为IIS 7经典模式错误配置联合被动信赖方(无法执行URL)

时间:2012-06-05 18:29:39

标签: asp.net iis-7 wif application-pool federation

我有一个ASP.Net依赖方,它使用Microsoft身份模型和WIF来实现被动联合身份。 Web应用程序在.Net 4集成管道应用程序池下的IIS 7中运行良好。但是,当我将其切换到.Net 4经典管道应用程序池时,它会失败并给我以下错误。怎么解决这个问题?

异常详细信息: System.Web.HttpException:无法执行URL。

堆栈追踪:

[HttpException(0x80004005):无法执行URL。]    System.Web.Hosting.ISAPIWorkerRequestInProcForIIS6.BeginExecuteUrl(String url,String method,String childHeaders,Boolean sendHeaders,Boolean addUserIndo,IntPtr token,String name,String authType,Byte [] entity,AsyncCallback cb,Object state)+4040320    System.Web.HttpResponse.BeginExecuteUrlForEntireResponse(String pathOverride,NameValueCollection requestHeaders,AsyncCallback cb,Object state)+590    System.Web.DefaultHttpHandler.BeginProcessRequest(HttpContext context,AsyncCallback callback,Object state)+286    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()+405    System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously)+375

修改

当我浏览网站而未指定页面时,会发生此错误。例如:

1 - http://www.relyingparty3.com 导致错误

2 - http://www.relyingparty3.com/Default.aspx 工作正常

2 个答案:

答案 0 :(得分:2)

我在以下MSDN论坛帖子中找到了解决方案。信用给用户“paullem”(解释失败的原因)和“Alex Stankiewicz”(用于提供修复代码):

http://social.msdn.microsoft.com/Forums/en/Geneva/thread/43392dc5-e764-4027-8de5-1638a4c17540

因此,为了解决这个问题,我使用以下代码创建了一个新类:

using System;
using System.Web;
using System.Security.Principal;
using System.Threading;
using Microsoft.IdentityModel.Claims;
using Microsoft.IdentityModel.Web;

namespace TestApp.Code
{
    public class IIS6SessionAuthenticationModule : SessionAuthenticationModule
    {
        protected override void OnPostAuthenticateRequest(object sender, EventArgs e)
        {
            if (!(HttpContext.Current.User is IClaimsPrincipal))
            {
                IClaimsPrincipal incomingPrincipal = ClaimsPrincipal.CreateFromHttpContext(HttpContext.Current);
                ClaimsAuthenticationManager manager = base.ServiceConfiguration.ClaimsAuthenticationManager;

                if (((manager != null) && (incomingPrincipal != null)) && (incomingPrincipal.Identity != null))
                {
                    incomingPrincipal = manager.Authenticate(HttpContext.Current.Request.Url.AbsoluteUri, incomingPrincipal);
                }

                if (incomingPrincipal.Identity.IsAuthenticated)
                {
                    HttpContext.Current.User = incomingPrincipal;
                    Thread.CurrentPrincipal = incomingPrincipal;
                }
                else
                {
                    HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), new string[] { });
                    Thread.CurrentPrincipal = HttpContext.Current.User;
                }
            }
            else
            {
                if (string.IsNullOrEmpty(HttpContext.Current.User.Identity.Name))
                {
                    HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), new string[] { });
                    Thread.CurrentPrincipal = HttpContext.Current.User;
                }
            }
        }
    }
}

然后,在“WSFederationAuthenticationModule”和“SessionAuthenticationModule”之后,我在“web.config”的“system.web”的“httpModules”中添加了以下条目:

<add name="IIS6SessionAuthenticationModule" type="TestApp.Code.IIS6SessionAuthenticationModule, TestApp" />

答案 1 :(得分:0)

尾部斜杠存在问题。

如果您输入http://www.relyingparty3.com/

,会发生什么

(注意斜杠)