asp.net 核心 2.0 应用程序在基于角色的授权失败时崩溃
asp.net core 2.0 app crashes when role based authorization faild
我想根据角色授权用户:
[Authorize(Roles = "Administrator")]
public class TestController : Controller
{
public IActionResult Index()
{
return Ok();
}
}
当用户有 Claim(type: "Role", value: "Administrator") 时,它工作正常。如果他不这样做,应用程序就会崩溃。在 VS 中调试时,它只是停止并且 IIS Express 进程结束。我没有看到任何例外。我只看到这个输出调试输出:
Application Insights Telemetry: {"name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.7897859Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":{"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0"},"data":{"baseType":"MessageData","baseData":{"ver":2,
"message":"Authorization failed for user: liero@mycompany.com.","severityLevel":"Information","properties":{"CategoryName":"Microsoft.AspNetCore.Authorization.DefaultAuthorizationService","AspNetCoreEnvironment":"Development","{OriginalFormat}":"Authorization failed for user: {UserName}.","DeveloperMode":"true","UserName":"liero@mycompany.com"}}}}
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Application Insights Telemetry: {"name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.7962379Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":{"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0"},"data":{"baseType":"MessageData","baseData":{"ver":2,
"message":"Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.","severityLevel":"Information","properties":{"CategoryName":"Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker","AspNetCoreEnvironment":"Development","{OriginalFormat}":"Authorization failed for the request at filter '{AuthorizationFilter}'.","DeveloperMode":"true","AuthorizationFilter":"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"}}}}
Microsoft.AspNetCore.Mvc.ForbidResult:Information: Executing ForbidResult with authentication schemes ().
Application Insights Telemetry: {"name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.8222130Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":{"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0"},"data":{"baseType":"MessageData","baseData":{"ver":2,
"message":"Executing ForbidResult with authentication schemes ().","severityLevel":"Information","properties":{"CategoryName":"Microsoft.AspNetCore.Mvc.ForbidResult","AspNetCoreEnvironment":"Development","{OriginalFormat}":"Executing ForbidResult with authentication schemes ({Schemes}).","DeveloperMode":"true","Schemes":"System.String[]"}}}}
编辑:
我注意到在使用 AddOpenIdConnect 身份验证生成器时会发生这种情况。当我注释掉它时,它会将我重定向到一些默认值 "forbidden" url
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(option => option.Cookie.SameSite = SameSiteMode.None)
.AddOpenIdConnect(option =>
{
option.ClientId = config.ClientId;
option.Authority = String.Format(config.AadInstance, config.Tenant);
option.SignedOutRedirectUri = config.PostLogoutRedirectUri;
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = redirectContext =>
{
bool isAjaxRequest = redirectContext.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
redirectContext.HttpContext.Response.Headers["Location"] = "/Account/Login";
redirectContext.HandleResponse();
}
return Task.CompletedTask;
}
};
});
来自 github: Core CLR crashes when using Authorize attribute and OpenIdConnect
This was patched in 2.0.1 by #1435
https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect/
The workaround is to set
sharedOptions.DefaultSignInScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
我已经验证了解决方法并且有效
我想根据角色授权用户:
[Authorize(Roles = "Administrator")]
public class TestController : Controller
{
public IActionResult Index()
{
return Ok();
}
}
当用户有 Claim(type: "Role", value: "Administrator") 时,它工作正常。如果他不这样做,应用程序就会崩溃。在 VS 中调试时,它只是停止并且 IIS Express 进程结束。我没有看到任何例外。我只看到这个输出调试输出:
Application Insights Telemetry: {"name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.7897859Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":{"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0"},"data":{"baseType":"MessageData","baseData":{"ver":2,
"message":"Authorization failed for user: liero@mycompany.com.","severityLevel":"Information","properties":{"CategoryName":"Microsoft.AspNetCore.Authorization.DefaultAuthorizationService","AspNetCoreEnvironment":"Development","{OriginalFormat}":"Authorization failed for user: {UserName}.","DeveloperMode":"true","UserName":"liero@mycompany.com"}}}}
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Application Insights Telemetry: {"name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.7962379Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":{"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0"},"data":{"baseType":"MessageData","baseData":{"ver":2,
"message":"Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.","severityLevel":"Information","properties":{"CategoryName":"Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker","AspNetCoreEnvironment":"Development","{OriginalFormat}":"Authorization failed for the request at filter '{AuthorizationFilter}'.","DeveloperMode":"true","AuthorizationFilter":"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"}}}}
Microsoft.AspNetCore.Mvc.ForbidResult:Information: Executing ForbidResult with authentication schemes ().
Application Insights Telemetry: {"name":"Microsoft.ApplicationInsights.Dev.2822d75fd5c24f0180cd7a0cd61c0e40.Message","time":"2017-12-06T12:03:16.8222130Z","iKey":"2822d75f-d5c2-4f01-80cd-7a0cd61c0e40","tags":{"ai.internal.sdkVersion":"aspnet5c:2.1.1","ai.location.ip":"127.0.0.1","ai.internal.nodeName":"MY-DESKTOP","ai.cloud.roleInstance":"MY-DESKTOP","ai.operation.parentId":"|a2488207-417e03727b6f68b7.","ai.operation.name":"GET test/Index","ai.operation.id":"a2488207-417e03727b6f68b7","ai.application.ver":"1.0.0.0"},"data":{"baseType":"MessageData","baseData":{"ver":2,
"message":"Executing ForbidResult with authentication schemes ().","severityLevel":"Information","properties":{"CategoryName":"Microsoft.AspNetCore.Mvc.ForbidResult","AspNetCoreEnvironment":"Development","{OriginalFormat}":"Executing ForbidResult with authentication schemes ({Schemes}).","DeveloperMode":"true","Schemes":"System.String[]"}}}}
编辑: 我注意到在使用 AddOpenIdConnect 身份验证生成器时会发生这种情况。当我注释掉它时,它会将我重定向到一些默认值 "forbidden" url
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(option => option.Cookie.SameSite = SameSiteMode.None)
.AddOpenIdConnect(option =>
{
option.ClientId = config.ClientId;
option.Authority = String.Format(config.AadInstance, config.Tenant);
option.SignedOutRedirectUri = config.PostLogoutRedirectUri;
option.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = redirectContext =>
{
bool isAjaxRequest = redirectContext.HttpContext.Request.Headers["x-requested-with"] == "XMLHttpRequest";
if (isAjaxRequest)
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
redirectContext.HttpContext.Response.Headers["Location"] = "/Account/Login";
redirectContext.HandleResponse();
}
return Task.CompletedTask;
}
};
});
来自 github: Core CLR crashes when using Authorize attribute and OpenIdConnect
This was patched in 2.0.1 by #1435 https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.OpenIdConnect/
The workaround is to set
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
我已经验证了解决方法并且有效