【问题标题】:Missing owin context缺少自己的上下文
【发布时间】:2014-10-23 20:24:24
【问题描述】:

我正在尝试使用 Thinktecture.IdentityModel 中的 ResourceAuthorize 属性,但由于没有 owin 上下文,一切都停止了。

我有一个设置授权管理器的 owin 启动类

[assembly: OwinStartup(typeof(My.WebApi.Startup))]

namespace My.WebApi
{
    public class Startup
    {        
        public void Configuration(IAppBuilder app)
        {
            AuthConfig.Configure(app);
        }
    }
}

public class AuthConfig
{
    public static void Configure(IAppBuilder app)
    {         
        app.UseResourceAuthorization(new ResourceAuthorizationMiddlewareOptions
        {
            Manager = GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IResourceAuthorizationManager)) as IResourceAuthorizationManager
        });
    }
}

我知道它已被检测到并被调用。但后来,当从IdentityModel 访问以下代码时,我得到一个空指针异常:

    public static Task<bool> CheckAccessAsync(this HttpRequestMessage request, IEnumerable<Claim> actions, IEnumerable<Claim> resources)
    {
        var authorizationContext = new ResourceAuthorizationContext(
            request.GetOwinContext().Authentication.User ?? Principal.Anonymous,
            actions,
            resources);

        return request.CheckAccessAsync(authorizationContext);
    }

我已经通过并看到它是由 GetOwinContext() 返回 null 引起的,因为请求中没有 MS_OwinContextMS_OwinEnvironment 属性。

我错过了什么?

更新:

我发现我有一个可用的owin.environment 属性,但它是`HttpContextWrapper 的一部分,而不是请求。

通过四处搜索,我在System.Web.Http.WebHost.HttpControllerHandler 中发现了一些代码,看起来它应该将owin.environment 转换为MS_OwinEnvironment,但显然,在我的情况下,该代码从未被调用...

internal static readonly string OwinEnvironmentHttpContextKey = "owin.Environment";
internal static readonly string OwinEnvironmentKey = "MS_OwinEnvironment";

internal static HttpRequestMessage ConvertRequest(HttpContextBase httpContextBase, IHostBufferPolicySelector policySelector)
{
  HttpRequestBase requestBase = httpContextBase.Request;
  HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethodHelper.GetHttpMethod(requestBase.HttpMethod), requestBase.Url);
  bool bufferInput = policySelector == null || policySelector.UseBufferedInputStream((object) httpContextBase);
  httpRequestMessage.Content = HttpControllerHandler.GetStreamContent(requestBase, bufferInput);
  foreach (string str in (NameObjectCollectionBase) requestBase.Headers)
  {
    string[] values = requestBase.Headers.GetValues(str);
    HttpControllerHandler.AddHeaderToHttpRequestMessage(httpRequestMessage, str, values);
  }
  HttpRequestMessageExtensions.SetHttpContext(httpRequestMessage, httpContextBase);
  HttpRequestContext httpRequestContext = (HttpRequestContext) new WebHostHttpRequestContext(httpContextBase, requestBase, httpRequestMessage);
  System.Net.Http.HttpRequestMessageExtensions.SetRequestContext(httpRequestMessage, httpRequestContext);
  IDictionary items = httpContextBase.Items;
  if (items != null && items.Contains((object) HttpControllerHandler.OwinEnvironmentHttpContextKey))
    httpRequestMessage.Properties.Add(HttpControllerHandler.OwinEnvironmentKey, items[(object) HttpControllerHandler.OwinEnvironmentHttpContextKey]);
  httpRequestMessage.Properties.Add(HttpPropertyKeys.RetrieveClientCertificateDelegateKey, (object) HttpControllerHandler._retrieveClientCertificate);
  httpRequestMessage.Properties.Add(HttpPropertyKeys.IsLocalKey, (object) new Lazy<bool>((Func<bool>) (() => requestBase.IsLocal)));
  httpRequestMessage.Properties.Add(HttpPropertyKeys.IncludeErrorDetailKey, (object) new Lazy<bool>((Func<bool>) (() => !httpContextBase.IsCustomErrorEnabled)));
  return httpRequestMessage;
}

更新 2:

在 mvc 控制器内部,上下文是可用的。但不在 webapi 控制器中。

【问题讨论】:

  • 您可以安全地删除 global.asax 文件,这样您的应用程序中就只有一个入口点。我不确定这是否能解决问题,但它肯定会让事情变得更清洁......
  • VS 自带的 web 应用模板创建 global.asax 和启动类。有人说“保留”是可以的,因为它可以很容易地将事件挂钩... ...我不确定它是否会帮助我删除它,但会尝试。

标签: asp.net owin thinktecture-ident-model


【解决方案1】:

一位队友找到了解决方案。他只是在 owin 启动类中添加了以下行:

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

不过,为什么这能解决问题是另一个谜。但是我们正在使用 wsFederation,所以我想它需要一些方法。但是如果我们不使用 wsFed 会怎样?我们还需要它来获取上下文吗?谁知道...

【讨论】:

    猜你喜欢
    • 2021-08-05
    • 1970-01-01
    • 1970-01-01
    • 2014-12-19
    • 2016-02-13
    • 1970-01-01
    • 2016-10-21
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多