问题描述
我正在尝试学习MVC 5 OWIN登录的声明.我试图使它尽可能简单.我从MVC模板开始,并插入了我的声明代码(请参见下文).在视图中使用@ Html.AntiForgeryToken()帮助器时出现错误.
I'm trying to learn Claims for MVC 5 OWIN login. I try'ed to keep it as simple as possible. I started with the MVC template and inserted my claims code (see below). I get an error when I use the @Html.AntiForgeryToken() helper in the View.
错误:
A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovid
er' was not present on the provided ClaimsIdentity.
To enable anti-forgery token support with claims-based authentication, please verify that
the configured claims provider is providing both of these claims on the ClaimsIdentity
instances it generates. If the configured claims provider instead uses a different claim
type as a unique identifier, it can be configured by setting the static property
AntiForgeryConfig.UniqueClaimTypeIdentifier.
Exception Details: System.InvalidOperationException: A claim of type
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or
'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was
not present on the provided ClaimsIdentity. To enable anti-forgery token
support with claims-based authentication, please verify that the configured claims provider
is providing both of these claims on the ClaimsIdentity instances it generates.
If the configured claims provider instead uses a different claim type as a unique
identifier, it can be configured by setting the static property
AntiForgeryConfig.UniqueClaimTypeIdentifier.
Source Error:
Line 4: using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new
{ id = "logoutForm", @class = "navbar-right" }))
Line 5: {
Line 6: @Html.AntiForgeryToken()
POST登录操作
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "Brock"),
new Claim(ClaimTypes.Email, "brockallen@gmail.com")
};
var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignIn(id);
return RedirectToAction("Welcome");
}
_LoginPartial.cshtml
@using Microsoft.AspNet.Identity
@if (Request.IsAuthenticated)
{
using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
{
@Html.AntiForgeryToken()
<ul class="nav navbar-nav navbar-right">
<li>
@Html.ActionLink("Hello " + User.Identity.GetUserName() + "!", "Index", "Manage", routeValues: null, htmlAttributes: new { title = "Manage" })
</li>
<li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a></li>
</ul>
}
}
我尝试设置ClaimTypes.NameIdentifier
(像这样的SO答案 )
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
然后我只?"得到这个错误
And then I "only?" get this error
A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' was
not present on the provided ClaimsIdentity.
我想保留antiforgeryToken,因为它可以帮助防止跨站点脚本编写.
I want to keep the antiforgeryToken because it can help against cross-site scripting.
推荐答案
您的声明标识不具有ClaimTypes.NameIdentifier
,您应在声明数组中添加更多内容:
Your claim identity does not have ClaimTypes.NameIdentifier
, you should add more into claim array:
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "username"),
new Claim(ClaimTypes.Email, "user@gmail.com"),
new Claim(ClaimTypes.NameIdentifier, "userId"), //should be userid
};
要将信息映射到Claim以获得更正:
To map the information to Claim for more corrective:
ClaimTypes.Name => map to username
ClaimTypes.NameIdentifier => map to user_id
由于用户名也是唯一的,因此您可以使用username
来支持防伪令牌.
Since username is unique also, so you are able to use username
for anti-forgery token support.
这篇关于具有声明和AntiforgeryToken的MVC 5 OWIN登录.我会错过ClaimsIdentity提供者吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!