c# – Owin:多次调用OnApplyRedirect并创建不正确的RedirectUri
作者:互联网
我在我的应用程序中使用了带有owin的CookieAuthentication,并在OnApplyRedirect上设置了重定向url,如下面的代码:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromDays(30),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/sign-in"),
//LogoutPath = new PathString("/account/log-out"),
ReturnUrlParameter = "returnTo",
CookieName = "BIR",
Provider = new CookieAuthenticationProvider()
{
OnValidateIdentity = SmObjectFactory.Container.GetInstance<IAppUserManager>().OnValidateIdentity(),
OnApplyRedirect = c =>
{
if (!c.Request.IsAjaxCall())
{
c.Response.Redirect(c.RedirectUri);
}
}
}
});
我的问题是c.RedirectUri值,我设置断点并跟踪我的代码后,我明白OnApplyRedirect称为几个时间.
在First调用RedirectUri是:
http://localhost:7537/account/sign-in?returnTo=%2Fadmin-panel
在第二次调用RedirectUri是:
http://localhost:7537/account/sign-in?returnTo=%2Faccount%2Fsign-in%3FreturnTo%3D%252Fadmin-panel
和更多 …
在预调用旧网址添加新网址.
我试着解决这个问题,在另一个当前网站上搜索和研究但是没有找到答案,为什么OnApplyRedirect会多次调用?
Startup.cs类中的配置方法只调用一次.
其他详情 :
> Owin版本:3.1.0
> ASP.NET MVC版本:5.x
> Visual Studio版本:2017(15.2)
解决方法:
使用提供的auth into,我能够通过在简单的自动生成的OWIN项目的SignIn操作上注释掉[AllowAnonymous]来重现问题.
因此,您的情况很可能是由于在用于匿名访问时需要身份验证的登录操作,从而导致无限循环的重定向将失败.
在以下控制器中,需要授权才能访问其管理面板,这将导致您遇到的问题.
[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
[Route("sign-in")]
public ActionResult Signin(string returnTo) {
ViewBag.ReturnTo = returnTo;
return View(new LoginViewModel { RememberMe = true });
}
[Route("admin-panel")]
public Action AdminPanel() {
return View();
}
}
所有登录,帐户验证和密码恢复操作都应使用[AllowAnonymous]属性进行标记,以允许匿名访问,如果它们位于[Authorize]控制器中
[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
[AllowAnonymous]
[Route("sign-in")]
public ActionResult Signin(string returnTo) {
ViewBag.ReturnTo= returnTo;
return View(new LoginViewModel { RememberMe = true });
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
[Route("sign-in")]
public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
//...
}
[Route("admin-panel")]
public Action AdminPanel() {
return View();
}
}
或者应该移动到未使用[Authorize]属性标记的控制器.
[Authorize]
public class AccountController : Controller {
[Route("account/admin-panel")]
public Action AdminPanel() {
return View();
}
}
public class AuthenticationController : Controller {
[Route("account/sign-in")]
public ActionResult Signin(string returnTo) {
ViewBag.ReturnTo= returnTo;
return View(new LoginViewModel { RememberMe = true });
}
[HttpPost]
[ValidateAntiForgeryToken]
[Route("account/sign-in")]
public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
//...
}
}
标签:c,asp-net-mvc,owin,asp-net-identity,url-redirection 来源: https://codeday.me/bug/20190701/1349355.html