会话超时时，Azure AD身份验证中断HTTP发布操作

我最近使用大致开箱即用"的代码从Windows身份验证更改为Azure AD；

I recently changed from windows authentication to Azure AD using roughly the "out of the box" code;

    public void ConfigureAuth(IAppBuilder app)
    {

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseKentorOwinCookieSaver();
        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    AuthorizationCodeReceived = (context) =>
                    {
                        var code = context.Code;
                        ClientCredential credential = new ClientCredential(clientId, appKey);
                        string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                        //AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
                        AuthenticationContext authContext = new AuthenticationContext(Authority);
                        return authContext.AcquireTokenByAuthorizationCodeAsync(
                           code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
                    }
                }
            });
    }

我们的用户在尝试提交某些表格时已开始出现间歇性404错误.我认为我已经设法通过删除cookie来重新创建该问题，因此我怀疑它与会话自然超时有关.

Our users have started to get intermittent 404 errors when trying to submit certain forms. I think I have managed to recreate the issue by deleting cookies, so I suspect it's tied to when the session naturally times out.

如果我查看带有HTTP GET请求的流，则它看起来像;

If I look at the flow with a HTTP GET request it looks like;

• HTTP GET https://myappurl/page?param1 = value& param2 = value
• HTTP 302响应，并重定向到 https://login.microsoftonline.com (包括各种参数；状态，client_id等)
• HTTP 200响应(不太清楚其知道重定向的方式/原因)
• HTTP GET https://myappurl/
• HTTP 302响应，重定向到原始URL https://myappurl/page?param1 = value& ; param2 = value
• HTTP GET https://myappurl/page?param1 = value& param2 = value
• HTTP 200响应

• HTTP GET https://myappurl/page?param1=value&param2=value
• HTTP 302 response with redirect to https://login.microsoftonline.com (including various params; state, client_id etc)
• HTTP 200 response (not quite sure how/why it then knows to redirect)
• HTTP GET https://myappurl/
• HTTP 302 response with redirect to original URL https://myappurl/page?param1=value&param2=value
• HTTP GET https://myappurl/page?param1=value&param2=value
• HTTP 200 response

一切正常……

但是对于HTTP POST；

For a HTTP POST however;

• HTTP POST到 https://myappurl/another_page
• HTTP 302响应，并重定向到 https://login.microsoftonline.com (包括各种参数；状态，client_id等)
• HTTP 200响应(不太清楚其知道重定向的方式/原因)
• HTTP GET https://myappurl/
• 带有重定向到原始URL的HTTP 302响应 https://myappurl/another_page
• HTTP GET https://myappurl/another_page
• HTTP 404响应

• HTTP POST to https://myappurl/another_page
• HTTP 302 response with redirect to https://login.microsoftonline.com (including various params; state, client_id etc)
• HTTP 200 response (not quite sure how/why it then knows to redirect)
• HTTP GET https://myappurl/
• HTTP 302 response with redirect to original URL https://myappurl/another_page
• HTTP GET https://myappurl/another_page
• HTTP 404 response

失败，因为端点仅接受HTTP POST请求.

Fails because the endpoint only accepts HTTP POST requests.

是否知道如何/如何解决此问题?我本以为内置的状态跟踪或其所执行的任何操作都会存储原始请求，并继续在中断的地方继续进行，无论...

Any idea if/how I can fix this? I would have thought the built in state tracking or whatever it is doing would store the original request and continue where it left off regardless...