Claims系列 - ID3206错误 (A signin response may only redirect within the current web application: (url) is not allowed)
2012-07-25 11:03
1721 查看
前言
最近做一个有关用户认证及授权的项目,可以使用不同的的认证方式(传统的用户名/密码、域用户、Facebook用户和Windows Live用户),单点登录到应用程序中。用到的技术是微软的Claims 3.5,兼及WCF,证书,Asp.net, Windows Forms, 活动目录,AD FS2.0, OAuth 2.0等。
目前架构设计及原型论证的工作已经结束, 准备对其中碰到的一些问题和解决方案写出来。一方面作为备份笔记、另一方面也希望对从事这方面开发的园友碰到类似问题时时有些帮助。
读者对象
理解Claims基本概念,并从事基于Claims认证和授权应用程序开发的人员。ID3206错误
错误原因:
在Relying Party应用程序为Asp.net程序时,如果请求认证的url和配置文件中的audienceUris值不匹配时,就会出现这个错误。错误现象:
例如,我一个MetroMonitro的Asp.net应用程序;部署方式为IIS7中虚拟目录.a) Web.config中配置如下:
b)在浏览器中键入"http://cnxa1er-l0813.emrsn.org/MetroMonitor"(注意没有结束的斜杠)
c)敲回车键;进入认证方式选择页面;
d)选择任意一种登录方式(此处为Windows Live)
e)输入Windows Live帐号,并登录成功后出现错误:
解决方案:
由于请求的url比配置文件少了一个斜杆,因此只需要在每次请求时判断一个是否带有斜杆;没有的话,自动添加上就OK了。具体实现如下:
a) 添加Global.asax文件(如果不存在的话);
b)在Application_BeginRequest事件添加如下代码:
1 public class Global : System.Web.HttpApplication
2 {
3
4 private void Application_BeginRequest(object sender, EventArgs e)
5 {
6 // workaround for "ID3206: A signin response may only redirect within the current web application: (url) is not allowed"
7 if (String.Compare(Request.Path, Request.ApplicationPath, StringComparison.InvariantCultureIgnoreCase) == 0
8 && !(Request.Path.EndsWith("/")))
9 Response.Redirect(Request.Path + "/");
10 }
11 }
相关文章推荐
- The URL "filename" is invalid. It may refer to a nonexistent file or folder, or refer to a valid file or folder that is not in the current Web
- Sharepoint Error : The URL "filename" is invalid. It may refer to a nonexistent file or folder, or refer to a valid file or folder that is not in the current Web
- Unable to start debugging on the web server. You do not have permission to debug the application. The URL for this project is in
- Claims系列 - ID4036错误(The key needed to decrypt the encrypted security token could not be resolved from the following security key identifier)
- The current branch is not configured for pull No value for key remote.origin.url found in configurat
- 由于空格引起的xml错误之The processing instruction target matching "[xX][mM][lL]" is not allowed以及the markup in the document prec
- Request header field sessionId is not allowed by Access-Control-Allow-Headers in preflight response.
- 错误:The MagicAjax HttpModule is not included in web.config. Add [<httpModules><add name="MagicAjax" type="MagicAjax.Magic
- SQL SERVER – Fix: Error Msg 128 The name is not permitted in this context. Only constants, expressions, or variables allowed her
- response错误:Request header field Content-Type is not allowed by Access-Control-Allow-Headers in prefl
- zabbix web 登录成功后提示(红色提示):zabbix server is not running:the information displayed may not be current
- Git hub pull时候的错误 : The current branch is not configured for pull No value for key branch.master.merge found in configuration
- 关于创建FLex项目时候的 Cannot access the web server. The server may not be running, or the web root folder or root URL may be invalid.错误
- UISearchController Attempting to load the view of a view controller while it is deallocating is not allowed and may result in undefined behavior
- phpnow:open_basedir restriction in effect;file is not within the allowed path的解决办法
- phpnow:open_basedir restriction in effect;file is not within the allowed path的解决办法
- PRB: "Requested Registry Access Is Not Allowed" Error Message When ASP.NET Application Tries to Write New EventSource in the Eve
- git 出现The current branch is not configured for pull No value for key branch.master.merge found in configuration错误的解决办法
- The service cannot be activated because it does not support ASP.NET compatibility. ASP.NET compatibility is enabled for this application. Turn off ASP.NET compatibility mode in the web.config or add the AspNetCompatibilityRequirements attribute to the ser
- The current branch is not configured for pull No value for key branch.master.merge found in configur