使用声明和AntiforgeryToken登录MVC 5 OWIN。我会错过索赔提供者吗?
我试图学习MVC 5 OWIN登录的索赔。我尽量保持简单。我从MVC模板开始,插入了我的索赔代码(见下文)。我得到一个错误,当我使用@Html.视图中的AntiForgeryToken()助手。
错误:
A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovid
er' was not present on the provided ClaimsIdentity.
To enable anti-forgery token support with claims-based authentication, please verify that
the configured claims provider is providing both of these claims on the ClaimsIdentity
instances it generates. If the configured claims provider instead uses a different claim
type as a unique identifier, it can be configured by setting the static property
AntiForgeryConfig.UniqueClaimTypeIdentifier.
Exception Details: System.InvalidOperationException: A claim of type
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was
not present on the provided ClaimsIdentity. To enable anti-forgery token
support with claims-based authentication, please verify that the configured claims provider
is providing both of these claims on the ClaimsIdentity instances it generates.
If the configured claims provider instead uses a different claim type as a unique
identifier, it can be configured by setting the static property
AntiForgeryConfig.UniqueClaimTypeIdentifier.
Source Error:
Line 4: using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new
{ id = "logoutForm", @class = "navbar-right" }))
Line 5: {
Line 6: @Html.AntiForgeryToken()
登录后操作
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "Brock"),
new Claim(ClaimTypes.Email, "brockallen@gmail.com")
};
var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignIn(id);
return RedirectToAction("Welcome");
}
_逻辑部分。cshtml
@using Microsoft.AspNet.Identity
@if (Request.IsAuthenticated)
{
using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
{
@Html.AntiForgeryToken()
<ul class="nav navbar-nav navbar-right">
<li>
@Html.ActionLink("Hello " + User.Identity.GetUserName() + "!", "Index", "Manage", routeValues: null, htmlAttributes: new { title = "Manage" })
</li>
<li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a></li>
</ul>
}
}
我尝试设置索赔类型。名称标识符(如本SO答案中所示)
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
然后我“只有?”得到这个错误
A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' was
not present on the provided ClaimsIdentity.
我想保留antiforgeryToken,因为它可以帮助防止跨站点脚本。
共有3个答案
抗真菌配置
解决此问题的一种方法是将AntiForgeryConfig设置为使用其他ClaimType。
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;
}
添加NameIdentifier和IdentityProvider索赔类型
或者,您可以将Name标识符和标识符提供者声明类型添加到您的声明中。
List<Claim> _claims = new List<Claim>();
_claims.AddRange(new List<Claim>
{
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", _user.Email)),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", _user.Email)
})
见:https://stack247.wordpress.com/2013/02/22/antiforgerytoken-a-claim-of-type-nameidentifier-or-identityprovider-was-not-present-on-provided-claimsidentity/
您的索赔标识没有索赔类型。NameIdentifier,您应该在索赔数组中添加更多内容:
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "username"),
new Claim(ClaimTypes.Email, "user@gmail.com"),
new Claim(ClaimTypes.NameIdentifier, "userId"), //should be userid
};
要将信息映射到索赔以获得更多纠正措施,请执行以下操作:
ClaimTypes.Name => map to username
ClaimTypes.NameIdentifier => map to user_id
由于用户名也是唯一的,因此您可以使用username来支持防伪令牌。
在应用程序\u Start()中,指定要用作名称标识符的声明:
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
...
System.Web.Helpers.AntiForgeryConfig.UniqueClaimTypeIdentifier =
System.Security.Claims.ClaimTypes.NameIdentifier;
...
}
}
见:http://brockallen.com/2012/07/08/mvc-4-antiforgerytoken-and-claims/
-
The Ethereum eco-system provides many methods of interacting with the blockchain. In ethers.js we expose a Provider API that covers the breadth of operations, however often it is useful to inter-opera
-
security_applicationcontext.xml UserDetailService实现 } 斯塔克特雷斯。虽然没有例外,但我捕获了stacktrace以供参考。
-
我有一台远程计算机,正在尝试使用以下命令登录postgres数据库(通过
-
我已经创建了身份提供程序,并且从浏览器中它工作正常。 参考:密钥斗篷身份提供程序后代理登录抛出错误 从浏览器,我可以使用外部IDP登录,如果外部IDP用户不在keycloak中,它会在keyclock中创建,这绝对没问题,并重定向到仪表板。 但我的问题是,我们如何用keycloak rest api实现这个流程? 是否有任何api用于使用外部IDP登录,并将获得外部IDP的令牌以及密钥斗篷的令牌?
-
我们有两个服务,其中一个是另一个的消费者。使用者是用Java编写的,提供者是用JavaScript编写的。 在消费者端,我们使用pact-jvm定义了一个consumer-contract-test,并且能够生成一个合同。在此契约中,响应的定义如下: 用于pact验证的代码 有什么办法解决这个问题吗?是否可能在消费者端使用带有内容键的类似消息结构?或者我们可以在提供方用其他方法解决它吗
-
当我构建我的应用程序并尝试它时,没有任何错误,但当我在google play store上发布我的应用程序并尝试登录Facebook时,它会给我一个错误。这个错误是一个错误的散列键,因为散列键发生了变化(我得到了sign应用程序的散列键,通过许多方式给了我相同的has键,工作正常)这是第一个问题。 我的第二个问题是当尝试使用gmail登录(谷歌登录)获取字段错误。 (您有错误的OAuth2相关配置