136

我在使用防伪令牌时遇到问题 :( 我创建了自己的 User 类,它运行良好,但现在每当我转到/Account/Register页面时都会收到错误消息。错误是:

“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”或“http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider”类型的声明是不存在于提供的 ClaimsIdentity 上。要通过基于声明的身份验证启用防伪令牌支持,请验证配置的声明提供程序是否在其生成的 ClaimsIdentity 实例上提供这两个声明。如果配置的声明提供程序使用不同的声明类型作为唯一标识符,则可以通过设置静态属性 AntiForgeryConfig.UniqueClaimTypeIdentifier 进行配置。

我找到了这篇文章:

http://stack247.wordpress.com/2013/02/22/antiforgerytoken-a-claim-of-type-nameidentifier-or-identityprovider-was-not-present-on-provided-claimsidentity/

所以我将我的Application_Start方法更改为:

protected void Application_Start()
{
    AreaRegistration.RegisterAllAreas();

    FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
    RouteConfig.RegisterRoutes(RouteTable.Routes);
    BundleConfig.RegisterBundles(BundleTable.Bundles);

    AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;
}

但是当我这样做时,我得到了这个错误:

提供的 ClaimsIdentity 上不存在“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”类型的声明。

有没有人遇到过这个?如果是这样,您知道如何解决吗?

这是我的自定义用户类:

public class Profile : User, IProfile
{
    public Profile()
        : base()
    {
        this.LastLoginDate = DateTime.UtcNow;
        this.DateCreated = DateTime.UtcNow;
    }

    public Profile(string userName)
        : base(userName)
    {
        this.CreatedBy = this.Id;

        this.LastLoginDate = DateTime.UtcNow;
        this.DateCreated = DateTime.UtcNow;

        this.IsApproved = true;
    }
    
    [NotMapped]
    public HttpPostedFileBase File { get; set; }

    [Required]
    public string CompanyId { get; set; }

    [Required]
    public string CreatedBy { get; set; }
    public string ModifiedBy { get; set; }

    public DateTime DateCreated { get; set; }
    public DateTime? DateModified { get; set; }
    public DateTime LastLoginDate { get; set; }

    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredTitle")]
    public string Title { get; set; }
    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredFirstName")]
    public string Forename { get; set; }
    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredLastName")]
    public string Surname { get; set; }

    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredEmail")]
    public string Email { get; set; }
    public string JobTitle { get; set; }
    public string Telephone { get; set; }
    public string Mobile { get; set; }
    public string Photo { get; set; }
    public string LinkedIn { get; set; }
    public string Twitter { get; set; }
    public string Facebook { get; set; }
    public string Google { get; set; }
    public string Bio { get; set; }

    public string CompanyName { get; set; }

    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredCredentialId")]
    public string CredentialId { get; set; }
    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredSecurityCode")]
    public bool IsLockedOut { get; set; }
    public bool IsApproved { get; set; }

    [Display(Name = "Can only edit own assets")]
    public bool CanEditOwn { get; set; }
    [Display(Name = "Can edit assets")]
    public bool CanEdit { get; set; }
    [Display(Name = "Can download assets")]
    public bool CanDownload { get; set; }
    [Display(Name = "Require approval to upload assets")]
    public bool RequiresApproval { get; set; }
    [Display(Name = "Can approve assets")]
    public bool CanApprove { get; set; }
    [Display(Name = "Can synchronise assets")]
    public bool CanSync { get; set; }

    public bool AgreedTerms { get; set; }
    public bool Deleted { get; set; }
}

public class ProfileContext : IdentityStoreContext
{
    public ProfileContext(DbContext db)
        : base(db)
    {
        this.Users = new UserStore<Profile>(this.DbContext);
    }
}

public class ProfileDbContext : IdentityDbContext<Profile, UserClaim, UserSecret, UserLogin, Role, UserRole>
{
}

我的个人资料对于我的存储库来说很简单,如下所示:

public interface IProfile
{
    string Id { get; set; }
    string CompanyId { get; set; }
    
    string UserName { get; set; }
    string Email { get; set; }

    string CredentialId { get; set; }
}

User类是Microsoft.AspNet.Identity.EntityFramework.User类。我的AccountController如下所示:

