我有一个使用SimpleMembership在应用程序中进行身份验证和授权的Asp.net 4.5 MVC5应用程序。现在,我需要集成以使用外部IdentityServer4进行身份验证。我试图将OWIN启动文件添加到项目中,并在web.config中关闭标准IIS身份验证。现在,我可以重定向到IDServer进行登录和同意。
到达视图时发生问题:
错误消息:
未找到名称为“”的用户。说明: 当前Web执行期间发生未处理的异常 请求。请查看堆栈跟踪以获取有关 错误及其在代码中的起源。
异常详细信息:System.InvalidOperationException:找不到用户 发现名称为“”。
源错误:
第15行:@if(模型!=空)第16行:{第17行:
foreach(模型中的变量声明)第18行:{第19行:
@ claim.Type
源文件: e:\ GitHub \ CRURepoPostBR20190607_IS4 \ CRU_Build \ Suite \ Views \ Home \ IS4Auth.cshtml 行:17
堆栈跟踪:[InvalidOperationException:找不到用户 名称为“”。]
WebMatrix.WebData.SimpleRoleProvider.GetRolesForUser(字符串用户名) +498 System.Web.Security.RolePrincipal.GetRoles()+215 System.Web.Security.d__4.MoveNext()+58
System.Security.Claims.d__51.MoveNext()+253
System.Security.Claims.d__37.MoveNext()+209
我的IdentityServer是IdentityServer4快速入门示例的克隆。我的MVC5应用程序很旧,并且使用SimpleMembership进行身份验证和角色授权。我手动添加了OWIN Startup.cs,请参见下面的代码。
我尝试将IdentityServer https://demo.identityserver.io用作IDServer并遇到相同的问题。这证明我的IDServer没问题。
我尝试创建一个没有SimpleMembership的简单的单独的Asp.net 4.5 MVC5项目,但没有收到错误。
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
ClientSecret = "secret",
//Authority = "http://localhost:5000", //ID Server
Authority = "https://demo.identityserver.io", //ID Server
RequireHttpsMetadata = false,
RedirectUri = "http://localhost:58018/signin-oidc",
//RedirectUri = "http://localhost:58018/",
//ClientId = "myOldMvc",
ClientId = "server.hybrid",
ResponseType = "id_token code",
Scope = "openid profile",
});
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
}
以下是显示索赔的视图:
@model IEnumerable<System.Security.Claims.Claim>
@{
ViewBag.Title = "IS4Auth";
}
<h2>IS4Auth</h2>
<dl>
@if (Model != null)
{
foreach (var claim in Model)
{
<dt>@claim.Type</dt>
<dd>@claim.Value</dd>
}
}
</dl>
这是我与system.web和system.webServer配置相关的部分
<system.web>
<httpModules>
<add name="ar.sessionscope" type="Castle.ActiveRecord.Framework.SessionScopeWebModule, Castle.ActiveRecord.web" />
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
</httpModules>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="1048576" />
<!--Change for IS4Authentication-->
<authentication mode="None" />
<!--<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>-->
<!--<roleManager enabled="true" defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider,WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider,WebMatrix.WebData" enablePasswordReset="true" requiresQuestionAndAnswer="false" />
</providers>
</membership>-->
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Optimization" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
</namespaces>
</pages>
<httpHandlers>
<add verb="*" path="routes.axd" type="AttributeRouting.Web.Logging.LogRoutesHandler, AttributeRouting.Web" />
<add verb="POST,GET,HEAD" path="elmah" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="Elmah" verb="POST,GET,HEAD" path="elmah" type="Elmah.ErrorLogPageFactory, Elmah" />
</handlers>
<modules>
<!--Change for IS4Authentication-->
<remove name="FormsAuthentication" />
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
</modules>
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=Edge" />
</customHeaders>
</httpProtocol>
</system.webServer>
这是添加到OpenIdConnectAuthenticationOptions的通知代码
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
"http://localhost:5000/connect/token",
//"server.hybrid",
"myApp",
"secret");
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
if (tokenResponse.IsError)
{
//throw new Exception(tokenResponse.Error);
throw new AuthenticationException(tokenResponse.Error);
}
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient("http://localhost:5000/connect/userinfo");
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.Claims);
var Name = userInfoResponse.Claims.FirstOrDefault(c => c.Type.Equals("Name", StringComparison.CurrentCultureIgnoreCase)).Value;
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, JwtClaimTypes.Name, JwtClaimTypes.Role),
n.AuthenticationTicket.Properties
);
List<Claim> _claims = new List<Claim>();
_claims.AddRange(new List<Claim>
{
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Name),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",Name)
});
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType != OpenIdConnectRequestType.Logout)
{
return Task.FromResult(0);
}
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
return Task.FromResult(0);
}
}
答案 0 :(得分:0)
感谢d_f的帮助,我的问题已解决。 解决方案是使用通知从userInfo EndPoint显式检索声明,并将其添加到新的Identity中。请参阅上面的代码,其中包含Notifications = new OpenIdConnectAuthenticationNotifications {}