asp.net-mvc – MVC 5 OWIN登录声明和AntiforgeryToken.我错过了
发布时间:2020-12-15 20:13:04 所属栏目:asp.Net 来源:网络整理
导读:我正在尝试学习MVC 5 OWIN登录声明.我尽量保持简单.我从MVC模板开始,插入了我的索赔代码(见下文).当我在View中使用@ Html.AntiForgeryToken()帮助器时,我收到一个错误. 错误: A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
我正在尝试学习MVC 5 OWIN登录声明.我尽量保持简单.我从MVC模板开始,插入了我的索赔代码(见下文).当我在View中使用@
Html.AntiForgeryToken()帮助器时,我收到一个错误.
错误: A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovid er' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication,please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier,it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier. Exception Details: System.InvalidOperationException: A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication,please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier,it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier. Source Error: Line 4: using (Html.BeginForm("LogOff","Account",FormMethod.Post,new { id = "logoutForm",@class = "navbar-right" })) Line 5: { Line 6: @Html.AntiForgeryToken() POST登录操作 // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model,string returnUrl) { if (!ModelState.IsValid) { return View(model); } var claims = new List<Claim> { new Claim(ClaimTypes.Name,"Brock"),new Claim(ClaimTypes.Email,"brockallen@gmail.com") }; var id = new ClaimsIdentity(claims,DefaultAuthenticationTypes.ApplicationCookie); var ctx = Request.GetOwinContext(); var authenticationManager = ctx.Authentication; authenticationManager.SignIn(id); return RedirectToAction("Welcome"); } _LoginPartial.cshtml @using Microsoft.AspNet.Identity @if (Request.IsAuthenticated) { using (Html.BeginForm("LogOff",new { id = "logoutForm",@class = "navbar-right" })) { @Html.AntiForgeryToken() <ul class="nav navbar-nav navbar-right"> <li> @Html.ActionLink("Hello " + User.Identity.GetUserName() + "!","Index","Manage",routeValues: null,htmlAttributes: new { title = "Manage" }) </li> <li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a></li> </ul> } } 我已经尝试设置ClaimTypes.NameIdentifier(like in this SO answer) protected void Application_Start() { AreaRegistration.RegisterAllAreas(); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier; } 然后我“只”?得到这个错误 A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' was not present on the provided ClaimsIdentity. 我想保留antiorgeryToken,因为它可以帮助跨站点脚本. 解决方法
您的声明身份没有ClaimTypes.NameIdentifier,您应该在声明数组中添加更多内容:
var claims = new List<Claim> { new Claim(ClaimTypes.Name,"username"),"user@gmail.com"),new Claim(ClaimTypes.NameIdentifier,"userId"),//should be userid }; 要将信息映射到索赔以获得更多的纠正: ClaimTypes.Name => map to username ClaimTypes.NameIdentifier => map to user_id 由于用户名也是唯一的,所以您可以使用用户名进行防伪令牌支持. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- 如何在ASP.NET Core 1.0 RC2中加载程序集
- asp.net – 错误的System.Web.Mvc更新
- asp.net-mvc – 单元测试ViewEngines.Engines.FindView的正
- asp.net-mvc-5 – ASP.NET标识 – 什么方法创建表?
- asp.net-mvc – 为什么我的会话变量在构建Controller时不可
- asp.net-mvc-3 – 剃刀引擎 – SEO元标签
- asp.net – 通过链接按钮单击从一个用户控件到另一个用户控
- 从ASP.NET连接到远程MongoDB实例
- asp-classic – 使用FileSystemObject的文件权限 – CScrip
- asp.net – 通过Web服务访问连接字符串
推荐文章
站长推荐
- 浅析微软的网关项目 -- ReverseProxy
- asp.net-mvc – 认证之前调用的ASP.NET MVC控制器
- asp.net-core – 使用dotnet pack包含所有依赖项
- C#进阶系列——WebApi 接口参数不再困惑:传参详
- asp.net – 从存储过程获取结果以填充GridView
- asp.net-mvc – 不同语言的MVC数据注释?
- asp.net-mvc-3 – 增加ASP.NET MVC 3中的超时值
- asp.net-mvc-3 – ASP.NET MVC3从https重定向到h
- asp.net – HttpWebRequestError:服务器提交协议
- asp.net-mvc – 使用自定义ASP.NET MVC IValuePr
热点阅读