asp.net-mvc-3 – WSFederationAuthenticationModule.IsSignInRe
发布时间:2020-12-16 00:13:50 所属栏目:asp.Net 来源:网络整理
导读:在我的MVC3站点中,我避免使用新的ValidateInput属性设置requestValidationMode =“2.0”,但现在我正在尝试切换到WIF进行身份验证,当STS重定向回我的站点时,我得到了异常,因为WSFederationAuthenticationModule.IsSignInResponse正在调用Request.Form而不是Re
在我的MVC3站点中,我避免使用新的ValidateInput属性设置requestValidationMode =“2.0”,但现在我正在尝试切换到WIF进行身份验证,当STS重定向回我的站点时,我得到了异常,因为WSFederationAuthenticationModule.IsSignInResponse正在调用Request.Form而不是Request.Unvalidated().Form …有没有办法处理这个问题而不需要requestValidationMode =“2.0”(我真的不想这样做).
这是堆栈跟踪,所以你可以看到我的意思.我的Controller的方法永远不会被调用. [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...").] System.Web.HttpRequest.ValidateString(String value,String collectionKey,RequestValidationSource requestCollection) +8755668 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc,RequestValidationSource requestCollection) +122 System.Web.HttpRequest.get_Form() +114 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +21 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request,Boolean onPage) +121 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender,EventArgs args) +78 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148 System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously) +75 解决方法
处理此问题的正确方法是向HttpRuntime添加特定验证器,HttpRuntime知道如何检测有效的安全令牌.
看看这里的任何例子:http://claimsid.codeplex.com/releases/view/62929 以下是其中一个的摘录(示例#5是具体的,也是MVC应用程序): namespace FShipping { using System; using System.Web; using System.Web.Util; using Microsoft.IdentityModel.Protocols.WSFederation; public class WsFederationRequestValidator : RequestValidator { protected override bool IsValidRequestString(HttpContext context,string value,RequestValidationSource requestValidationSource,string collectionKey,out int validationFailureIndex) { validationFailureIndex = 0; if (requestValidationSource == RequestValidationSource.Form && collectionKey.Equals(WSFederationConstants.Parameters.Result,StringComparison.Ordinal)) { if (WSFederationMessage.CreateFromFormPost(context.Request) as SignInResponseMessage != null) { return true; } } return base.IsValidRequestString(context,value,requestValidationSource,collectionKey,out validationFailureIndex); } } } 这是配置: <system.web> ... <httpRuntime requestValidationType="FShipping.WsFederationRequestValidator" /> </system.web> (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容