The data protection operation was unsuccessful on Azure using OWIN / Katana
I\'m trying to implement password reset on an OWIN/Katana based ASP.NET MVC website running in Azure.
It works fine when run locally but fails in production.
-
If the host server is a virtual machine it could be exactly what the error message says. Check if your Application Pool in IIS really has
Load User Profileset to true like the exception says:- In the Connections pane, expand the server name, and then click Application Pools.
- Right click on you Pool
- Advanced Settings
讨论(0) -
I put this one on ice for a while but was forced to come back to it. I found the solution here: Generating reset password token does not work in Azure Website
讨论(0) -
I found a solution. I'm not exactly sure if all steps are necessary to it work, but now my app works perfectly:
1.- Update your web.config to support securityTokenHandlers
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>in the configSections node. And
<securityTokenHandlers> <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"> <sessionTokenRequirement lifetime="00:30:00"></sessionTokenRequirement> </add> </securityTokenHandlers> </identityConfiguration>as a regular node. 2.- In your Startup.Auth.cs file, update your ConfigureAuth(IAppBuilder app) like this:
public void ConfigureAuth(IAppBuilder app) { UserManagerFactory = () => { var userManager = new UserManager<SIAgroUser>(new UserStore<UserType>(new SIAgroUserDbContext())); IDataProtectionProvider provider = app.GetDataProtectionProvider(); //userManager.UserTokenProvider = new Microsoft.AspNet.Identity.Owin.DataProtectorTokenProvider<UserType>(provider.Create("PasswordReset") ); if (provider != null) { userManager.UserTokenProvider = new DataProtectorTokenProvider<UsertType, string>(provider.Create("PasswordReset")); } return userManager; }; OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); // Uncomment the following lines to enable logging in with third party login providers //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(); }3.- Clean up the constructor of your Startup class like this:
static Startup() { PublicClientId = "self"; }That worked for me :) I hope it works for you too
讨论(0) -
Getting the UserManager from the Owin Pipeline, as its set in App_Start/Startup.Auth.cs, works on Azure. I'm unsure as to how this works specifically. The DpApi should work in Azure with the solution described in the first link.
If the DpApi has a static machine key set in Web.config all server machines will be able to decrypt the encrypted data created by another machine in your webfarm is the understanding behind this.
(code as given in the standard template - from AccountController.cs)
private UserManager userManager; public UserManager UserManager { get { return userManager ?? HttpContext.GetOwinContext().GetUserManager<UserManager>(); } private set { userManager = value; } }讨论(0) -
Please see my my answer to this question. A much simpler solution can be achieved by utilizing
IAppBuilder.GetDataProtectionProvider()讨论(0) -
This error happens for me on a shared hosting provider, at the line:
var provider = new DpapiDataProtectionProvider("SITENAME");The solution was quite simple. First change the above line to this:
var provider = new MachineKeyProtectionProvider();Then create a new file, which I have in my Utilities namespace, like so:
using Microsoft.Owin.Security.DataProtection; using System.Web.Security; namespace <yournamespace>.Utilities { public class MachineKeyProtectionProvider : IDataProtectionProvider { public IDataProtector Create(params string[] purposes) { return new MachineKeyDataProtector(purposes); } } public class MachineKeyDataProtector : IDataProtector { private readonly string[] _purposes; public MachineKeyDataProtector(string[] purposes) { _purposes = purposes; } public byte[] Protect(byte[] userData) { return MachineKey.Protect(userData, _purposes); } public byte[] Unprotect(byte[] protectedData) { return MachineKey.Unprotect(protectedData, _purposes); } } }Et voila! Problem solved. Just remember, in your password reset controller method, you will also have to use this provider, otherwise you will get an
Invalid Tokenerror.讨论(0)
加载中...
- 热议问题