2

我已经基于 CredentialsAuthProvider 为 LDAP (Active Directory) 创建了一个自定义身份验证提供程序。按照文档,我覆盖了 TryAuthenticate 和 OnAuthenticated,最后返回 true。我也试过没有 OnAuthenticated。

我正在使用UseDistinctRoleTablesOrmLiteAuthRepository,并且我在表中观察到角色是在 UserRole 中创建的。

但是我遇到了异常:ArgumentNullException。字段名“s”。

"stackTrace": "[Authenticate: 20/03/2020 16:46:30]:
[REQUEST: {provider:Credentials,userName:xxxx,password:yyyy}]
System.ArgumentNullException: Value cannot be null.
Parameter name: s
   at lambda_method(Closure , Object , List`1 )
   at ServiceStack.OrmLite.SqlExpression`1.EvaluateExpression(Expression m) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 2374
   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 1658
   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 1622
   at ServiceStack.OrmLite.SqlExpression`1.VisitLambda(LambdaExpression lambda) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 1589
   at ServiceStack.OrmLite.SqlExpression`1.AppendToWhere(String condition, Expression predicate) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 555
   at ServiceStack.OrmLite.ReadExpressionCommandExtensions.Select[T](IDbCommand dbCmd, Expression`1 predicate) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\ReadExpressionCommandExtensions.cs:line 22
   at ServiceStack.OrmLite.OrmLiteExecFilter.Exec[T](IDbConnection dbConn, Func`2 filter) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\OrmLiteExecFilter.cs:line 64
   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.<>c__DisplayClass33_0.<GetRoles>b__0(IDbConnection db) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack.Server\\Auth\\OrmLiteAuthRepository.cs:line 571
   at ServiceStack.Auth.OrmLiteAuthRepository`2.Exec[T](Func`2 fn) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack.Server\\Auth\\OrmLiteAuthRepository.cs:line 51
   at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\AuthenticateService.cs:line 231
   at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Host\\ServiceRunner.cs:line 133",

我已经剥离了我的代码。在 Startup.cs 中:

Plugins.Add(new AuthFeature( () => new AuthUserSession(),
            new IAuthProvider[] {
                new LdapCredentialsAuthProvider(AppSettings),
4

1 回答 1

2

问题是 ServiceStackAuthenticateService正在尝试填充AuthenticateResponse角色和权限,但您的自定义 AuthProvider 没有填充session.UserAuthId用于查询身份验证存储库的角色。

解决方案是让您的自定义 AuthProviderUserAuthId使用经过身份验证的用户的 Id 填充会话。

您还可以通过设置禁用 ServiceStack 尝试填充角色/权限来防止此异常IncludeRolesInAuthenticateResponse=false,例如:

Plugins.Add(new AuthFeature( () => new AuthUserSession(),
    new IAuthProvider[] {
        new LdapCredentialsAuthProvider(AppSettings),                     
    }, 
    "/login.html"
) {
    IncludeRolesInAuthenticateResponse = false,
});

MyGet 上的下一个 ServiceStack v5.8.1中,如果未填充角色,它将不会尝试检索角色UserAuthId,但您的自定义 AuthProvider 仍应使用经过身份验证的用户的唯一 ID 填充它。

于 2020-03-20T19:34:59.523 回答