我正在研究使用WIF识别在EPiServer上运行的客户站点的部件上的用户的可能性。我已经成功地得到WIF使用,除其他外,以下后踢:EPiServer和Windows Identity Foundation(WIF)
这工作得很好,如果你设置
<authorization>
<deny users="?"/>
</authorization>
在web.config中
,使所有的请求都需要经过身份验证的用户。但是,我们希望使用EPiServer来分隔匿名用户和经过身份验证的用户可以使用的内容。问题是,我无法让它工作。
当启用WIF,和不设置deny users="*"
,EPiServer踢,并输出一些文本到响应流之前WIF是使执行重定向:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 01 Nov 2011 07:51:04 GMT
Connection: close
Access denied.
</pre></table></table></table></table></table></font></font></font></font></font></i></i></i></i></i></b></b></b></b></b></u></u></u></u></u><p> </p><hr>
这将导致以下错误,当WIF试图重定向到STS:
Server Error in '/' Application.
Cannot redirect after HTTP headers have been sent.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: Cannot redirect after HTTP headers have been sent.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): Cannot redirect after HTTP headers have been sent.] System.Web.HttpResponse.Redirect(String url, Boolean endResponse) +8712587
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.RedirectToIdentityProvider(String uniqueId, String returnUrl, Boolean persist) +249
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnEndRequest(Object sender, EventArgs args) +438
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
我已经搜索了高和低,以便能够覆盖此行为。在EPiServer.dll,我发现下面的地方,其输出类似于输出文本:
AccessDeniedDelegateHandler.cs
,方法BrowserLogonAccessDenied(object sender)
:
internal static void BrowserLogonAccessDenied(object sender)
{
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.Status = "401 Unauthorized";
HttpContext.Current.Response.Write("Access denied.");
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.End();
}
此代码是从以下两个地方调用,只要我能见:
EPiServer.Global
,方法protected virtual void HandleAccessDenied()
EPiServer.PageBase
,方法public virtual void AccessDenied()
我试图覆盖HandleAccessDenied
Global.asax
,并在我的页面模板中覆盖AccessDenied
。但是,仍然输出“访问被拒绝”文本。它好像在我的页面模板中覆盖AcccessDenied
正在触发,但HandleAccessDenied
的覆盖似乎并未触发。
任何提示可能是错误的地方?
我不是依靠Forms身份验证,但也许这是一个好主意。但是,我必须重写EPiServer功能的唯一原因是,如果您不使用窗体身份验证,它们会刷新响应流。我认为正确的修复方法是EPiServer内置功能不会刷新响应流。然后WIF可以开箱即用...... –