问题描述
此错误使我的应用返回错误请求。该应用程序在Nginx上运行。虽然我有这段代码来管理我的防伪令牌:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
.....
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection()
.SetApplicationName("mysample")
.PersistKeysToFileSystem(new
System.IO.DirectoryInfo(Path.Combine(Directory.GetCurrentDirectory(),@"var/dpkeys/" )));
services.AddAntiforgery(antiforgeryOptions =>
{
antiforgeryOptions.HeaderName = "X-XSRF-TOKEN";
});
}
public void Configure(IApplicationBuilder app,IHostingEnvironment env,ILoggerFactory
loggerFactory,IAntiforgery antiForgery,Seed seeder)
{
....
app.UseAntiforgeryToken();
}
}
反伪造中间件如下:
public class AntiforgeryTokenMiddleware
{
private readonly RequestDelegate _next;
private readonly IAntiforgery _antiforgery;
private readonly ILogger<Program> _logger;
public AntiforgeryTokenMiddleware(RequestDelegate next,IAntiforgery antiforgery,ILogger<Program> logger)
{
_next = next;
_logger = logger;
_antiforgery = antiforgery;
}
public Task Invoke(HttpContext context)
{
string path = context.Request.Path.Value;
if (context.Request.Path.Value.IndexOf("/api",StringComparison.OrdinalIgnoreCase) != -1)
{
// The request token can be sent as a JavaScript-readable cookie,// and Angular uses it by default.
var tokens = _antiforgery.GetAndStoretokens(context);
context.Response.Cookies.Append("XSRF-TOKEN",tokens.RequestToken,new CookieOptions()
{
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None,HttpOnly = true
});
}
return _next(context);
}
}
public static class AntiforgeryTokenMiddlewareExtensions
{
public static IApplicationBuilder UseAntiforgeryToken(this IApplicationBuilder builder)
{
return builder.UseMiddleware<AntiforgeryTokenMiddleware>();
}
}
AntiForgeryController如下:
[ApiController]
[Route("api/antiforgery")]
public class AntiForgeryController : ControllerBase
{
private IAntiforgery _antiForgery;
private ISecurityService _securityService;
public IConfiguration _configuration;
private readonly ILogger<Program> _logger;
public AntiForgeryController(IAntiforgery antiForgery,ISecurityService securityService,IConfiguration configuration,ILogger<Program> logger)
{
_antiForgery = antiForgery;
_securityService = securityService;
_configuration = configuration;
_logger = logger;
}
[AllowAnonymous]
[HttpGet("GenerateAntiForgeryTokens",Name = "GenerateAntiForgeryTokens")]
[IgnoreAntiforgeryToken]
public IActionResult GenerateAntiForgeryTokens()
{
SessionInfo sessionInfo = new SessionInfo()
{
CreateDate = DateTime.Now,SessionId = Guid.NewGuid()
};
string sessionString = JsonConvert.SerializeObject(sessionInfo);
var token = _securityService.Encrypt(_configuration.GetSection("AppSettings:Token").Value,sessionString);
HttpContext.Response.Cookies.Append("SESSION-ID",token,new Microsoft.AspNetCore.Http.CookieOptions
{
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None,HttpOnly = true
});
return Ok();
}
}
令牌似乎已成功创建,如图所示:
此外,该密钥是在AddDataProtection方法中假定的“ dpkeys”目录中创建的:
为什么我仍然收到错误的请求?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)