当基于角色的授权失败时,asp.net core 2.0 应用程序崩溃
Posted
技术标签:
【中文标题】当基于角色的授权失败时,asp.net core 2.0 应用程序崩溃【英文标题】:asp.net core 2.0 app crashes when role based authorization faild 【发布时间】:2018-05-20 07:45:23 【问题描述】:我想根据角色授权用户:
[Authorize(Roles = "Administrator")]
public class TestController : Controller
public IActionResult Index()
return Ok();
当用户拥有Claim(type: "Role", value: "Administrator") 时,它可以正常工作。当他不这样做时,应用程序崩溃。在 VS 中调试时,它会停止并且 IIS Express 进程结束。我没有看到任何例外。我只看到这个输出调试输出:
Application Insights Telemetry: "name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.7897859Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0","data":"baseType":"MessageData","baseData":"ver":2,
"message":"Authorization failed for user: liero@mycompany.com.","severityLevel":"Information","properties":"CategoryName":"Microsoft.AspNetCore.Authorization.DefaultAuthorizationService","AspNetCoreEnvironment":"Development","OriginalFormat":"Authorization failed for user: UserName.","DeveloperMode":"true","UserName":"liero@mycompany.com"
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Application Insights Telemetry: "name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.7962379Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0","data":"baseType":"MessageData","baseData":"ver":2,
"message":"Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.","severityLevel":"Information","properties":"CategoryName":"Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker","AspNetCoreEnvironment":"Development","OriginalFormat":"Authorization failed for the request at filter 'AuthorizationFilter'.","DeveloperMode":"true","AuthorizationFilter":"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"
Microsoft.AspNetCore.Mvc.ForbidResult:Information: Executing ForbidResult with authentication schemes ().
Application Insights Telemetry: "name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.8222130Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0","data":"baseType":"MessageData","baseData":"ver":2,
"message":"Executing ForbidResult with authentication schemes ().","severityLevel":"Information","properties":"CategoryName":"Microsoft.AspNetCore.Mvc.ForbidResult","AspNetCoreEnvironment":"Development","OriginalFormat":"Executing ForbidResult with authentication schemes (Schemes).","DeveloperMode":"true","Schemes":"System.String[]"
编辑: 我注意到在使用 AddOpenIdConnect 身份验证生成器时会发生这种情况。当我将其注释掉时,它会将我重定向到一些默认的“禁止”网址
services.AddAuthentication(sharedOptions =>
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie(option => option.Cookie.SameSite = SameSiteMode.None)
.AddOpenIdConnect(option =>
option.ClientId = config.ClientId;
option.Authority = String.Format(config.AadInstance, config.Tenant);
option.SignedOutRedirectUri = config.PostLogoutRedirectUri;
option.Events = new OpenIdConnectEvents
OnRedirectToIdentityProvider = redirectContext =>
bool isAjaxRequest = redirectContext.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
redirectContext.HttpContext.Response.Headers["Location"] = "/Account/Login";
redirectContext.HandleResponse();
return Task.CompletedTask;
;
);
【问题讨论】:
你能发布你的创业课程吗? 我认为问题可能出在您的逻辑上,例如无限循环,例如,当用户未授权时,您重定向到模块以检查授权。 @CamiloTerevinto:查看我的编辑 【参考方案1】:来自github: Core CLR crashes when using Authorize attribute and OpenIdConnect
这是在 2.0.1 中由 #1435 修补的 https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect/
解决方法是设置
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
我已经验证了解决方法并且它有效
【讨论】:
经过一天的痛苦想知道为什么我的应用程序崩溃后偶然发现了这一点。你的救命稻草! 我正在使用 2.1.1 并且它崩溃了。虽然不使用 CookieAuth以上是关于当基于角色的授权失败时,asp.net core 2.0 应用程序崩溃的主要内容,如果未能解决你的问题,请参考以下文章
ASP.NET Core WebApi Jwt 基于角色的授权不起作用
使用 Azure AD 的 Asp.net core mvc 基于角色的授权
如何使用 Web Api Asp.Net Core 实现基于声明的授权?