1
我最近從舊Thinktecture IdentityModel升級到支持Web API的最新IdentityModel 2.Thinktecture BasicAuthenticationSecurityTokenHandler返回的StatusCode 500,內部服務器錯誤
下面的代碼工作與以往的NuGet包(和託管較小的WebAPI版本它),當我使用System.Web.Mvc v5.2.2.0雖然它到達ValidateToken功能是通過調用客戶端收到一個錯誤的結束{StatusCode: 500, ReasonPhrase: 'Internal Server Error'
public class BasicAuthSecurityTokenHandlerWithClaimsOutput : BasicAuthenticationSecurityTokenHandler
{
public BasicAuthSecurityTokenHandlerWithClaimsOutput(ValidateNameWithClaims validateNameGetClaims)
: base()
{
if (validateNameGetClaims == null)
{
throw new ArgumentNullException("ValidateNameGetClaims");
}
this.validateNameGetClaims = validateNameGetClaims;
}
protected readonly ValidateNameWithClaims validateNameGetClaims;
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
if (base.Configuration == null)
{
throw new InvalidOperationException("No Configuration set");
}
UserNameSecurityToken unToken = token as UserNameSecurityToken;
if (unToken == null)
{
throw new ArgumentException("SecurityToken is not a UserNameSecurityToken");
}
Claim[] lookedUpClaims = null;
try
{
if (this.validateNameGetClaims(unToken.UserName, unToken.Password, out lookedUpClaims) == false)
{
throw new SecurityTokenValidationException(unToken.UserName);
}
}
catch (Exception e)
{
// log the exception
throw new SecurityTokenValidationException(unToken.UserName);
}
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, unToken.UserName),
new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password),
AuthenticationInstantClaim.Now
};
if(lookedUpClaims != null && lookedUpClaims.Length > 0)
claims.AddRange(lookedUpClaims);
if (RetainPassword)
{
claims.Add(new Claim("password", unToken.Password));
}
var identity = new ClaimsIdentity(claims, "Basic");
if (Configuration.SaveBootstrapContext)
{
if (this.RetainPassword)
{
identity.BootstrapContext = new BootstrapContext(unToken, this);
}
else
{
var bootstrapToken = new UserNameSecurityToken(unToken.UserName, null);
identity.BootstrapContext = new BootstrapContext(bootstrapToken, this);
}
}
return new List<ClaimsIdentity> { identity }.AsReadOnly();
}
}
我返回說法是:
[0] = {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: [email protected]}
[1] {http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod: http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password}
[2] {http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant: 2015-01-27T00:50:20.603Z}
[3] {fuid: 6}
[4] {fustate: FL}
我配置是:
public static class BasicAuthHandlerExtensionWithClaimsOutput
{
public static void AddBasicAuthenticationWithClaimsOutput(
this AuthenticationConfiguration configuration,
ValidateNameWithClaims validationDelegate,
string realm = "localhost", bool retainPassword = false)
{
var handler = new BasicAuthSecurityTokenHandlerWithClaimsOutput(validationDelegate)
{
RetainPassword = retainPassword
};
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = AuthenticationOptions.ForAuthorizationHeader(scheme: "Basic"),
Scheme = AuthenticationScheme.SchemeAndRealm("Basic", realm)
});
}
}
var authConfig = new AuthenticationConfiguration
{
EnableSessionToken = true,
SendWwwAuthenticateResponseHeaders = true,
RequireSsl = false,
SessionToken = new SessionTokenConfiguration
{
Audience = "http://audience.com,
IssuerName = "http://issuer.com",
EndpointAddress = appSettings.TokenEndPoint,
SigningKey = appSettings.StsSigningKey,
DefaultTokenLifetime = new TimeSpan(1, 0, 0)
}
};
var userCredentialsService = new CredentialsService(credentialStore);
authConfig.AddBasicAuthenticationWithClaimsOutput(userCredentialsService.Validate);
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
任何想法,我做錯了嗎?