DotNetOpenAuth oAuth2 Message already been processed
I'm discovering dotnetopenauth and trying to use it with the oauth2 ctp release. I must be stupid but it's very complicate to get it working for me.
So after a lot of tests I'm stuck at some point.
So my app wants to get an access token. My app callback is http://localhost/myapp/accept.aspx?... My oauth server is http://localhost/oauth/
My app ask for the code. The server display a login page. I log in. Then it asks if I want to give access to my app. I said yes.
My app get a response with a code key. So my app request the token to my oauth. And when my oauth executes the line :
publ开发者_Go百科ic ActionResult Token()
{
var request = this.authorizationServer.ReadAccessTokenRequest();
I got the error "message already processed. maybe a replay attack..." So I try to understood what happened. I can't play with the source code because the version on git is not the same (the interface icryptostore not found, you get a list of callback url and not only one, ...). If someone can explain me exactly what is happening. From what I read it's because it must be a second webresponse, but as it's the entry pf the controller, I don't know what I'm missing.
Hope I gave you enough infos.
Thanks in advance for your help.
M.
Edited : I copy paste the wrong action call. It's the "Token" function.
You likely have two places that are trying to respond to the access token request. The one that's failing would be the second one. You should only have one place parsing this request to avoid this false "replay attack" error.
You presumably have an INonceStore
implementation in your project. Set a breakpoint in the StoreNonce
method then repro the problem. You'll likely see two hits to the StoreNonce method. You'll be able to observe the callstacks of both calls to determine which one you want to keep and which one to delete.
精彩评论