DotNetOpenId -“此消息已被处理”错误(第2部分)

Question

这已经被Here问过了，但不是由我和OP接受了一个对我没有帮助的答案。到目前为止，我已经尝试从不同的浏览器登录，更改web配置，清除cookie，并从外部机器加载。

事实上，我最终发现这个问题是我自己的机器特有的；当我发布到另一台机器时，它工作得很好。对于在哪里寻找解决方案有什么建议吗？我特意使用了我能想到的最简单的测试代码，一个干净的空aspx页面和一个简单的Page_Load函数。

编辑：为了澄清，和最初问题的作者一样，我收到了一个“这条消息已经被处理了”的错误。这是打印出来的屏幕与Response.Write(response.Exception.ToString());。我认为这个问题与配置有关，不像其他作者，因为症状只出现在我的本地框上。请注意，这些症状与我是否在代码运行的同一框上进行测试无关。

    protected void Page_Load(object sender, EventArgs e)
    {
        using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
        {
            IAuthenticationResponse response = openid.GetResponse();
            if (response != null)
            {
                try
                {
                    Response.Write(response.Exception.ToString());
                }
                catch (Exception)
                {
                }
                return;
            }
        }

        using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
        {
            IAuthenticationRequest request = openid.CreateRequest(@"https://www.google.com/accounts/o8/id");
            request.RedirectToProvider();
        }

    }

错误信息：

DotNetOpenAuth.Messaging.Bindings.ReplayedMessageException:此消息已被处理。这可能意味着正在进行重放攻击。(在DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement.ProcessIncomingMessage(IProtocolMessage消息)在c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Bindings\StandardReplayProtectionBindingElement.cs:line中，129在DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage消息中)在c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 990中，在DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage消息中)在c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172 at DotNetOpenAuth.Messagingc:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 375 at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo( c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 498 )中的.Channel.ReadFromRequest(HttpRequestInfo httpRequest)

日志：

2010-02-01 14:19:57,238 (GMT-5) [4] INFO  DotNetOpenAuth - DotNetOpenAuth, Version=3.4.0.10015, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
2010-02-01 14:19:57,253 (GMT-5) [4] INFO  DotNetOpenAuth - Reporting will use isolated storage with scope: User, Domain, Assembly
2010-02-01 14:19:57,270 (GMT-5) [4] INFO  DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57,272 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57,360 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse
2010-02-01 14:19:57,364 (GMT-5) [4] INFO  DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (2.0) message:
    openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1]
    openid.identity: https://www.google.com/accounts/o8/id?id=[snip1]
    openid.sig: [snip2]/[snip7]=
    openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
    openid.assoc_handle: [snip3]
    openid.op_endpoint: https://www.google.com/accounts/o8/ud
    openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
    openid.response_nonce: [snip4]:[snip5]:[snip6]
    openid.mode: id_res
    openid.ns: http://specs.openid.net/auth/2.0
    dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id

2010-02-01 14:19:57,373 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,374 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,376 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: [snip2]=
2010-02-01 14:19:57,388 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (2.0) message.
2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 14:19:57,403 (GMT-5) [4] INFO  DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (2.0) message for https://www.google.com/accounts/o8/ud: 
    openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
    openid.mode: check_authentication
    openid.ns: http://specs.openid.net/auth/2.0
    openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1]
    openid.identity: https://www.google.com/accounts/o8/id?id=[snip1]
    openid.sig: [snip2]=
    openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
    openid.assoc_handle: [snip3]
    openid.op_endpoint: https://www.google.com/accounts/o8/ud
    openid.response_nonce: [snip4]:[snip5]:[snip6]
    dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id

2010-02-01 14:19:57,403 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request.
2010-02-01 14:19:57,916 (GMT-5) [4] DEBUG DotNetOpenAuth.Http - HTTP POST https://www.google.com/accounts/o8/ud
2010-02-01 14:19:57,992 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response.
2010-02-01 14:19:57,992 (GMT-5) [4] INFO  DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (2.0) message:
    is_valid: true
    ns: http://specs.openid.net/auth/2.0

2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 14:19:57,994 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (2.0) message is: 
    is_valid: true
    ns: http://specs.openid.net/auth/2.0

2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.

