我有一个网站是我们基于WIF的自定义STS的依赖方.我们最近实现了一个安全令牌缓存,如下所述:Azure/web-farm ready SecurityTokenCache.我们的实现与该链接中描述的实现之间的主要区别在于,我们使用Azure AppFabric缓存作为持久缓存的后备存储,而不是表存储.这有助于减轻我们在某些浏览器上的令牌截断问题,但引入了一个新问题(我们看到截断问题主要是在除了fedauth cookie之外还有谷歌分析+防伪cookie的页面上).我们现在每天收到几千次以下异常:
System.IdentityModel.Tokens.SecurityTokenException
ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
System.IdentityModel.Tokens.SecurityTokenException: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
at Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
at Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver)
at Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie)
at Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken)
at Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep …我们的网站上都有一个自定义STS,它们都运行在Windows Azure中.STS是ASP.NET 4.0,站点是MVC3.在过去的几天里,我开始看到我们的诊断日志中出现了以下异常中的一小部分:
System.Xml.XmlException: Unexpected end of file. at System.Xml.EncodingStreamWrapper.ProcessBuffer(Byte[] buffer, Int32 offset, Int32 count, Encoding encoding) at System.Xml.XmlUTF8TextReader.SetInput(Byte[] buffer, Int32 offset, Int32 count, Encoding encoding, XmlDictionaryReaderQuotas quotas, OnXmlDictionaryReaderClose onClose) at System.Xml.XmlDictionaryReader.CreateTextReader(Byte[] buffer, Int32 offset, Int32 count, Encoding encoding, XmlDictionaryReaderQuotas quotas, OnXmlDictionaryReaderClose onClose) at System.Xml.XmlDictionaryReader.CreateTextReader(Byte[] buffer, Int32 offset, Int32 count, XmlDictionaryReaderQuotas quotas) at Microsoft.IdentityModel.Web.SessionAuthenticationModule.GetKeyId(Byte[] sessionCookie) at Microsoft.IdentityModel.Web.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) at Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) at Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously
我不知道最终用户是否有任何影响,或者可能导致什么问题.如果有人可以对这个例外情况有所了解,以及我将来可能做些什么来防止这种情况,我会很高兴.