china-live / qqconnect Goto Github PK
View Code? Open in Web Editor NEWasp.net core2.0 QQ和微信登录
License: BSD 3-Clause "New" or "Revised" License
asp.net core2.0 QQ和微信登录
License: BSD 3-Clause "New" or "Revised" License
配置了微信登录,但出现state过长的错误,请问是怎么回事?谢谢
微信登陆没问题,qq登陆卡在了ExternalLoginCallback里面的
var info = await _signInManager.GetExternalLoginInfoAsync();这一行,没闹明白怎么回事儿
你好,
PC端二维码登录OK,但微信客户端(微信内置浏览器中打开)提示:此公众号并没有这些scope的权限,错误码:10005
什么原因?
我用https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers 官方的Provider也是一样的问题,请问怎么解决呢?
是否要在开放平台后台中申请 一个移动应用?目前申请的都是网站应用。
是否持续更新移植到ORCHARD CORE
以及增加百度、新浪等
QQConnect is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
Master branch.
The application doesn't have the fix for CVE-2018-0784 that was found in ASP.NET Core templates. It is vulnerable to XSS if the logged-in user is tricked into clicking a malicious link like https://localhost:44315/manage/EnableAuthenticator?AuthenticatorUri=%22%3E%3C/div%3E%00%00%00%00%00%00%00%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
and enters an invalid verification code. Mode details are available in the blog post.
This issue may lead to the elevation of privileges.
Modify the code according to the instructions from the advisory.
The application doesn't have the fix for CVE-2018-0785 that was found in ASP.NET Core templates. It is vulnerable to CSRF. A logged-in user with enabled Second Factor Authentication (2FA) may lose their recovery codes if they are tricked into clicking a link like https://localhost:44315/manage/GenerateRecoveryCodes
or visit a malicious site that makes the request without the user's consent. As a result the user may be permanently locked out of their account after loosing access to their 2FA device, as the initial recovery codes would no longer be valid.
This issue may lead to the per-user DoS.
Modify the code according to the instructions from the advisory.
小程序登录实现起来有点麻烦呀。
1.wx.login()获取accessCode,传入ids4调用微信jscode2session拿到openid和session_key(可能有unionId)。
2.wx.getuserinfo()获取到加密数据和加密向量,再调用某个接口传入ids4,用上一步获取到的session_key对加密数据进行解密,解密完成就能拿到用户信息了。
今天自己在搞QQ登录,反编译了Microsoft.AspNetCore.Authentication.Google这个组件,来看看怎么写的,准备在github寻找其他实现qq登录组件中的AuthorizationEndpoint ,TokenEndpoint 等信息,发现了这个项目很不错,可以不用自己去造轮子了,赞一个。
Hi, how could I report a potential security vulnerability in the project?
报这个错误了
An unhandled exception occurred while processing the request.
ArgumentException: The 'ClientId' option must be provided.
Parameter name: ClientId
Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Validate()
Stack Query Cookies Headers
ArgumentException: The 'ClientId' option must be provided.
Parameter name: ClientId
Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions.Validate()
Microsoft.AspNetCore.Authentication.AuthenticationHandler+d__42.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider+d__5.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
IdentityServer4.Hosting.FederatedSignOut.FederatedSignoutAuthenticationHandlerProvider+d__3.MoveNext() in FederatedSignoutAuthenticationHandlerProvider.cs
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
System.Runtime.CompilerServices.TaskAwaiter.GetResult()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware+d__7.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
IdentityServer4.Hosting.BaseUrlMiddleware+d__3.MoveNext() in BaseUrlMiddleware.cs
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware+d__4.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware+d__6.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware+d__6.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()
Show raw exception details
按照demo一猫一样写的,id4一起动就报错,把addwechat段删掉就没事了。
An unhandled exception occurred while processing the request.
MissingMethodException: Method not found: 'Void Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions.MapCustomJson(Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection, System.String, System.Func`2<Newtonsoft.Json.Linq.JObject,System.String>)'.
Microsoft.AspNetCore.Authentication.WeChat.WeChatOptions..ctor()
请问一下,微信授权成功后,也获取到了用户的userinfo,
但是页面不会跳转到ExternalLoginCallback,用户一直无法登录,
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.