asp.net-mvc-3 – WSFederationAuthenticationModule.IsSignInRe
发布时间:2020-12-16 00:13:50 所属栏目:asp.Net 来源:网络整理
导读:在我的MVC3站点中,我避免使用新的ValidateInput属性设置requestValidationMode =“2.0”,但现在我正在尝试切换到WIF进行身份验证,当STS重定向回我的站点时,我得到了异常,因为WSFederationAuthenticationModule.IsSignInResponse正在调用Request.Form而不是Re
|
在我的MVC3站点中,我避免使用新的ValidateInput属性设置requestValidationMode =“2.0”,但现在我正在尝试切换到WIF进行身份验证,当STS重定向回我的站点时,我得到了异常,因为WSFederationAuthenticationModule.IsSignInResponse正在调用Request.Form而不是Request.Unvalidated().Form …有没有办法处理这个问题而不需要requestValidationMode =“2.0”(我真的不想这样做).
这是堆栈跟踪,所以你可以看到我的意思.我的Controller的方法永远不会被调用. [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...").] System.Web.HttpRequest.ValidateString(String value,String collectionKey,RequestValidationSource requestCollection) +8755668 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc,RequestValidationSource requestCollection) +122 System.Web.HttpRequest.get_Form() +114 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +21 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request,Boolean onPage) +121 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender,EventArgs args) +78 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148 System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously) +75 解决方法
处理此问题的正确方法是向HttpRuntime添加特定验证器,HttpRuntime知道如何检测有效的安全令牌.
看看这里的任何例子:http://claimsid.codeplex.com/releases/view/62929 以下是其中一个的摘录(示例#5是具体的,也是MVC应用程序): namespace FShipping
{
using System;
using System.Web;
using System.Web.Util;
using Microsoft.IdentityModel.Protocols.WSFederation;
public class WsFederationRequestValidator : RequestValidator
{
protected override bool IsValidRequestString(HttpContext context,string value,RequestValidationSource requestValidationSource,string collectionKey,out int validationFailureIndex)
{
validationFailureIndex = 0;
if (requestValidationSource == RequestValidationSource.Form &&
collectionKey.Equals(WSFederationConstants.Parameters.Result,StringComparison.Ordinal))
{
if (WSFederationMessage.CreateFromFormPost(context.Request) as SignInResponseMessage != null)
{
return true;
}
}
return base.IsValidRequestString(context,value,requestValidationSource,collectionKey,out validationFailureIndex);
}
}
}
这是配置: <system.web> ... <httpRuntime requestValidationType="FShipping.WsFederationRequestValidator" /> </system.web> (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容