发送 HTTP 标头后，DotNetOpenAuth 授权无法设置状态？

Question

我的 elmah 错误日志充满了异常：

发送 HTTP 标头后服务器无法设置状态。

这些请求中有 70% 是由爬虫（alexa、googlebot）引起的，我不能保证其余请求不是带有假 cookie、代理字符串等的机器人，但其中一些请求看起来确实是合法的。

这是发生错误的Facebook授权方法：

  public class FacebookClient : WebServerClient 
    {
        private static readonly AuthorizationServerDescription FacebookDescription = new AuthorizationServerDescription 
        {
            TokenEndpoint = new Uri("https://graph.facebook.com/oauth/access_token"),
            AuthorizationEndpoint = new Uri("https://graph.facebook.com/oauth/authorize"),
        };

        /// <summary>
        /// Initializes a new instance of the <see cref="FacebookClient"/> class.
        /// </summary>
        public FacebookClient() : base(FacebookDescription) 
        {
        }
    }

---

 private static readonly FacebookClient client = new FacebookClient
    {
        ClientIdentifier = ConfigurationManager.AppSettings["facebookAppID"],

        ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(ConfigurationManager.AppSettings["facebookAppSecret"]),
    };

---

    [AllowAnonymous]
    public ActionResult Facebook(string returnUrl)
    {
        IAuthorizationState authorization = client.ProcessUserAuthorization();

        if (authorization == null)
        {
            var scope = new List<string>();

            scope.Add("email");

            client.RequestUserAuthorization(scope);
        }
        else
        {
            try
            {
                var request = WebRequest.Create("https://graph.facebook.com/me?&access_token=" + Uri.EscapeDataString(authorization.AccessToken));

                using (var response = request.GetResponse())

                using (var responseStream = response.GetResponseStream())
                {
                    var graph = FacebookGraph.Deserialize(responseStream);

                    if (Membership.GetUser(graph.Id.ToString()) == null)
                    {
                        MembershipCreateStatus membershipCreateStatus = MembershipCreateStatus.Success;

                        var user = Common.CreateUser(membershipCreateStatus, graph.Id.ToString(), HttpUtility.HtmlEncode(graph.Email));

                        if (membershipCreateStatus != MembershipCreateStatus.Success)
                        {
                            TempData["message"] = "Unsuccessful creation of Account. " + membershipCreateStatus.ToString();

                            return RedirectToAction("Login", "Account");
                        }

                        if (membershipCreateStatus == MembershipCreateStatus.Success)
                        {

                            AddUserShortID((Guid)user.ProviderUserKey, HttpUtility.HtmlEncode(graph.Name));

                            Common.Authorize(graph.Id.ToString());
                        }
                    }
                    else
                    {
                        Common.Authorize(graph.Id.ToString());
                    }
                }
            }
            catch
            {
                TempData["message"] = "Unsuccessful creation of Account. ";

                return RedirectToAction("Login", "Account");
            }
        }

        if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl))
        {
            return Redirect(returnUrl);
        }

        return RedirectToAction("Index", "Home");
    }

这里代码中最可疑的部分可能导致这种行为？为什么这种情况大部分时间都发生在机器人身上？有没有办法重现这样的东西？

更新：这不仅仅是由机器人引起的，我昨天也遇到了这个异常，只是在日志中，在浏览器中我没有找到 graph.facebook.com/...

Answer 1

我发现当这个异常发生时，当我被重定向到 Facebook 登录页面时，如果你刷新页面或输入登录信息错误，或者如果页面当前不可用，无论出于何种原因，此异常被记录但 最重要的是用户不会看到任何异常情况发生，也不会在登录时遇到任何问题。