-- <add name="\.owndomain\.com$" /> -->
</whitelistHostsRegex>
<blacklistHosts>
</blacklistHosts>
<blacklistHostsRegex>
</blacklistHostsRegex>
</untrustedWebRequest>
</messaging>
</dotNetOpenAuth>
<!-- log4net is a 3rd party (free) logger library that dotnetopenid will use if present but does not require. -->
<log4net>
<appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender">
<file value="c:\\tmp\\toto\\RelyingParty2.log" />
<appendToFile value="true" />
<immediateFlush value="true" />
<rollingStyle value="Size" />
<maxSizeRollBackups value="10" />
<maximumFileSize value="100KB" />
<staticLogFileName value="true" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<appender name="TracePageAppender" type="OpenIdRelyingPartyWebForms.Code.TracePageAppender, OpenIdRelyingPartyWebForms">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<!-- Setup the root category, add the appenders and set the default level -->
<root>
<level value="INFO" />
<appender-ref ref="RollingFileAppender" />
<!--<appender-ref ref="TracePageAppender" />-->
</root>
<!-- Specify the level for some specific categories -->
<logger name="DotNetOpenAuth">
<level value="ALL" />
</logger>
</log4net>
</configuration>
解决方案
In some versions of dotnetopenauth you can also get:
This message has already been processed. This could indicate a replay attack in progress.
if your maxAuthenticationTime value is too low (which is obviously not related to the error in any way - but that is a different issue). I experienced this just today.
To increase this value, edit the config entry as shown at https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Configuration (I suggest setting to 0:10).
相关推荐
猜您喜欢
精彩图集
