编程语言
首页 > 编程语言> > c# – Owin:多次调用OnApplyRedirect并创建不正确的RedirectUri

c# – Owin:多次调用OnApplyRedirect并创建不正确的RedirectUri

作者:互联网

我在我的应用程序中使用了带有owin的CookieAuthentication,并在OnApplyRedirect上设置了重定向url,如下面的代码:

 app.UseCookieAuthentication(new CookieAuthenticationOptions
 {
     ExpireTimeSpan = TimeSpan.FromDays(30),
     AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
     LoginPath = new PathString("/account/sign-in"),
     //LogoutPath = new PathString("/account/log-out"),
     ReturnUrlParameter = "returnTo",
     CookieName = "BIR",
     Provider = new CookieAuthenticationProvider()
     {
         OnValidateIdentity = SmObjectFactory.Container.GetInstance<IAppUserManager>().OnValidateIdentity(),
         OnApplyRedirect = c =>
         {
             if (!c.Request.IsAjaxCall())
             {
                 c.Response.Redirect(c.RedirectUri);
             }
         }
     }
 });

我的问题是c.RedirectUri值,我设置断点并跟踪我的代码后,我明白OnApplyRedirect称为几个时间.

在First调用RedirectUri是:

http://localhost:7537/account/sign-in?returnTo=%2Fadmin-panel

在第二次调用RedirectUri是:

http://localhost:7537/account/sign-in?returnTo=%2Faccount%2Fsign-in%3FreturnTo%3D%252Fadmin-panel

和更多 …

在预调用旧网址添加新网址.
我试着解决这个问题,在另一个当前网站上搜索和研究但是没有找到答案,为什么OnApplyRedirect会多次调用?
Startup.cs类中的配置方法只调用一次.
其他详情 :

> Owin版本:3.1.0
> ASP.NET MVC版本:5.x
> Visual Studio版本:2017(15.2)

Startup class in gist

解决方法:

使用提供的auth into,我能够通过在简单的自动生成的OWIN项目的SignIn操作上注释掉[AllowAnonymous]来重现问题.

因此,您的情况很可能是由于在用于匿名访问时需要身份验证的登录操作,从而导致无限循环的重定向将失败.

在以下控制器中,需要授权才能访问其管理面板,这将导致您遇到的问题.

[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
    [Route("sign-in")]        
    public ActionResult Signin(string returnTo) {            
        ViewBag.ReturnTo = returnTo;
        return View(new LoginViewModel { RememberMe = true });
    }    

    [Route("admin-panel")]
    public Action AdminPanel() {
        return View();
    }
}

所有登录,帐户验证和密码恢复操作都应使用[AllowAnonymous]属性进行标记,以允许匿名访问,如果它们位于[Authorize]控制器中

[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
    [AllowAnonymous]
    [Route("sign-in")]        
    public ActionResult Signin(string returnTo) {            
        ViewBag.ReturnTo= returnTo;
        return View(new LoginViewModel { RememberMe = true });
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    [Route("sign-in")]   
    public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
        //...
    }

    [Route("admin-panel")]
    public Action AdminPanel() {
        return View();
    }
}

或者应该移动到未使用[Authorize]属性标记的控制器.

[Authorize]
public class AccountController : Controller {
    [Route("account/admin-panel")]
    public Action AdminPanel() {
        return View();
    }
}

public class AuthenticationController : Controller {
    [Route("account/sign-in")]        
    public ActionResult Signin(string returnTo) {            
        ViewBag.ReturnTo= returnTo;
        return View(new LoginViewModel { RememberMe = true });
    }

    [HttpPost]
    [ValidateAntiForgeryToken]
    [Route("account/sign-in")]   
    public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
        //...
    }
}

标签:c,asp-net-mvc,owin,asp-net-identity,url-redirection
来源: https://codeday.me/bug/20190701/1349355.html