代码之家 › 专栏 › 技术社区 › Marko

.NET Core 2.0授权筛选器导致内部错误

asp.net-core-mvc-2.0 authorization asp.net-core asp.net

1

Marko · 技术社区 · 7 年前

授权筛选器将在上导致内部错误。NET Core 2.0 web应用程序。重现问题的步骤非常简单:创建一个新的。NET Core 2.0 MVC项目具有“无身份验证”,在控制器方法上放置授权筛选器,访问相应的URL,将返回“500内部服务器错误”。

[Authorize]
public IActionResult Contact()
{
    ViewData["Message"] = "Your contact page.";

    return View();
}

中的类似代码。NET Core 1.1将正确返回响应“401 Unauthorized”。

我发布了一个关于这个问题的类似问题: Custom cookie authentication not working after migration from ASP.NET Core 1.1 MVC to 2.0 虽然我仍然不明白,这个问题比我的具体情况要广泛得多。

例外情况:

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.
   at Microsoft.AspNetCore.Authentication.AuthenticationService.<ChallengeAsync>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.ChallengeResult.<ExecuteResultAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeResultAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeFilterPipelineAsync>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()

1 回复 | 直到 6 年前

1

2

CodeFuller 7 年前

HTTP 401未经授权的响应 should contain WWW-Authenticate 定义访问资源的身份验证方法的标头。

在未经身份验证创建的项目中,没有设置任何默认身份验证方案。这就是为什么身份验证中间件无法构建有效的401响应,而选择发送500错误。

修复非常简单。添加任何身份验证处理程序并设置默认身份验证方案,例如:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer();
}

使用这种配置,未经授权的请求将导致401响应,设置正确 WWW身份验证 标题: