Asp.net core 如何在OpenIdConnect令牌处理程序中访问会话
我有一个ASP.NET Core 2.1 MVC应用程序,我在其中配置了OpenIdConnect提供程序进行身份验证。Startup类如下所示:Asp.net core 如何在OpenIdConnect令牌处理程序中访问会话,asp.net-core,Asp.net Core,我有一个ASP.NET Core 2.1 MVC应用程序,我在其中配置了OpenIdConnect提供程序进行身份验证。Startup类如下所示: public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { // This lambda deter
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
// Set a short timeout for easy testing.
options.IdleTimeout = TimeSpan.FromSeconds(1200);
options.Cookie.HttpOnly = true;
});
services.AddHttpContextAccessor();
services.TryAddSingleton<IActionContextAccessor, ActionContextAccessor>();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IClientDataHandler, ClientDataHandler>();
services.AddAuthentication(options => .AddOpenIdConnect("oidc", options =>
{
...
options.Events.OnTokenValidated = async x =>
{
var serviceScopeFactory = services.BuildServiceProvider().GetRequiredService<IServiceScopeFactory>();
...
await x.HttpContext.Session.LoadAsync(new CancellationToken()); --does NOT work
x.HttpContext.Session.Set("clients", Utils.ObjectToByteArray(someData)); --does NOT work
};}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSession();
app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
public void配置服务(IServiceCollection服务)
{
配置(选项=>
{
//此lambda确定给定请求是否需要非必要cookie的用户同意。
options.checkApprovered=context=>false;
options.MinimumSameSitePolicy=SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
AddDistributedMemoryCache();
services.AddSession(选项=>
{
//设置一个较短的超时时间以便于测试。
options.IdleTimeout=TimeSpan.FromSeconds(1200);
options.Cookie.HttpOnly=true;
});
AddHttpContextAccessor();
services.TryAddSingleton();
services.AddSingleton();
services.AddTransient();
services.AddAuthentication(选项=>.AddOpenIdConnect(“oidc”),选项=>
{
...
options.Events.OnTokenValidated=异步x=>
{
var serviceScopeFactory=services.BuildServiceProvider().GetRequiredService();
...
wait x.HttpContext.Session.LoadAsync(new CancellationToken());--不工作
x、 HttpContext.Session.Set(“客户端”,Utils.ObjectToByteArray(someData));--不工作
};}
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
其他的
{
app.UseExceptionHandler(“/Home/Error”);
app.UseHsts();
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSession();
app.UseCookiePolicy();
app.UseMvc(路由=>
{
routes.MapRoute(
名称:“默认”,
模板:“{controller=Home}/{action=Index}/{id?}”);
});
}
虽然这允许我在任何控制器或服务中使用HttpContext.Session(通过注入IHttpContextAccessor),但我不能在TokenValidated事件处理程序中使用该会话。有帮助吗
提前感谢。您不应该在事件处理程序中生成服务提供程序。这不会在启动时执行。它会在生成服务提供程序很久之后,由身份验证处理程序在每次请求时执行
options.Events.OnTokenValidated = async context =>
{
// don't do this...service provider is already built
var serviceScopeFactory = services.BuildServiceProvider().GetRequiredService<IServiceScopeFactory>();
};
将app.UseSession();
移到app.UseAuthentication();
上方。
options.Events.OnTokenValidated = async context =>
{
var serviceScopeFactory = context.HttpContext.RequestServices.GetRequiredService<IServiceScopeFactory>();
};