.NET Core 3.1 OAUTH 2 带有自定义 JSON 响应的令牌自省 - “无法设置状态代码,因为响应已开始”
我已经尝试过所有解决方案 这里,什么都不起作用。
我正在使用包 IdentityModel.AspNetCore.OAuth2Introspection v6.0.0。我的业务用例是,当身份验证失败时,我必须返回 401 Unauthorized 状态代码以及响应中的自定义 JSON 对象。这段代码可以返回 JSON 对象,但每次都会在后端抛出相同的错误,一旦这种情况开始发生,我的应用程序的延迟就会急剧增加。
这是我到目前为止所得到的:
services.AddAuthentication("Bearer")
.AddOAuth2Introspection(options =>
{
options.Authority = _idpAuthority;
options.ClientId = _apiResourceName;
options.ClientSecret = _apiResourceSecret;
options.Events.OnAuthenticationFailed = async context =>
{
context.NoResult();
if (!context.Response.HasStarted)
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
await context.Response.Body.WriteAsync(JsonSerializer.SerializeToUtf8Bytes(new ErrorListResponseModel().AddError("401", "UNAUTHORIZED")));
}
};
});
这会产生错误:
System.InvalidOperationException:无法设置 StatusCode,因为 响应已经开始。
此错误的日志记录调用站点是 Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.ReportApplicationError。
无论我添加还是删除 context.NoResult() - 没有区别。
我尝试过使用同步委托函数并返回 Task.CompletedTask - 没有区别。
如果我没有显式设置 context.Response.StatusCode,我会在响应中收到 200 状态代码,并且错误仍然会抛出!
图书馆的言论表明
如果在请求处理期间抛出异常,则调用。除非被抑制,否则在此事件后将重新引发异常。
。 。 。但我没有看到任何关于如何抑制这些异常的建议。
请帮忙
I have already tried all the solutions here, and nothing is working.
I am using package IdentityModel.AspNetCore.OAuth2Introspection v6.0.0. The business use case I have is that I have to return a 401 Unauthorized status code plus a custom JSON object in the response when authentication fails. This code works to return the JSON object, BUT it throws the same error on the backend each time, and once that starts happening, latency shoots up on my app.
Here's what I have so far:
services.AddAuthentication("Bearer")
.AddOAuth2Introspection(options =>
{
options.Authority = _idpAuthority;
options.ClientId = _apiResourceName;
options.ClientSecret = _apiResourceSecret;
options.Events.OnAuthenticationFailed = async context =>
{
context.NoResult();
if (!context.Response.HasStarted)
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
await context.Response.Body.WriteAsync(JsonSerializer.SerializeToUtf8Bytes(new ErrorListResponseModel().AddError("401", "UNAUTHORIZED")));
}
};
});
This produces the error:
System.InvalidOperationException: StatusCode cannot be set because the
response has already started.
The logging callsite of this error is Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.ReportApplicationError.
Whether I add or remove context.NoResult() -- no difference.
I've tried using a synchronous delegate function and returning Task.CompletedTask instead -- no difference.
If I don't explicitly set the context.Response.StatusCode, I get a 200 status code in the response, AND the error still throws!
The remarks in the library suggest that
Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
. . . but I don't see any suggestions on how to suppress these exceptions.
Please help ????
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我通过将此代码从
OnAuthenticationFailed事件中取出并将其移至 Startup.cs 的Configure(IApplicationBuilder app)部分来解决此问题:I resolved this by taking this code out of the
OnAuthenticationFailedevent and moving it into theConfigure(IApplicationBuilder app)part of Startup.cs: