在联合身份令牌上获取“不是有效的Base-64字符串”

时间:2022-11-13 12:40:20

I am randomly getting a base 64 encoding error when browsing my mvc3 azure web role. I am using WIF with passive authentication to authenticate against my ADFS server. I have not be able to isolate where this is coming from, but I have an idea and am hoping for some feedback/help.

浏览我的mvc3 azure web角色时,我随机得到一个base 64编码错误。我正在使用带有被动身份验证的WIF来对我的ADFS服务器进行身份验证。我无法隔离它的来源,但我有一个想法,并希望得到一些反馈/帮助。

From the call stack it looks like it's coming from a bad cookie. The "FedAuth" cookies from wif/adfs are the only thing that show up when i look at my cookies from the chrome developer console. So I am thinking that somehow these cookies are getting corrupted or have invalid characters in them. I am working on verifying this but since the error happens randomly it's taking some time. Has anyone experienced anything similar or have any inclinations as to what could be causing this? Any help is appreciated!

从调用堆栈看起来它来自一个糟糕的cookie。当我从chrome开发者控制台查看我的cookie时,来自wif / adfs的“FedAuth”cookie是唯一出现的。所以我想这些cookie已经被破坏或者其中包含无效字符。我正在努力验证这一点,但由于错误是随机发生的,所以需要一些时间。有没有人经历过类似的事情,或者有什么倾向可能导致这种情况?任何帮助表示赞赏!

Here is the exception:

这是例外:

The input is not a valid Base-64 string as it contains a non-base 64 character, more      than two padding characters, or a non-white space character among the padding characters.
[FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or a non-white space character among the padding characters. ]
   System.Convert.FromBase64String(String s) +0
   Microsoft.IdentityModel.Web.ChunkedCookieHandler.ReadInternal(String name, HttpCookieCollection requestCookies) +613
   Microsoft.IdentityModel.Web.ChunkedCookieHandler.ReadCore(String name, HttpContext context) +174
   Microsoft.IdentityModel.Web.CookieHandler.Read(String name, HttpContext context) +133
   Microsoft.IdentityModel.Web.CookieHandler.Read(HttpContext context) +59
   Microsoft.IdentityModel.Web.CookieHandler.Read() +65
   Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +84
   Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +119
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

I've been doing some more testing on my cookies and I can see that with every request that my fedauth cookie gets bigger and bigger. This could be part or all of the problem. Eventually, and randomly something is appending some bad characters. The token ends with these closeing tags "". I can see that it fails when some extra characters show up after the security context token close tag. The extra characters are different every time the error happens.

我一直在对我的cookie进行更多测试,我可以看到每次请求我的fedauth cookie变得越来越大。这可能是部分或全部问题。最终,随机的东西会附加一些不好的字符。令牌以这些关闭标签“”结束。我可以看到,在安全上下文令牌关闭标记之后出现一些额外的字符时,它会失败。每次发生错误时,额外字符都不同。

2 个解决方案

#1


3  

Figured it out. Opps... programmer error...

弄清楚了。 Opps ...程序员错误......

When users first log into my application I pull some role information from my database and create claims for them. I was re-adding these claims every time, so my session token was growing... and growing... eventually this was causing the token to split over 2, 3, 4, 5, 6 cookies and eventually something was just choking on this. I am no longer adding the claims every time. No longer seeing this issue.

当用户首次登录我的应用程序时,我会从我的数据库中提取一些角色信息并为其创建声明。我每次都重新添加这些声明,所以我的会话令牌正在增长......并且正在增长...最终这导致令牌分裂2,3,4,5,6个cookie并且最终有些东西只是窒息这个。我不再每次都添加索赔。不再看到这个问题。

Thanks for all your help.

感谢你的帮助。

#2


1  

I had a similar error message using base64 to encode parameters in a query string, I had a %3d which showed fine in the query string, but asp.net was converting it to an = sign when I retreived it in code. I solved it by calling Server.UrlEncode() before decrypting the base64. It could be the base64 value in the cookie is being decoded before being decrypted.

我有一个类似的错误消息使用base64来编码查询字符串中的参数,我有一个%3d在查询字符串中显示正常,但是当我在代码中检索它时,asp.net将其转换为=符号。我在解密base64之前通过调用Server.UrlEncode()来解决它。可能是cookie中的base64值在被解密之前被解码。

#1


3  

Figured it out. Opps... programmer error...

弄清楚了。 Opps ...程序员错误......

When users first log into my application I pull some role information from my database and create claims for them. I was re-adding these claims every time, so my session token was growing... and growing... eventually this was causing the token to split over 2, 3, 4, 5, 6 cookies and eventually something was just choking on this. I am no longer adding the claims every time. No longer seeing this issue.

当用户首次登录我的应用程序时,我会从我的数据库中提取一些角色信息并为其创建声明。我每次都重新添加这些声明,所以我的会话令牌正在增长......并且正在增长...最终这导致令牌分裂2,3,4,5,6个cookie并且最终有些东西只是窒息这个。我不再每次都添加索赔。不再看到这个问题。

Thanks for all your help.

感谢你的帮助。

#2


1  

I had a similar error message using base64 to encode parameters in a query string, I had a %3d which showed fine in the query string, but asp.net was converting it to an = sign when I retreived it in code. I solved it by calling Server.UrlEncode() before decrypting the base64. It could be the base64 value in the cookie is being decoded before being decrypted.

我有一个类似的错误消息使用base64来编码查询字符串中的参数,我有一个%3d在查询字符串中显示正常,但是当我在代码中检索它时,asp.net将其转换为=符号。我在解密base64之前通过调用Server.UrlEncode()来解决它。可能是cookie中的base64值在被解密之前被解码。