ChatGPT解决这个技术问题 Extra ChatGPT

I am having an issue with the anti-forgery token :( I have created my own User class which worked fine but now I am getting an error whenever I go to the /Account/Register page. The error is:

A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier, it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier.

I found this article:

http://stack247.wordpress.com/2013/02/22/antiforgerytoken-a-claim-of-type-nameidentifier-or-identityprovider-was-not-present-on-provided-claimsidentity/

so I changed my Application_Start method to this: 

protected void Application_Start()
{
    AreaRegistration.RegisterAllAreas();

    FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
    RouteConfig.RegisterRoutes(RouteTable.Routes);
    BundleConfig.RegisterBundles(BundleTable.Bundles);

    AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;
}

but when I do that, I get this error:

A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' was not present on the provided ClaimsIdentity.

Has anyone come across this before? If so, do you know how to solve it?

Here is my custom user class: 

public class Profile : User, IProfile
{
    public Profile()
        : base()
    {
        this.LastLoginDate = DateTime.UtcNow;
        this.DateCreated = DateTime.UtcNow;
    }

    public Profile(string userName)
        : base(userName)
    {
        this.CreatedBy = this.Id;

        this.LastLoginDate = DateTime.UtcNow;
        this.DateCreated = DateTime.UtcNow;

        this.IsApproved = true;
    }
    
    [NotMapped]
    public HttpPostedFileBase File { get; set; }

    [Required]
    public string CompanyId { get; set; }

    [Required]
    public string CreatedBy { get; set; }
    public string ModifiedBy { get; set; }

    public DateTime DateCreated { get; set; }
    public DateTime? DateModified { get; set; }
    public DateTime LastLoginDate { get; set; }

    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredTitle")]
    public string Title { get; set; }
    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredFirstName")]
    public string Forename { get; set; }
    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredLastName")]
    public string Surname { get; set; }

    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredEmail")]
    public string Email { get; set; }
    public string JobTitle { get; set; }
    public string Telephone { get; set; }
    public string Mobile { get; set; }
    public string Photo { get; set; }
    public string LinkedIn { get; set; }
    public string Twitter { get; set; }
    public string Facebook { get; set; }
    public string Google { get; set; }
    public string Bio { get; set; }

    public string CompanyName { get; set; }

    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredCredentialId")]
    public string CredentialId { get; set; }
    [Required(ErrorMessageResourceType = typeof(Resources.Resources), ErrorMessageResourceName = "RequiredSecurityCode")]
    public bool IsLockedOut { get; set; }
    public bool IsApproved { get; set; }

    [Display(Name = "Can only edit own assets")]
    public bool CanEditOwn { get; set; }
    [Display(Name = "Can edit assets")]
    public bool CanEdit { get; set; }
    [Display(Name = "Can download assets")]
    public bool CanDownload { get; set; }
    [Display(Name = "Require approval to upload assets")]
    public bool RequiresApproval { get; set; }
    [Display(Name = "Can approve assets")]
    public bool CanApprove { get; set; }
    [Display(Name = "Can synchronise assets")]
    public bool CanSync { get; set; }

    public bool AgreedTerms { get; set; }
    public bool Deleted { get; set; }
}

public class ProfileContext : IdentityStoreContext
{
    public ProfileContext(DbContext db)
        : base(db)
    {
        this.Users = new UserStore<Profile>(this.DbContext);
    }
}

public class ProfileDbContext : IdentityDbContext<Profile, UserClaim, UserSecret, UserLogin, Role, UserRole>
{
}

I profile is just simple for my repositories, looks like this: 

public interface IProfile
{
    string Id { get; set; }
    string CompanyId { get; set; }
    
    string UserName { get; set; }
    string Email { get; set; }

    string CredentialId { get; set; }
}

and the User class is the Microsoft.AspNet.Identity.EntityFramework.User class. My AccountController looks like this: 

[Authorize]
public class AccountController : Controller
{
    public IdentityStoreManager IdentityStore { get; private set; }
    public IdentityAuthenticationManager AuthenticationManager { get; private set; }
    
    public AccountController() 
    {
        this.IdentityStore = new IdentityStoreManager(new ProfileContext(new ProfileDbContext()));
        this.AuthenticationManager = new IdentityAuthenticationManager(this.IdentityStore);
    }

    //
    // GET: /Account/Register
    [AllowAnonymous]
    public ActionResult Register()
    {
        return View();
    }

