Iis System.InvalidOperationException:未配置任何身份验证处理程序来处理方案:自动
情景:Iis System.InvalidOperationException:未配置任何身份验证处理程序来处理方案:自动,iis,asp.net-core,asp.net-core-mvc,authorize-attribute,kestrel-http-server,Iis,Asp.net Core,Asp.net Core Mvc,Authorize Attribute,Kestrel Http Server,情景: 创建新的Asp.Net核心(1.0.0版)项目 选择Web API模板 在默认值控制器上添加[Authorize]属性 运行应用程序 如果我使用IIS运行应用程序并向http://localhost:60513/api/values我得到了预期的401未授权错误 但是,如果我使用Kestrel运行应用程序(例如:dotnet run),并向http://localhost:5000/api/values我收到一个500内部服务器错误,kestrel出现以下异常: Now listenin
[Authorize]
属性http://localhost:60513/api/values
我得到了预期的401未授权错误
但是,如果我使用Kestrel运行应用程序(例如:dotnet run
),并向http://localhost:5000/api/values
我收到一个500内部服务器错误
,kestrel出现以下异常:
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:5000/api/values
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed for user: .
warn: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HKUMMBBBQ6AU": An unhandled exception was thrown by the application.
System.InvalidOperationException: No authentication handler is configured to handle the scheme: Automatic
at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.<ChallengeAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.ChallengeResult.<ExecuteResultAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeResultAsync>d__32.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.<RequestProcessingAsync>d__2.MoveNext()
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 282.8427ms 200
正在收听:http://localhost:5000
应用程序已启动。按Ctrl+C组合键关闭。
信息:Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
请求启动HTTP/1.1 GEThttp://localhost:5000/api/values
信息:Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
用户的授权失败:。
警告:Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
在筛选器“Microsoft.AspNetCore.Mvc.Authorization.authorizationFilter”处对请求的授权失败。
信息:Microsoft.AspNetCore.Mvc.ChallengeResult[1]
使用身份验证方案()执行ChallengeResult。
失败:Microsoft.AspNetCore.Server.Kestrel[13]
连接id“0HKUMMBBBBQ6AU”:应用程序引发了未经处理的异常。
System.InvalidOperationException:未配置任何身份验证处理程序来处理方案:自动
在Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.d_u12.MoveNext()中
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Mvc.ChallengeResult.d_u14.MoveNext()上
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d_u32.MoveNext()中
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d_u18.MoveNext()中
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Builder.RouterMiddleware.d_u4.MoveNext()上
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d_u3.MoveNext()中
---来自引发异常的上一个位置的堆栈结束跟踪---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务任务)
在System.Runtime.CompilerServices.TaskWaiter.HandleNonSuccessAndDebuggerNotification(任务任务)中
在Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d_uu2.MoveNext()中
信息:Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
请求在282.8427ms 200内完成
我的问题是为什么我的应用程序根据托管它的服务器有不同的结果?为什么Kestrel和IIS处理授权的方式不同
请注意,StackOverflow-like或中也有类似的问题,但它们都适用于涉及过滤器或中间件的更复杂的场景
我在AspNet管道中没有MVC以外的任何中间件,除了[Authorize]
属性之外的所有代码都是由AspNet Web Api模板自动生成的。根据在AspNet安全中的,任何操作或控制器上的Authorize属性都要求管道中至少有一个auth中间件才能发出质疑。
当使用IIS时,会使用IIS中间件,但当使用Kestrel时,没有处理此问题的身份验证中间件,因此我们需要添加自己的身份验证中间件。请阅读标记的正确用法。关于哪些标记不应存在的任何建议?您不应强制在标题中添加标记。我非常想知道答案-有更新吗?我们应该就GitHub问题询问ASP.Net核心团队吗?@user917170在这里查看此线程。我在一段时间前用AspNet Security打开了这个问题