【发布时间】:2012-02-01 17:28:18
【问题描述】:
我只是按照以下说明进行操作here。
但是我的 ASP.NET MVC3 应用程序在 HTTPS 端点上运行在 Azure 上时仍然遇到奇怪的问题。我已经加载了 HTTPS 证书,并且它已经在单个角色实例上持续部署了很长一段时间,没有任何问题。但是,就在最近我开始部署多个实例并遇到“密钥在指定状态下无效”和“值不能为空”。参数名称:证书错误。
但我现在有一个新的:
'无法读取超出流末尾的内容。'
看起来很香草。在查看堆栈跟踪之前,从 DPAPI 迁移到 RSA cookie 转换的问题并不明显。
[EndOfStreamException:无法读取超出流末尾的内容。] System.IO.MemoryStream.InternalReadInt32() +12750266 Microsoft.IdentityModel.Web.RsaEncryptionCookieTransform.Decode(Byte[] 编码) +369 Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +189 Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +862 Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +109 Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +356 Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +123 Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(对象发送者,EventArgs eventArgs)+61 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
我已将以下代码添加到 global.asax:
void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
//
// Use the <serviceCertificate> to protect the cookies that are sent to the client.
//
List<CookieTransform> sessionTransforms = new List<CookieTransform>(
new CookieTransform[] {
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate) });
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
还有这段代码:
void WSFederationAuthenticationModule_RedirectingToIdentityProvider(object sender, RedirectingToIdentityProviderEventArgs e)
{
// In the Windows Azure environment, build a wreply parameter for the SignIn request
// that reflects the real address of the application.
HttpRequest request = HttpContext.Current.Request;
Uri requestUrl = request.Url;
StringBuilder wreply = new StringBuilder();
wreply.Append(requestUrl.Scheme); // e.g. "http" or "https"
wreply.Append("://");
wreply.Append(request.Headers["Host"] ?? requestUrl.Authority);
wreply.Append(request.ApplicationPath);
if (!request.ApplicationPath.EndsWith("/")) wreply.Append("/"); e.SignInRequestMessage.Reply = wreply.ToString();
}
【问题讨论】:
-
我也有这个问题。这非常令人沮丧 - 如果您找到了解决方案,请告诉我!