我已关注Require Authentication for all requests to an OWIN application,因此我的代码如下所示:
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieSecure = CookieSecureOption.Never });
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
MetadataAddress = "https://login.windows.net/#####.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml",
Wtrealm = "http://localhost:33210/",
// SignInAsAuthenticationType = // This is picked up automatically from the default set above
});
app.Use(async (context, next) =>
{
var user = context.Authentication.User;
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
context.Authentication.Challenge();
return;
}
await next();
});
}
该应用程序是Web窗体和MVC的混合体。我已从IIS中删除了所有身份验证类型,删除了authorization,membership,roleManager并在authentication mode="None"中设置了web.config。
现在,当我通过Default.aspx,[Authorize]控制器或强制挑战的显式AccountController访问网站时:
public void SignIn()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
WsFederationAuthenticationDefaults.AuthenticationType);
}
}
所有结果都是HTTP错误401.2由于身份验证标头无效,您无权查看此页面。我错过了什么?
答案 0 :(得分:0)
问题是
我已从IIS中删除了所有身份验证类型
在IIS中至少需要选择Anonymous Authentication。通过在IIS Express的项目属性中禁用Windows和匿名身份验证,可以使用WebApp-OpenIDConnect-DotNet等示例应用程序重现相同的错误。