一切工作作为预期的本地,但是当我把它放在azure我得到的错误:
The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread’s user context,which may be the case when the thread is impersonating.
我明白这是因为应用程序不能使用DAPI,所以我需要切换到使用MAC保护我的应用程序。
本地我添加到我的webconfig: –
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,System.IdentityModel,Version=4.0.0.0,Culture=neutral,PublicKeyToken=b77a5c561934e089" />
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler,System.IdentityModel.Services,PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
如在documentation中推荐的,我添加了一个静态机器密钥,但我找不到任何建议围绕密钥长度 – 所以我假设256。
然而这个配置只是给出这个错误:
[CryptographicException: Error occurred during a cryptographic operation.]
System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func,Byte[] input) +115
System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData) +59
System.Web.Security.MachineKey.Unprotect(ICryptoServiceProvider cryptoServiceProvider,Byte[] protectedData,String[] purposes) +62
System.Web.Security.MachineKey.Unprotect(Byte[] protectedData,String[] purposes) +122
System.IdentityModel.Services.MachineKeyTransform.Decode(Byte[] encoded) +161
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie,Boolean outbound) +123
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader,SecurityTokenResolver tokenResolver) +575
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token,SecurityTokenResolver tokenResolver) +76
System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +833
System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +186
System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender,EventArgs eventArgs) +210
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously) +69
我删除了machinekey部分incase我没有指定正确格式化的键,但错误不会消失。
什么战斗WIF已经!
解决方法
所以基本上一个解决方案是让Azure生成密钥,但VIP开关后你有问题回来。为了避免它,你可以捕获Global.asax中的CryptographicException在Application_Error处理程序,像这样:
// Be sure to reference System.IdentityModel.Services
// and include using System.IdentityModel.Services;
// at the start of your class
protected void Application_Error(object sender,EventArgs e)
{
var error = Server.GetLastError();
var cryptoEx = error as CryptographicException;
if (cryptoEx != null)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
Server.ClearError();
}
}
编辑:生成machineKey的更新信息,如@anjdreas所示。
另一个解决方案是生成machineKey,可以使用IIS管理器来做到这一点,详情参见Easiest way to generate MachineKey。如果将相同的密钥放入Azure Web角色中的所有Web应用程序中,则Azure部署过程将不会替换它。