web.config：

<?xml version="1.0"?>

<configuration>
  <configSections>
    <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
    <section name="uri" type="System.Configuration.UriSection, 
            System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection"
            requirePermission="false" allowLocation="true"/>
  </configSections>

  <uri>
    <idn enabled="All"/>
    <iriParsing enabled="true"/>
  </uri>

  <appSettings/>
  <connectionStrings/>

  <system.web>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
    <compilation debug="true" />
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Windows" />
    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
  </system.web>

  <dotNetOpenAuth>
    <openid maxAuthenticationTime="0:05" cacheDiscovery="true">
      <relyingParty>
        <security
                    requireSsl="false"
                    minimumRequiredOpenIdVersion="V10"
                    minimumHashBitLength="160"
                    maximumHashBitLength="256"
                    requireDirectedIdentity="false"
                    requireAssociation="false"
                    rejectUnsolicitedAssertions="false"
                    rejectDelegatingIdentifiers="false"
                    ignoreUnsignedExtensions="false"
                    privateSecretMaximumAge="07:00:00" />
        <behaviors>
          <!-- <add type="Fully.Qualified.ClassName, Assembly" /> -->
        </behaviors>
        <store type="Fully.Qualified.ClassName, Assembly" />
      </relyingParty>
      <provider>
        <security
                    requireSsl="false"
                    protectDownlevelReplayAttacks="true"
                    minimumHashBitLength="160"
                    maximumHashBitLength="512">
          <associations>
            <add type="HMAC-SHA1" lifetime="14.00:00:00" />
            <add type="HMAC-SHA256" lifetime="14.00:00:00" />
          </associations>
        </security>
        <behaviors>
          <!-- <add type="Fully.Qualified.ClassName, Assembly" /> -->
        </behaviors>
        <store type="Fully.Qualified.ClassName, Assembly" />
      </provider>
      <extensionFactories>
        <add type="FullyQualifiedClass.Implementing.IOpenIdExtensionFactory, Assembly" />
      </extensionFactories>
    </openid>
    <messaging clockSkew="00:10:00" lifetime="00:03:00">
      <untrustedWebRequest
                timeout="00:01:10"
                readWriteTimeout="00:00:21.500"
                maximumBytesToRead="1048576"
                maximumRedirections="10">
        <whitelistHosts>
          <!-- since this is a sample, and will often be used with localhost -->
          <!-- <add name="localhost" /> -->
        </whitelistHosts>
        <whitelistHostsRegex>
          <!-- since this is a sample, and will often be used with localhost -->
          <!-- <add name="\.owndomain\.com$" /> -->
        </whitelistHostsRegex>
        <blacklistHosts>
        </blacklistHosts>
        <blacklistHostsRegex>
        </blacklistHostsRegex>
      </untrustedWebRequest>
    </messaging>
  </dotNetOpenAuth>


  <!-- log4net is a 3rd party (free) logger library that dotnetopenid will use if present but does not require. -->
  <log4net>
    <appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender">
      <file value="c:\\tmp\\toto\\RelyingParty2.log" />
      <appendToFile value="true" />
      <immediateFlush value="true" />
      <rollingStyle value="Size" />
      <maxSizeRollBackups value="10" />
      <maximumFileSize value="100KB" />
      <staticLogFileName value="true" />
      <layout type="log4net.Layout.PatternLayout">
        <conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" />
      </layout>
    </appender>
    <appender name="TracePageAppender" type="OpenIdRelyingPartyWebForms.Code.TracePageAppender, OpenIdRelyingPartyWebForms">
      <layout type="log4net.Layout.PatternLayout">
        <conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" />
      </layout>
    </appender>
    <!-- Setup the root category, add the appenders and set the default level -->
    <root>
      <level value="INFO" />
      <appender-ref ref="RollingFileAppender" />
      <!--<appender-ref ref="TracePageAppender" />-->
    </root>
    <!-- Specify the level for some specific categories -->
    <logger name="DotNetOpenAuth">
      <level value="ALL" />
    </logger>
  </log4net>

</configuration>

Answer 1

在dotnetopenauth的某些版本中，您还可以获得：

此消息已被处理。这可能意味着正在进行重放攻击。

如果您的maxAuthenticationTime值太低(这显然与错误无关--但这是另一个问题)。我今天才经历过这个。

要增加这个值，编辑配置条目，如https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Configuration所示(我建议设置为0:10)。