“CustomIdentity”上的 SerializationException 当用户在 ASP.NET 中被拒绝时
我尝试在现有数据库之上实现 ASP.NET 身份验证和授权。 我们有一个网站调用网络服务来获取其数据。 要使用网络服务,我需要提供用户名和密码。 知道这一点后,我决定实现 IIdentity 和 IPrincipal 来存储加密密码,并能够在执行 Web 服务调用时提供它。 将来,我们可能希望更多地使用 ASP.NET 的内置安全性,因此我实现成员资格和角色提供程序并重写我需要的内容(ValidateUser 和 GetRoles) 不过,在通过会员提供程序实现验证用户后,我仍然将自己的 CustomIdentity 设置为 Context.User,以便能够在需要时检索其密码。
只要允许用户访问该页面,它就可以完美运行。 但是当用户被拒绝时,框架不会抛出 AccessDeniedException,而是对我的 CustomIdentity 抛出序列化异常。 我发现完全相似的行为,此链接描述了更多详细信息 ,但尚未发布任何答案。
我的例外情况与上面的链接完全相同
Type is not resolved for member'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.Serialization.SerializationException: Type is not resolved for member 'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SerializationException: Type is not resolved for member 'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.]
Microsoft.VisualStudio.WebHost.Connection.get_RemoteIP() +0
Microsoft.VisualStudio.WebHost.Request.GetRemoteAddress() +65
System.Web.HttpRequest.get_UserHostAddress() +18
System.Web.HttpRequest.get_IsLocal() +13
System.Web.Configuration.CustomErrorsSection.CustomErrorsEnabled(HttpRequest request) +86
System.Web.HttpContext.get_IsCustomErrorEnabled() +42
System.Web.Configuration.UrlAuthFailedErrorFormatter.GetErrorText(HttpContext context) +16
System.Web.Security.UrlAuthorizationModule.WriteErrorMessage(HttpContext context) +29
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +8777783
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
同时使用成员资格和自定义 IIdentity 和 IPrincipal 是否正确? 如果没有,如果我使用成员资格和角色提供程序,在哪里添加密码或其他用户数据等属性?
谨致问候,
斯蒂芬·埃布雷希
I try to implement ASP.NET Authentication and Authorization on top of our existing database.
We have a website calling a webservice to fetch its data. To use the webservice, i need to provide the username and password.
Knowing that, I decided to implement IIdentity and IPrincipal to store the encrypted password and be able to provide it when performing webservice calls.
In the future, we might want to use more of the built-in security of asp.net, so I implement membership and role provider and override just what I need (ValidateUser and GetRoles)
Though, after validating the user thanks to the membership provider implementation I am still setting my own CustomIdentity to the Context.User to be able to retrieve its password when needed.
It's working perfectly as long as the user is allowed to visit the page. but when the user is denied, instead of throwing an AccessDeniedException, the framework throws a Serialization exception on my CustomIdentity.
I found a perfectly similar behaviour with more details described on this link , but no answer have been posted.
My exception is exactly the same as on the link above
Type is not resolved for member'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.Serialization.SerializationException: Type is not resolved for member 'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SerializationException: Type is not resolved for member 'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.]
Microsoft.VisualStudio.WebHost.Connection.get_RemoteIP() +0
Microsoft.VisualStudio.WebHost.Request.GetRemoteAddress() +65
System.Web.HttpRequest.get_UserHostAddress() +18
System.Web.HttpRequest.get_IsLocal() +13
System.Web.Configuration.CustomErrorsSection.CustomErrorsEnabled(HttpRequest request) +86
System.Web.HttpContext.get_IsCustomErrorEnabled() +42
System.Web.Configuration.UrlAuthFailedErrorFormatter.GetErrorText(HttpContext context) +16
System.Web.Security.UrlAuthorizationModule.WriteErrorMessage(HttpContext context) +29
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +8777783
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
Is it correct to use membership and custom IIdentity and IPrincipal at the same time?
If not, where to add properties like the password or other userdata if I use the membership and role providers?
Best regards,
Stephane Erbrech
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
也可以通过将包含自定义标识的程序集添加到开发计算机上的 GAC 来解决此问题。
This can also be resolved by adding the assembly containing your custom identity to the GAC on your dev machine.
就我而言,我只需从
MarshalByRefObject继承即可。In my case, I simply had to inherit from
MarshalByRefObject.这可能不是正确的答案,但我也遇到了这个问题,但已修复。
最初,我只有一个继承
GenericIdentity(或实现IIdentity)的自定义类。 当我最终创建一个继承GenericPrincipal(或实现IPrincipal)的自定义类时,这一切都起作用了吗?我的
CustomPrincipal类除了继承自GenericPrincipal之外什么也没做,并且有一个调用基本构造函数的构造函数。CustomPrincipal和CustomIdentity类都没有隐含任何Serialization或ISerialized内容。 话又说回来,我的课程都是非常基础的。This might not be the correct answer, but I had this issue also but fixed it.
Originally, I just had a custom class that inherited
GenericIdentity(or implimentedIIdentity). When I finally created a custom class which inherittedGenericPrincipal(or implimentedIPrincipal) then it all worked?my
CustomPrincipalclass did nothing but inherited fromGenericPrincipaland had one constructor which called the base constructor.Both the
CustomPrincipalandCustomIdentityclasses did NOT impliment anySerializationorISerializablestuff. Then again, my classes were all very basic.尝试使用 CustomIdentity 运行 Web 应用程序时,我遇到了同样的问题。 为了将项目设置为在 VS 2008 中使用 IIS,您需要在 Web 应用程序项目中定义应用程序池的 URL。
I had the same issue when trying to run the web app using CustomIdentity. In order to set the project to use your IIS in VS 2008, you will need to define the URL to your application pool in your web application project.
经过更多测试后,根据我发布的链接所说,似乎只有当我从 Visual Studio 在调试模式下运行时才会发生此错误。 如果我将项目设置为在 IIS 中运行,错误就会消失,安全实现将按预期工作。
---那么这是在 Visual Studio 中实现的轻量级 Web 服务器中的错误吗?---
编辑:
您可以进入 Web 项目的“属性”,转到“Web”选项卡,然后选中“使用本地 IIS 服务器”。 但是,这需要您以管理员身份运行 Visual Studio 并在计算机上安装 IIS,以便 VS 加载项目时可以在本地 IIS 服务器中创建虚拟目录。
after some more testing, according to what the link I posted said, it seems that this error is happening only when I run in debug mode from visual studio. If I set the project to run in IIS, the error is gone and the security implementation works as expected.
---Is that a bug in the lightweight webserver implemented in Visual studio then?---
Edit :
You can go in the Properties of your web project, go to the "Web" tab, and check "Use local IIS Server". However, this will require you to run Visual Studio as an Administrator and to have IIS installed on your machine, so that VS can create the virtual directory in the local IIS server when it loads the project.