[Authorize]
public class AccountController : Controller
{
    public IdentityStoreManager IdentityStore { get; private set; }
    public IdentityAuthenticationManager AuthenticationManager { get; private set; }
    
    public AccountController() 
    {
        this.IdentityStore = new IdentityStoreManager(new ProfileContext(new ProfileDbContext()));
        this.AuthenticationManager = new IdentityAuthenticationManager(this.IdentityStore);
    }

    //
    // GET: /Account/Register
    [AllowAnonymous]
    public ActionResult Register()
    {
        return View();
    }

    //
    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    public async Task<ActionResult> Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            try
            {
                // Create a profile, password, and link the local login before signing in the user
                var companyId = Guid.NewGuid().ToString();
                var user = new Profile(model.UserName)
                {
                    CompanyId = companyId,
                    Title = model.Title,
                    Forename = model.Forename,
                    Surname = model.Surname,
                    Email = model.Email,
                    CompanyName = model.CompanyName,
                    CredentialId = model.CredentialId
                };

                if (await IdentityStore.CreateLocalUser(user, model.Password))
                {
                    //Create our company
                    var company = new Skipstone.Web.Models.Company()
                    {
                        Id = companyId,
                        CreatedBy = user.Id,
                        ModifiedBy = user.Id,
                        Name = model.CompanyName
                    };

                    using (var service = new CompanyService())
                    {
                        service.Save(company);
                    }

                    await AuthenticationManager.SignIn(HttpContext, user.Id, isPersistent: false);
                    return RedirectToAction("Setup", new { id = companyId });
                }
                else
                {
                    ModelState.AddModelError("", "Failed to register user name: " + model.UserName);
                }
            }
            catch (IdentityException e)
            {
                ModelState.AddModelError("", e.Message);
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

    //
    // POST: /Account/Setup
    public ActionResult Setup(string id)
    {
        var userId = User.Identity.GetUserId();
        using (var service = new CompanyService())
        {
            var company = service.Get(id);
            var profile = new Profile()
            {
                Id = userId,
                CompanyId = id
            };

            service.Setup(profile);

            return View(company);
        }
    }
}

它曾经用[ValidateAntiForgeryToken]属性装饰,但这就是它停止工作的地方。

为什么?

4

7 回答 7

257

尝试设置(在 global.cs 中):

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
于 2013-11-15T11:30:17.117 回答
70

您知道您在 ClaimsIdentity 中获得了哪些声明吗?如果不:

  1. 移除[ValidateAntiForgeryToken]属性
  2. 在控制器中的某处放置一个断点并在它处中断
  3. 然后查看当前ClaimsIdentity并检查索赔
  4. 找到一个您认为可以唯一识别您的用户的人
  5. 设置AntiForgeryConfig.UniqueClaimTypeIdentifier为该声明类型
  6. 放回[ValidateAntiForgeryToken]属性
于 2014-02-20T23:45:01.503 回答
27

只需将其放入 global.asax.cs

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;
于 2016-03-10T10:57:28.403 回答
15

尝试在隐身窗口中打开链接或从该域(即本地主机)中清除 cookie。

于 2015-01-10T13:00:50.713 回答
6

编辑:此时对这个问题有了更深入的了解,您可以忽略我在下面的回答。

Global.asax.cs 的 Application_Start() 中的设置AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;为我修复了它。即使我有声明http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier集,我也会得到与原始问题相同的错误。但是如上所述指出它是可行的。

从 MVC4 开始,anti-forgery-token 不再User.Identity.Name用作唯一标识符。相反,它会查找错误消息中给出的两个声明。

更新注意:这应该不需要 您可以在用户登录时将缺少的声明添加到您的 ClaimsIdentity 中,如下所示:

string userId = TODO;
var identity = System.Web.HttpContext.Current.User.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", userId));
identity.AddClaim(new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", userId));

请注意,之前可能已经存在其中一个声明,如果同时添加两个声明,则会出现重复声明的错误。如果是这样,只需添加缺少的一个。

于 2015-03-31T08:39:30.167 回答
3

在 Global.asax.cs 中,

1.添加这些命名空间

using System.Web.Helpers;
using System.Security.Claims;

2.在Application_Start方法中加入这一行: 

 protected void Application_Start()
 {
       .......
       AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;
 }
于 2018-03-22T15:15:25.880 回答
1 
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;

适用于我的情况,我正在使用 ADFS 身份验证。

于 2018-06-13T12:57:34.173 回答