“未指定 authenticationScheme,也没有找到 DefaultChallengeScheme。”在没有 cookie 的情况下发送请求时

问题描述 投票:0回答:0

我正在使用基于 cookie 的身份验证制作 webapp。我有登录屏幕,后端发送 cookie,然后浏览器随每个请求发送 cookie。

但是当我尝试到达安全端点(有或没有 cookie)而不是未经授权或 OK 时,服务器返回内部服务器错误并出现此异常:

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

我的 cookie 身份验证配置如下所示:

            builder.Services.ConfigureApplicationCookie(options =>
            {
                options.Cookie.Name = "Testcookie";
                options.Cookie.HttpOnly = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                options.Cookie.SameSite = SameSiteMode.Lax;
                options.Cookie.Domain = "localhost";
                options.SlidingExpiration = true;
                options.ExpireTimeSpan = TimeSpan.FromMinutes(55);
                options.Cookie.IsEssential = true;
            });

            builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            });

当我将 cookie 配置更改为:


            builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            });

端点在发送 cookie 时开始工作,但在没有 cookie 的情况下尝试到达端点时出现相同的 500 错误和相同的消息。

当配置看起来像这样:


            builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            });

我一直有500个

当我从 Postman 或 Angular 拨打电话时,结果相同。

我完全不明白发生了什么,为什么我没有从服务器获得未经授权?这个配置应该是什么样子,我做错了什么?

asp.net .net cookies asp.net-identity
© www.soinside.com 2019 - 2024. All rights reserved.