3
在我的應用程序中,我讓用戶登錄到Dropbox,並在完成該過程時使用SessionAuthenticationModule將聲明寫入到fedauth cookie中。在Asp.Net中使用SessionAuthenticationModule時Base-64非法字符串WIF
var sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam != null)
{
// (ClaimsPrincipal.Current.Identity as ClaimsIdentity).AddClaim(new Claim("Provider", "Dropbox"));
var cp = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> { new Claim("Provider", "Dropbox") }, "OAuth"));
var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
if (transformer != null)
{
cp = transformer.Authenticate(String.Empty, cp);
}
var token = new SessionSecurityToken(cp);
sam.WriteSessionTokenToCookie(token);
}
聲明被寫入,並且當有新的請求時,用戶被認證並且聲明正在工作。
我的問題是,如果用戶在瀏覽到登錄的網址中的一個開始與Azure的ACS認證過程:
https://s-innovations.accesscontrol.windows.net/v2/metadata/identityProviders.js?protocol=wsfederation&realm=http://77.75.160.102:2638/&version=1.0&callback=ShowSigninPage
我得到一個異常時,STS返回到我的網站:
The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ]
System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength) +10545309
System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength) +130
System.Convert.FromBase64String(String s) +41
System.IdentityModel.Services.ChunkedCookieHandler.ReadInternal(String name, HttpCookieCollection requestCookies) +350
System.IdentityModel.Services.ChunkedCookieHandler.ReadCore(String name, HttpContext context) +45
System.IdentityModel.Services.CookieHandler.Read(String name, HttpContext context) +74
System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +126
System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +116
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
如果該過程逆轉,請先通過Azure ACS登錄,然後再登錄到Dropbox。事情工作正常。 Dropbox聲稱覆蓋了Azure ACS聲明。這導致我認爲在我使用SAM寫入cookie的開始處的codesnippet中有錯誤?
更新
我剛剛發現,不使用時MachineKeySessionSecurityTokenHandler它的工作原理。
<securityTokenHandlers>
<!--<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />-->
<!--<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />-->
</securityTokenHandlers>
任何想法如何改變我的代碼來支持MachineKeySessionSecurityTokenHandler。
我使用鉻。我可以看到cookie,我可以使用base64自己解碼它以獲取內部cookie。 –
這可能是非常有可能的,因爲這個人的cookie大小也有相同的問題,以及.http://stackoverflow.com/questions/12752434/getting-not-a-valid-base-64-string-on-federated-identity -token –