对带有个人用户身份验证的全新模板网站声明身份防伪例外 [英] Claims Identity anti-forgery exception with brand newly templated website with Individual User Authentication

问题描述

我使用MVC5 Web模板创建了具有个人用户"身份验证的新站点，当我尝试运行它时，我得到了:

I used the MVC5 web template to create a new site with Individual User authentication and when I try to run it I get:

System.InvalidOperationException:'类型的声明 ' http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier ' 或者 ' http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider " 在提供的ClaimsIdentity上不存在.启用防伪 令牌支持以及基于声明的身份验证，请验证 配置的声明提供程序会在 它生成的ClaimsIdentity实例.如果已配置声明 提供者而是使用其他声明类型作为唯一标识符， 可以通过设置static属性进行配置 AntiForgeryConfig.UniqueClaimTypeIdentifier.'

System.InvalidOperationException: 'A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier, it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier.'

自从代码生成以来，我就没有对其进行任何更改.可能是什么原因造成的?

I haven't changed anything in the code since it was generated. What could be causing this?

推荐答案

因此，答案是清除网站的Cookie.

So the answer to this turned out to be to clear the cookies for the site.

据我所知，发生此问题是因为我同时也在开发另一个MVC5应用程序，并且那个人使用的是另一组身份验证代码(基于Active Directory).

As far as I can tell, the issue occured because I was also developing another MVC5 app at the same time, and that one was using a different set of authentication code (Active Directory based).

我通过注释掉_LoginPartial类中的@Html.AntiForgeryToken()行，然后加载了主页而没有出现错误，发现这两个应用程序相互干扰.然后我看到的是，即使这是该应用程序的首次运行，我也已经登录了.

I worked out that the two apps were interfering with each other by commenting out the @Html.AntiForgeryToken() line in the _LoginPartial class and then the home page loaded without the error. What I then saw was that I was already logged in, even though this was the first run of the app.

清除cookie可以解决该问题，但是我绝对不希望两个不同的MVC应用程序共享一个cookie.但是，这实际上是预期的行为，因为默认情况下，ASP.NET Cookie身份验证将为每个应用程序创建一个名为.AspNet.ApplicationCookie的cookie.如果您检查ASP站点的cookie，您会看到以下信息:

Clearing the cookies sorted that issue, but I definitely wasn't expecting two different MVC apps to share a cookie. However, that is actually the expected behaviour, because by default the ASP.NET Cookie Authentication will create a cookie named .AspNet.ApplicationCookie for every app. If you inspect the cookies for your ASP site you can see this:

实际上很容易更改，只需修改Startup.Configuration中的代码以设置特定的CookieName:

That's actually very easy to change, just modify the code in Startup.Configuration to set a specific CookieName:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "ApplicationCookie",
            LoginPath = new PathString("/Account/Login"),
            CookieName = "yourCookieName"
        });
    }
}

然后，清除该站点的cookie，再次运行它，您应该看到cookie现在已重命名.

Then, clear the cookies for the site, run it up again and you should see the Cookie has now been renamed.

这篇关于对带有个人用户身份验证的全新模板网站声明身份防伪例外的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！