传入HttpRequestWrapper时来自DotNetOpenAuth的ReadAuthorizationRequest的错误消息 [英] Error message from DotNetOpenAuth's ReadAuthorizationRequest when passing in HttpRequestWrapper

问题描述

我的OAuth控制器中的Authorize方法有自定义授权过滤器。当授权过滤器记录用户被记录时，它会将当前OAuth请求填充到会话中，然后将其发送到登录。

I have a custom authorization filter for my Authorize method in my OAuth controller. When the authorization filter notes the user is logged, it stuffs the current OAuth request into the session, and ships them off to log in.

登录后，在我的/ OAuth / Authorize端点，我检查该请求是否在会话中，而不是立即失败，因为当前请求没有附加授权请求。然后，我用该请求对象调用授权服务器。

After log in, in my /OAuth/Authorize endpoint, I check to see if that request is in the session, instead of immediately failing because there is not an authorization request attached to the current request. Then, I call the authorization server with that request object.

我的授权操作中的代码如下所示：

The code in my Authorize action looks like this:

    [AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
    [ExternalAppAuthorizeAttribute]
    public ActionResult Authorize() {
        Object requestObject = this.HttpContext.Session["AuthRequest"];
        HttpRequestBase request = null;
        if ((requestObject != null) && (requestObject.GetType() == typeof(HttpRequestWrapper)))
        {
            request = (HttpRequestWrapper)requestObject;
            this.HttpContext.Session.Remove("AuthRequest");
        }
        EndUserAuthorizationRequest pendingRequest = null;
        if (request != null)
        {
            pendingRequest = this.authorizationServer.ReadAuthorizationRequest(request);
        } else
        {
            pendingRequest = this.authorizationServer.ReadAuthorizationRequest();
        }
        if (pendingRequest == null) {
            throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
        }

然而，当在会话中找到并恢复请求时，ReadAuthorizationRequest失败。错误消息不是很有用：值不在预期范围内。

ReadAuthorizationRequest fails, however, when the request was found in the session and restored. The error message is not very helpful: "Value does not fall within the expected range. "

这是堆栈跟踪：

[ArgumentException: Value does not fall within the expected range.]
   System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) +0
   System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode) +10
   System.Web.Util.Misc.ThrowIfFailedHr(Int32 hresult) +9
   System.Web.Hosting.IIS7WorkerRequest.GetServerVariableInternal(String name) +36
   System.Web.Hosting.IIS7WorkerRequest.GetServerVariable(String name) +49
   System.Web.HttpRequest.AddServerVariableToCollection(String name) +22
   System.Web.HttpRequest.FillInServerVariablesCollection() +85
   System.Web.HttpServerVarsCollection.Populate() +36
   System.Web.HttpServerVarsCollection.Get(String name) +42
   System.Collections.Specialized.NameValueCollection.get_Item(String name) +10
   DotNetOpenAuth.Messaging.MessagingUtilities.GetPublicFacingUrl(HttpRequestBase request, NameValueCollection serverVariables) +61
   DotNetOpenAuth.Messaging.MessagingUtilities.GetPublicFacingUrl(HttpRequestBase request) +43
   DotNetOpenAuth.Messaging.Channel.ReadFromRequestCore(HttpRequestBase request) +69

我已经检查了我的飞行请求和一切罚款：标题，URI等。我不知道是什么原因造成的。

I've inspected my request in flight and everything used by oauth in it looks totally fine: headers, URI, etc. I'm at a loss as to what might be causing this.

有谁知道为什么会出现这种情况？或者，如果您在用户进行身份验证时有其他建议来存储oauth请求，我会向他们开放。

Does anyone know why this might be the case? Or, if you have alternative recommendations for storing the oauth request while the user is authenticating, I am open to them.

推荐答案

转身HttpRequestWrapper上的ServerVariables在调用时抛出异常（现在从堆栈跟踪中可以看出这一点）。我相信这是因为请求没有达到控制器操作，因为它被过滤器拦截了。我想在控制器操作处理请求时，ServerVariables会被设置吗？

Turns out that ServerVariables on the HttpRequestWrapper was throwing an exception when called (which is now obvious from the stack trace). I believe this is because the request hadn't hit the controller action yet since it was intercepted by the filter. I guess that ServerVariables gets set when the request is processed by the controller action?

我通过创建一个实现HttpRequestBase的新类来解决这个问题。我通过它传递了我存储的oauth请求和实际请求，并从HttpRequestBase中返回了除了ServerVariables之外的所有内容的oauth请求中的属性，这是我从当前请求返回的。

I resolved this by creating a new class that implements HttpRequestBase. I passed it my stored oauth request and the actual request, and returned the properties from the oauth request for everything in HttpRequestBase except ServerVariables, which I returned from the current request.

这篇关于传入HttpRequestWrapper时来自DotNetOpenAuth的ReadAuthorizationRequest的错误消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！