ASP.Net Core 2.2 SignInManager'没有为方案'Identity.Application'注册任何登录身份验证处理程序 [英] ASP.Net Core 2.2 SignInManager 'No sign-in authentication handler is registered for the scheme 'Identity.Application'

问题描述

我在Startup.cs中具有以下配置:

I have the following configurations in Startup.cs:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    //options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
    o.LoginPath = Routes.Urls.AdminAccountLogin;
    o.AccessDeniedPath = Routes.Urls.AdminAccountAccessdenied;
}).AddJwtBearer(configureOptions => {});

当控制器的登录操作调用SignInManger.PasswordSignInAsync时，应用程序将引发以下异常:

The application throws the following exception when the controller Login action calls SignInManger.PasswordSignInAsync:

发生异常:CLR/System.InvalidOperationException
抛出异常:System.Private.CoreLib.dll中的'System.InvalidOperationException':'未为方案'Identity.Application'注册任何登录身份验证处理程序.注册的登录方案为:Cookies.您是否忘记了调用AddAuthentication().AddCookies("Identity.Application"，...)?'

Exception has occurred: CLR/System.InvalidOperationException
Exception thrown: 'System.InvalidOperationException' in System.Private.CoreLib.dll: 'No sign-in authentication handler is registered for the scheme 'Identity.Application'. The registered sign-in schemes are: Cookies. Did you forget to call AddAuthentication().AddCookies("Identity.Application",...)?'

Identity.Application来自哪里?

推荐答案

简短(不那么有用)答案:

Short (and not as helpful) Answer:

具体来说，它来自类Microsoft.AspNetCore.Identity.IdentityConstants.ApplicationScheme

长答案，以及整个细分:

Long Answer, with the whole breakdown:

您需要添加身份-该方案已建立，并已通过AddIdentity扩展方法连接到身份验证

You need to add Identity - That scheme is stood up and connected to authentication in the AddIdentity extension method

扩展方法在Microsoft.Extensions.DependencyInjection.IdentityServiceCollectionExtensions

public static IdentityBuilder AddIdentity<TUser, TRole>(this IServiceCollection services, Action<IdentityOptions> setupAction) where TUser: class where TRole: class
        {
            services.AddAuthentication(delegate (AuthenticationOptions options) {
                options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
                options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
                options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
            }).AddCookie(IdentityConstants.ApplicationScheme, delegate (CookieAuthenticationOptions o) {
                o.LoginPath = new PathString("/Account/Login");
                CookieAuthenticationEvents events1 = new CookieAuthenticationEvents();
                events1.OnValidatePrincipal = new Func<CookieValidatePrincipalContext, Task>(SecurityStampValidator.ValidatePrincipalAsync);
                o.Events = events1;
            }).AddCookie(IdentityConstants.ExternalScheme, delegate (CookieAuthenticationOptions o) {
                o.Cookie.Name = IdentityConstants.ExternalScheme;
                o.ExpireTimeSpan = TimeSpan.FromMinutes((double) 5.0);
            }).AddCookie(IdentityConstants.TwoFactorRememberMeScheme, delegate (CookieAuthenticationOptions o) {
                o.Cookie.Name = IdentityConstants.TwoFactorRememberMeScheme;
                CookieAuthenticationEvents events1 = new CookieAuthenticationEvents();
                events1.OnValidatePrincipal = new Func<CookieValidatePrincipalContext, Task>(SecurityStampValidator.ValidateAsync<ITwoFactorSecurityStampValidator>);
                o.Events = events1;
            }).AddCookie(IdentityConstants.TwoFactorUserIdScheme, delegate (CookieAuthenticationOptions o) {
                o.Cookie.Name = IdentityConstants.TwoFactorUserIdScheme;
                o.ExpireTimeSpan = TimeSpan.FromMinutes((double) 5.0);
            });
            services.AddHttpContextAccessor();
            services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();
            services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();
            services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();
            services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();
            services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>();
            services.TryAddScoped<IdentityErrorDescriber>();
            services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<TUser>>();
            services.TryAddScoped<ITwoFactorSecurityStampValidator, TwoFactorSecurityStampValidator<TUser>>();
            services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>();
            services.TryAddScoped<UserManager<TUser>>();
            services.TryAddScoped<SignInManager<TUser>>();
            services.TryAddScoped<RoleManager<TRole>>();
            if (setupAction != null)
            {
                services.Configure<IdentityOptions>(setupAction);
            }
            return new IdentityBuilder(typeof(TUser), typeof(TRole), services);
        }

如果您遵循此AddCookie通话

.AddCookie(IdentityConstants.ApplicationScheme, delegate (CookieAuthenticationOptions o) {
                o.LoginPath = new PathString("/Account/Login");
                CookieAuthenticationEvents events1 = new CookieAuthenticationEvents();
                events1.OnValidatePrincipal = new Func<CookieValidatePrincipalContext, Task>(SecurityStampValidator.ValidatePrincipalAsync);
                o.Events = events1;

它最终使用"Identity.Application"方案和CookieAuthenticationHandler

it eventually configures AuthenticationOptions with the "Identity.Application" scheme and a CookieAuthenticationHandler

致电SignInManager.PasswordSignInAsync时:

• SignInManager检查数据库中的用户名/密码(如果启用，则进行两个因素的处理)，然后检查是否正确
• 使用身份应用程序方案创建ClaimsPrincipal并将其发送到HttpContext.SignInAsync(扩展方法)，请参见此处和此处和此处
• CookieAuthenticationHandler.HandleSignInAsync创建，加密和添加cookie.

• SignInManager checks the username/password in the database (and does two factor flow if enabled), then if good
• creates the ClaimsPrincipal and sends it to HttpContext.SignInAsync (an extension method) with the identity application scheme, see here
• Which gets the IAuthenticationService (added to DI by AddAuthentication), see here
• In AuthenticationService, it uses a chain of objects
  • IAuthenticationHandlerProvider => IAuthenticationSchemeProvider => the previously configured AuthenticationOptions to construct an AuthenticationScheme which serves up the IAuthenticationHandler in this case CookieAuthenticationHandler. see here and here and here
  • CookieAuthenticationHandler.HandleSignInAsync creates, encrypts and adds the cookie.

  现在有cookie，因此AuthenticationMiddleware中的下一个请求(通常是登录后的重定向)称为HttpContext.AuthenticateAsync方法，其遵循的流程类似于

  Now the cookie is there, so the next request (often a redirect after login) in the AuthenticationMiddleware, the HttpContext.AuthenticateAsync method is called, which follows a similar flow to

  • CookieAuthenticationHandler.HandleAuthenticateAsync读取cookie并传回ClaimsPrincipal
  • 此对象已分配给HttpContext.User，使其可以访问请求管道的所有其他区域，例如授权，请参见
  • CookieAuthenticationHandler.HandleAuthenticateAsync which reads the cookie and passes back a ClaimsPrincipal,
  • this is assigned to HttpContext.User, making it accessible to all the other areas of the request pipeline, like authorization, see here

  这篇关于ASP.Net Core 2.2 SignInManager'没有为方案'Identity.Application'注册任何登录身份验证处理程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！