asp.net-mvc – 自定义WIF请求验证器无限循环
在解决
here所描述的问题时,我创建了另一个我可以在网络上的任何其他地方找到的问题:
SignInResponseMessage message = WSFederationMessage.CreateFromFormPost(context.Request) as SignInResponseMessage; 上面的代码不断调用IsValidRequestString(),这会导致无限循环.每次调用都是相同的,堆栈如下所示: > TestIdentityBroker.dll!TestIdentityBroker.Service.WsFederationRequestValidator.IsValidRequestString(System.Web.HttpContext context,string value,System.Web.Util.RequestValidationSource requestValidationSource,string collectionKey,out int validationFailureIndex) Line 19 C# [External Code] TestIdentityBroker.dll!TestIdentityBroker.Service.WsFederationRequestValidator.IsValidRequestString(System.Web.HttpContext context,out int validationFailureIndex) Line 19 + 0x21 bytes C# [External Code] TestIdentityBroker.dll!TestIdentityBroker.Service.WsFederationRequestValidator.IsValidRequestString(System.Web.HttpContext context,out int validationFailureIndex) Line 19 + 0x21 bytes C# [External Code] 这发生在自定义依赖方安全令牌服务中,该服务将我的依赖方的身份联合到FedUtil工具创建的ip.有谁知道为什么WSFederationMessage.CreateFromFormPost()会调用请求验证器?返回的wreply似乎正常. 编辑:这只发生在我之前已经过身份验证之后.如果我清除浏览器缓存,则不会发生. <?xml version="1.0"?> <!-- For more information on how to configure your ASP.NET application,please visit http://go.microsoft.com/fwlink/?LinkId=152368 --> <configuration> <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection,Microsoft.IdentityModel,Version=3.5.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" /> </configSections> <connectionStrings> <add name="ApplicationServices" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> <appSettings> <add key="webpages:Version" value="1.0.0.0" /> <add key="ClientValidationEnabled" value="true" /> <add key="UnobtrusiveJavaScriptEnabled" value="true" /> <add key="FederationMetadataLocation" value="X:WebTestTestIdentityBrokerTestIdentityBroker_STSFederationMetadata2007-06FederationMetadata.xml" /> <add key="SigningCertificateName" value="CN=Dev4"/> </appSettings> <location path="FederationMetadata"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <system.web> <!--<authorization> <deny users="?" /> </authorization>--> <compilation debug="true" targetFramework="4.0"> <assemblies> <add assembly="System.Web.Abstractions,Version=4.0.0.0,PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Helpers,Version=1.0.0.0,PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Routing,PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Mvc,Version=3.0.0.0,PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.WebPages,PublicKeyToken=31BF3856AD364E35" /> <add assembly="Microsoft.IdentityModel,PublicKeyToken=31BF3856AD364E35" /> </assemblies> </compilation> <!--<authentication mode="Forms"> <forms loginUrl="~/Federation/Authenticate" timeout="2880" /> </authentication>--> <authentication mode="None" /> <membership> <providers> <clear /> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership> <profile> <providers> <clear /> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" /> </providers> </profile> <roleManager enabled="false"> <providers> <clear /> <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" /> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> </providers> </roleManager> <pages> <namespaces> <add namespace="System.Web.Helpers" /> <add namespace="System.Web.Mvc" /> <add namespace="System.Web.Mvc.Ajax" /> <add namespace="System.Web.Mvc.Html" /> <add namespace="System.Web.Routing" /> <add namespace="System.Web.WebPages" /> </namespaces> </pages> <httpRuntime requestValidationType="TestIdentityBroker.Service.WsFederationRequestValidator" /> <httpModules> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule,PublicKeyToken=31bf3856ad364e35" /> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule,PublicKeyToken=31bf3856ad364e35" /> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule,System.Web.Extensions,PublicKeyToken=31bf3856ad364e35" /> <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule,System.Web.Routing,PublicKeyToken=31bf3856ad364e35" /> </httpModules> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule,PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" /> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule,PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" /> </modules> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> </assemblyBinding> </runtime> <microsoft.identityModel> <service> <audienceUris> <add value="https://rp_sts.local/" /> <add value="https://rp_sts.local/Federation/LogOn" /> </audienceUris> <federatedAuthentication> <wsFederation passiveRedirectEnabled="false" issuer="https://ip.local/" realm="https://rp_sts.local/" requireHttps="false" /> <cookieHandler requireSsl="true" /> </federatedAuthentication> <applicationService> <claimTypeRequired> <!--Following are the claims offered by STS 'http://ip.local/'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.--> <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" /> <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" /> </claimTypeRequired> </applicationService> <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry,PublicKeyToken=31bf3856ad364e35"> <trustedIssuers> <add thumbprint="xx" name="https://ip.local/" /> </trustedIssuers> </issuerNameRegistry> </service> </microsoft.identityModel> </configuration> 解决方法
问题是当用户通过身份验证时,访问System.HttpContext.Current.Request会触发RequestValidator执行.
因此,将Request.HttpContext.Current.Request引用传递到RequestValidator内的WSFederationMessage.CreateFromFormPost会启动无限循环.我没有调查为什么会出现这个问题. 虽然您可以决定不处理已经在STS上验证过的用户的请求(正如您所做的那样),但如果您的代码是依赖于其他发行者的中间STS,那么这不起作用.例如,如果请求RP传递不同的WHR,您仍然希望重新处理到父STS,以防不同的主域发出不同的声明. 在我的情况下,如果存在wresult参数,我只能通过返回true来修改我的请求验证器.通过这样做,验证incomming消息的责任被委托给处理登录请求的代码: public class WIFRequestValidator : RequestValidator { protected override bool IsValidRequestString(HttpContext context,RequestValidationSource requestValidationSource,out int validationFailureIndex) { validationFailureIndex = 0; if (requestValidationSource == RequestValidationSource.Form && collectionKey.Equals(WSFederationConstants.Parameters.Result,StringComparison.Ordinal)) { return true; //SignInResponseMessage message = WSFederationMessage.CreateFromFormPost(context.Request) as SignInResponseMessage; //if (message != null) //{ //return true; //} } return base.IsValidRequestString(context,value,requestValidationSource,collectionKey,out validationFailureIndex); } } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
- asp.net-mvc – Html.BeginForm使用FormMethod.GET丢失rout
- asp.net-mvc – ViewBag.Title值覆盖ASP.NET MVC编辑器模板
- asp.net-mvc – HttpContext.Current.User.IsInRole不能正常
- asp.net – HttpMessageHandler与DelegatingHandler
- asp.net – 使用.Resx文件获取全局应用程序消息?
- asp.net-mvc – 如何在ASP.NET MVC4中使用具有唯一标识符UR
- entity-framework – 如何找到UIHInt属性的target属性?
- asp.net-mvc – MVC 3 – 脚手架下拉列表
- asp.net – 找不到’AppModule’的NgModule元数据使用–env
- asp.net – 在不过度使用meta:resourcekey的情况下本地化W
- asp.net – UpdatePanel没有名为’TextBox’的公
- asp.net-core – TagHelper,用于将路由值作为链接
- asp.net – 在页面中间显示Ajax UpdateProgress
- asp.net-mvc – MVC存储库模式:创建模型类
- asp.net-mvc-4 – Quartz.NET触发器不会触发,MVC
- asp.net – iis 7.0,模块订单更改
- 认证和授权在ASP.NET MVC 5
- asp.net-mvc-2 – 什么时候使用View()与Redirect
- asp.net-mvc – WebApi是否支持开箱即用的applic
- asp.net-mvc – 在ASP.NET MVC中创建ETag过滤器