0

我的 elmah 错误日志充满了异常:

发送 HTTP 标头后,服务器无法设置状态。

这些请求中有 70% 是由爬虫(alexa、googlebot)引起的,我不能保证其余请求不是带有假 cookie、代理字符串等的机器人,但其中一些请求看起来确实是合法的。

以下是发生错误的 Facebook 授权方法:

  public class FacebookClient : WebServerClient 
    {
        private static readonly AuthorizationServerDescription FacebookDescription = new AuthorizationServerDescription 
        {
            TokenEndpoint = new Uri("https://graph.facebook.com/oauth/access_token"),
            AuthorizationEndpoint = new Uri("https://graph.facebook.com/oauth/authorize"),
        };

        /// <summary>
        /// Initializes a new instance of the <see cref="FacebookClient"/> class.
        /// </summary>
        public FacebookClient() : base(FacebookDescription) 
        {
        }
    }

 private static readonly FacebookClient client = new FacebookClient
    {
        ClientIdentifier = ConfigurationManager.AppSettings["facebookAppID"],

        ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(ConfigurationManager.AppSettings["facebookAppSecret"]),
    };

    [AllowAnonymous]
    public ActionResult Facebook(string returnUrl)
    {
        IAuthorizationState authorization = client.ProcessUserAuthorization();

        if (authorization == null)
        {
            var scope = new List<string>();

            scope.Add("email");

            client.RequestUserAuthorization(scope);
        }
        else
        {
            try
            {
                var request = WebRequest.Create("https://graph.facebook.com/me?&access_token=" + Uri.EscapeDataString(authorization.AccessToken));

                using (var response = request.GetResponse())

                using (var responseStream = response.GetResponseStream())
                {
                    var graph = FacebookGraph.Deserialize(responseStream);

                    if (Membership.GetUser(graph.Id.ToString()) == null)
                    {
                        MembershipCreateStatus membershipCreateStatus = MembershipCreateStatus.Success;

                        var user = Common.CreateUser(membershipCreateStatus, graph.Id.ToString(), HttpUtility.HtmlEncode(graph.Email));

                        if (membershipCreateStatus != MembershipCreateStatus.Success)
                        {
                            TempData["message"] = "Unsuccessful creation of Account. " + membershipCreateStatus.ToString();

                            return RedirectToAction("Login", "Account");
                        }

                        if (membershipCreateStatus == MembershipCreateStatus.Success)
                        {

                            AddUserShortID((Guid)user.ProviderUserKey, HttpUtility.HtmlEncode(graph.Name));

                            Common.Authorize(graph.Id.ToString());
                        }
                    }
                    else
                    {
                        Common.Authorize(graph.Id.ToString());
                    }
                }
            }
            catch
            {
                TempData["message"] = "Unsuccessful creation of Account. ";

                return RedirectToAction("Login", "Account");
            }
        }

        if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl))
        {
            return Redirect(returnUrl);
        }

        return RedirectToAction("Index", "Home");
    }

这里可能导致这种行为的代码中最可疑的部分是什么?为什么这种情况大部分时间都发生在机器人身上?有没有办法重现这样的东西?

更新:这不仅仅是由机器人引起的,我昨天也遇到了这个异常,只是在日志中,在浏览器中我没有找到 graph.facebook.com/...

4

1 回答 1

1

我发现当这个异常发生时,当我被重定向到 Facebook 登录页面时,如果你刷新页面或输入登录信息错误,或者如果页面当前不可用,无论出于何种原因,这个异常被记录,但最重要的是那个用户不会看到任何异常情况发生,也不会出现任何登录问题。

于 2012-11-18T10:52:25.763 回答