asp.net-mvc – MVC 5 OWIN登录声明和AntiforgeryToken.我错过了

发布时间：2020-12-15 20:13:04 所属栏目：asp.Net 来源：网络整理

导读：我正在尝试学习MVC 5 OWIN登录声明.我尽量保持简单.我从MVC模板开始,插入了我的索赔代码(见下文).当我在View中使用@ Html.AntiForgeryToken()帮助器时,我收到一个错误. 错误： A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

我正在尝试学习MVC 5 OWIN登录声明.我尽量保持简单.我从MVC模板开始,插入了我的索赔代码(见下文).当我在View中使用@ Html.AntiForgeryToken()帮助器时,我收到一个错误.

错误：

A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or  
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovid    
er' was not present on the provided ClaimsIdentity. 

To enable anti-forgery token support with claims-based authentication,please verify that 
the configured claims provider is providing both of these claims on the ClaimsIdentity 
instances it generates. If the configured claims provider instead uses a different claim 
type as a unique identifier,it can be configured by setting the static property 
AntiForgeryConfig.UniqueClaimTypeIdentifier.

Exception Details: System.InvalidOperationException: A claim of type
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was 
not present on the provided ClaimsIdentity. To enable anti-forgery token
support with claims-based authentication,please verify that the configured claims provider 
is providing both of these claims on the ClaimsIdentity instances it generates. 
If the configured claims provider instead uses a different claim type as a unique 
identifier,it can be configured by setting the static property 
AntiForgeryConfig.UniqueClaimTypeIdentifier.

Source Error:
Line 4:      using (Html.BeginForm("LogOff","Account",FormMethod.Post,new 
{ id = "logoutForm",@class = "navbar-right" }))
Line 5:      {
Line 6:      @Html.AntiForgeryToken()

POST登录操作

// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model,string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    var claims = new List<Claim>
    {
        new Claim(ClaimTypes.Name,"Brock"),new Claim(ClaimTypes.Email,"brockallen@gmail.com")
    };
    var id = new ClaimsIdentity(claims,DefaultAuthenticationTypes.ApplicationCookie);

    var ctx = Request.GetOwinContext();
    var authenticationManager = ctx.Authentication;
    authenticationManager.SignIn(id);

    return RedirectToAction("Welcome");
}

_LoginPartial.cshtml

@using Microsoft.AspNet.Identity
@if (Request.IsAuthenticated)
{
    using (Html.BeginForm("LogOff",new { id = "logoutForm",@class = "navbar-right" }))
    {
    @Html.AntiForgeryToken()

    <ul class="nav navbar-nav navbar-right">
        <li>
            @Html.ActionLink("Hello " + User.Identity.GetUserName() + "!","Index","Manage",routeValues: null,htmlAttributes: new { title = "Manage" })
        </li>
        <li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a></li>
    </ul>
    }
}

我已经尝试设置ClaimTypes.NameIdentifier(like in this SO answer)

protected void Application_Start()
{
    AreaRegistration.RegisterAllAreas();
    FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
    RouteConfig.RegisterRoutes(RouteTable.Routes);
    BundleConfig.RegisterBundles(BundleTable.Bundles);

    AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}

然后我“只”？得到这个错误

A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' was 
not present on the provided ClaimsIdentity.

我想保留antiorgeryToken,因为它可以帮助跨站点脚本.

解决方法

您的声明身份没有ClaimTypes.NameIdentifier,您应该在声明数组中添加更多内容：

var claims = new List<Claim>
{
    new Claim(ClaimTypes.Name,"username"),"user@gmail.com"),new Claim(ClaimTypes.NameIdentifier,"userId"),//should be userid
};

要将信息映射到索赔以获得更多的纠正：

ClaimTypes.Name => map to username
ClaimTypes.NameIdentifier => map to user_id

由于用户名也是唯一的,所以您可以使用用户名进行防伪令牌支持.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!