    //
    // POST: /Account/Register
    [HttpPost]
    [AllowAnonymous]
    public async Task<ActionResult> Register(RegisterViewModel model)
    {
        if (ModelState.IsValid)
        {
            try
            {
                // Create a profile, password, and link the local login before signing in the user
                var companyId = Guid.NewGuid().ToString();
                var user = new Profile(model.UserName)
                {
                    CompanyId = companyId,
                    Title = model.Title,
                    Forename = model.Forename,
                    Surname = model.Surname,
                    Email = model.Email,
                    CompanyName = model.CompanyName,
                    CredentialId = model.CredentialId
                };

                if (await IdentityStore.CreateLocalUser(user, model.Password))
                {
                    //Create our company
                    var company = new Skipstone.Web.Models.Company()
                    {
                        Id = companyId,
                        CreatedBy = user.Id,
                        ModifiedBy = user.Id,
                        Name = model.CompanyName
                    };

                    using (var service = new CompanyService())
                    {
                        service.Save(company);
                    }

                    await AuthenticationManager.SignIn(HttpContext, user.Id, isPersistent: false);
                    return RedirectToAction("Setup", new { id = companyId });
                }
                else
                {
                    ModelState.AddModelError("", "Failed to register user name: " + model.UserName);
                }
            }
            catch (IdentityException e)
            {
                ModelState.AddModelError("", e.Message);
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

    //
    // POST: /Account/Setup
    public ActionResult Setup(string id)
    {
        var userId = User.Identity.GetUserId();
        using (var service = new CompanyService())
        {
            var company = service.Get(id);
            var profile = new Profile()
            {
                Id = userId,
                CompanyId = id
            };

            service.Setup(profile);

            return View(company);
        }
    }
}

It used to be decorated with the [ValidateAntiForgeryToken] attribute, but that is where it stopped working.

Why?

Can you show us the custom User class and how you used it?
I have added the custom User class, plus how I am using it.
You are using the beta version. I suggest that you upgrade to release version then see if the problem still occurs.

J
Jon

Try setting (in global.cs): 

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
I think it's important to note why this works: This tells the AntiForgery class to use the NameIdentifier (which is the user id string found by GetUserId). Thanks to Mike Goodwin's answer in helping me learn this!
I set this in Global.asax.cs
This is also the solution if you're using OpenId (ie Azure ActiveDirectory) as your authenticaiton.
Full namespaces.. I had to do some digging to find out where ClaimTypes was held. System.Web.Helpers.AntiForgeryConfig.UniqueClaimTypeIdentifier = System.Security.Claims.ClaimTypes.NameIdentifier;
This is in System.Web.WebPages.dll, v2.0.0.0, so don't forgot include this reference to project
M
Mike Goodwin

Do you know what claims you do get in your ClaimsIdentity? If not:

Remove the [ValidateAntiForgeryToken] attribute Put a breakpoint somewhere in your controller and break at it Then look at the current ClaimsIdentity and examine the claims Find one that you think will uniquely identify your user Set the AntiForgeryConfig.UniqueClaimTypeIdentifier to that claim type Put back the [ValidateAntiForgeryToken] attribute

More than providing the direct spoon feed answer, this one tells the background and enables self discovery. :) Thanks a lot
this really helped me. It turned out I got a claim fro another application running on my localhost, in my application where there are no claims used (which is why the claims thing sounded weird to me). So when I logged out of the other application, the claims were gone and so was the error. On the live-test- environment these sites are more separated. So I think I need the above mentioned solution, but only for local development.
I find this answer much more helpful. In my case, I'm converting an existing application to use IdentityServer, and this error started showing up. Using Mike's method I was able to check the claims and use an appropriate claim, such as the subject id (sub claim).
A
Ali Behzadian Nejad

Just put this in global.asax.cs 

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;
Thanks. What I don't get is why I had to make this change, I fixed a few different issues I was having with my code last night and everything worked just fine. Without changing anything, I tested this on another machine and it all worked until a few minutes ago.
G
Gurgen Sargsyan

Try open link in incognito window or clear cookie from that domain(i.e. localhost).

Why does this work and what is the cause of the problem?
This works because when you have a session cookie with invalid nameidentifier, the server tries to use the invalid identifier without redirecting the user to the log-in page and get the proper nameidentifier.
c
cederlof

Edit: Having a greater understanding of this problem at this moment, you can disregard my answer below.

Setting AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier; in Application_Start() of Global.asax.cs fixed it for me. Even though I have the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier set, I get the same error as in the original question. But pointing it out as above somehow works.

Starting with MVC4 the anti-forgery-token doesn't use User.Identity.Name as the unique identifier. Instead it looks for the two claims given in the error message.

Update NOTE: This should not be needed You can add the missing claims to your ClaimsIdentity when the user is being logged in, like so: 

string userId = TODO;
var identity = System.Web.HttpContext.Current.User.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", userId));
identity.AddClaim(new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", userId));

Note that one of the claims might already be there from before, and you will get an error with duplicate claims if you add both. If so, just add the one missing.

I understand why you are using userId as the "/nameidentifier", but why are you putting in the userId as the "/identityprovider"?
E
EstevaoLuis

In Global.asax.cs,

1.Add these namespaces 

using System.Web.Helpers;
using System.Security.Claims;

2.Add this line in method Application_Start: 

 protected void Application_Start()
 {
       .......
       AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;
 }
How does it adds any more value than the ones answered above
Thanks for adding the usings. @NitinSingh I think that adds more value because I didn't know which of three potential namespaces in my project to use.
Whenever you add a new functionality, it will ask for correct references. Once it compiles, you should remove unused ones via Refactor menu on right click
A
Ashu

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;

Works for my case I am using ADFS Authentication.

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.