英文:
"No authenticationScheme was specified, and there was no DefaultChallengeScheme found." when sending request without cookie
问题
我正在使用基于cookie的身份验证制作Web应用程序。我有登录界面,后端发送cookie,然后浏览器在每个请求中都带上cookie。
但是,当我尝试访问受保护的端点(无论是否带有cookie),服务器返回的不是未经授权或OK,而是内部服务器错误,显示以下异常:
System.InvalidOperationException: 未指定身份验证方案,并且未找到默认的挑战方案。默认方案可以使用 AddAuthentication(string defaultScheme) 或 AddAuthentication(Action<AuthenticationOptions> configureOptions) 来设置。
在 Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
在 Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
在 Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
在 Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
在 Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
我的cookie身份验证配置如下:
builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "Testcookie";
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Domain = "localhost";
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(55);
options.Cookie.IsEssential = true;
});
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
当我将cookie配置更改为以下内容时:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});
在发送cookie时,端点开始正常工作,但是在尝试访问不带cookie的端点时,出现相同的500错误和相同的消息。
当配置如下时:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
我一直得到500错误。
在使用Postman或Angular进行调用时结果相同。
我完全不明白发生了什么,为什么我没有从服务器获得未经授权的响应?配置应该是什么样的,我做错了什么?
英文:
I'm making webapp with cookie-based authentication. I have login screen, backend sends cookie and then browser sends cookie with each requests.
But when I try to reach secured endpoints (with or without cookie) instead of Unauthorized or OK, server returns Internal Server Error with this exception:
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
My cookie authentication configuration looks like this:
builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "Testcookie";
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Domain = "localhost";
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(55);
options.Cookie.IsEssential = true;
});
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
When I change cookie configuration to this:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});
Endpoints starts working when cookie is send, but have same 500 error with the same message when trying to reach endpoint without cookie.
When configuration looks like this:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
I have 500 all the time.
Same result when I'm making calls from Postman or from Angular.
I totally don't understand what is going on, why I'm not getting Unauthorized from server? How this configuration should looks like, what I did wrong?
答案1
得分: 1
老实说,我认为代码应该类似下面的样子,但我不确定。
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; //如果你不使用 Jwt,我认为你可以删除这一行
}).AddCookie(/*cookie=> 这里你可以添加一些选项*/);
如果你不使用 Jwt token:
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(/*cookie=> 这里你可以添加一些选项*/);
英文:
To be honest i think the code should look something like the code bellow, not actually sure.
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; //if you dont use Jwt i think you can just delete this line
}).AddCookie(/*cookie=> you can add some options here*/);
if you don't use the Jwt token:
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(/*cookie=> you can add some options here*/);
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论