无法执行 Cookie 身份验证:SignInAsync 和 AuthenticateAsync 不成功 [英] Failing to perform Cookie Authentication: SignInAsync and AuthenticateAsync not successful
问题描述
我正在尝试构建一个非常简单的 Playground 服务器,以便我研究一些 ASP.NET Core 身份验证/授权概念.基本上是一个带有一个非常简单的控制器的网络应用程序,可以用 Postman 进行测试.
I am trying to build a very simple playground server for me to study some ASP.NET Core authentication/authorization concepts. Basically a web app with a single, very simple controller, to be tested with Postman.
我想出了我的代码的缩小版本,由一个登录端点组成,该端点将使用 Cookie 身份验证对用户进行身份验证(无需凭据),如下所示:
I came up with a minified version of my code, consisting of a single login endpoint which would authenticate the user (no credentials required) using Cookie Authentication, like that:
[ApiController]
public class MyController : ControllerBase
{
[HttpGet("/login")]
public async Task<IActionResult> Login()
{
var claims = new[] { new Claim("name", "bob") };
var identity = new ClaimsIdentity(claims);
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(principal);
return Ok();
}
}
问题是对 HttpContext.SignInAsync()
的调用引发了以下异常:
The thing is that the call to HttpContext.SignInAsync()
is firing the following exception:
System.InvalidOperationException: SignInAsync when principal.Identity.IsAuthenticated is false is not allowed when AuthenticationOptions.RequireAuthenticatedSignIn is true.
at Microsoft.AspNetCore.Authentication.AuthenticationService.SignInAsync(HttpContext context, String scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
at MyController.Login() in C:UsersvinicDesktopTEMPTestesAuthorizationControllersMyController.cs:line 18
然后我尝试通过调用 HttpContext.AuthenticateAsync()
来替换 HttpContext.SignInAsync()
,这样我就可以在尝试调用 之前对用户进行身份验证>SignInAsync()
再次:
Then I tried to replace HttpContext.SignInAsync()
by a call to HttpContext.AuthenticateAsync()
, so that I could authenticate the user before trying to call SignInAsync()
again:
[HttpGet("/login")]
public async Task<IActionResult> Login()
{
var authResult = await HttpContext.AuthenticateAsync();
if (authResult.Succeeded == false)
return StatusCode(500, "Failed to autenticate!");
return Ok();
}
但在这种情况下,AuthenticateAsync()
结果总是返回失败(authResult.Succeeded
= false),然后调用 HttpContext.SignInAsync()
会以与以前相同的 InvalidOperationException 失败.通过启用跟踪"级别的日志记录,对 AuthenticateAsync() 的调用只会记录以下(不是很有帮助的)信息:
But in that case the AuthenticateAsync()
result always returns a failure (authResult.Succeeded
= false), and later calls to HttpContext.SignInAsync()
would fail with the same InvalidOperationException as before. By enabling "Trace"-level logging, the call to AuthenticateAsync() only logs the following (not very helpful) piece of information:
dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[9]
AuthenticationScheme: Cookies was not authenticated.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler: Debug: AuthenticationScheme: Cookies was not authenticated.
我的项目面向 net5.0
框架,没有外部/显式依赖项,这是我正在使用的 Startup 类:
My project targets the net5.0
framework, has no external/explicit dependencies, and here's the Startup class I'm using:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IConfiguration configs)
{
app.UseRouting();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
我知道我在这里一定遗漏了一些非常基本的东西.我也不确定 文档 我所基于的实际上是 .NET 5.0 的最新版本.
I know I must be missing something really basic here. I'm also not sure if the documentation I am basing myself on is actually up-to-date for .NET 5.0.
为什么 cookie 身份验证 (HttpContext.SignInAsync()
/HttpContext.AuthenticateAsync()
) 失败?
Why is the cookie authentication (HttpContext.SignInAsync()
/ HttpContext.AuthenticateAsync()
) failing?
推荐答案
这是自 Asp.Net Core 3.0 Preview 6 以来的重大变化.文档在此处 https://docs.microsoft.com/en-us/dotnet/core/兼容性/aspnetcore#identity-signinasync-throws-exception-for-unauthenticated-identity,但它不包含破坏性更改的动机.
This was a breaking change since Asp.Net Core 3.0 Preview 6. The documentation is here https://docs.microsoft.com/en-us/dotnet/core/compatibility/aspnetcore#identity-signinasync-throws-exception-for-unauthenticated-identity, but it does not contain the motivation of the breaking change.
真正的动机在这里:https://github.com/dotnet/aspnetcore/issues/9255
简而言之,您需要明确指定身份验证方案:
In short, you need to specify auth scheme explicitly:
new ClaimsIdentity(claims, /*Explicit*/CookieAuthenticationDefaults.AuthenticationScheme)
我遇到了同样的问题,这个变化对我有帮助.
I had the same issue, and this change helped in my case.
这篇关于无法执行 Cookie 身份验证:SignInAsync 和 AuthenticateAsync 不成功的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!