C# 重定向操作启动新会话
我有一个在我的用户中登录的控制器。假设它是一个现有用户,并且密码正确,我检查他们是否启用了2fa AccountControler登录方法C# 重定向操作启动新会话,c#,asp.net-core,.net-core,identityserver4,two-factor-authentication,C#,Asp.net Core,.net Core,Identityserver4,Two Factor Authentication,我有一个在我的用户中登录的控制器。假设它是一个现有用户,并且密码正确,我检查他们是否启用了2fa AccountControler登录方法 public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null) { ViewData["ReturnUrl"] = returnUrl; if (ModelState.IsValid)
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, _configurationSettings.LockoutOnFailure);
if (result.Succeeded)
{
var user = await _userManager.FindByEmailAsync(model.Email);
await _signInManager.SignInAsync(user, _configurationSettings.IsPersistent);
_logger.LogInformation("User logged in.");
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToAction(nameof(Lockout));
}
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
// If we got this far, something failed, redisplay form
return View(model);
}
如何调用RedirectToAction并保留相同的会话
我一直在关注这个项目
更新:关于HttpContext的评论
谢谢@muqeetkhan给我的提示。因为我使用的是自定义SignInManager,所以需要设置适当的会话cookies,以便将用户数据传播到下一页
public class ApplicationSignInManager : SignInManager<ApplicationUser>
{
private readonly ILogger _logger;
public ApplicationSignInManager(UserManager<ApplicationUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<ApplicationUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor,
ILogger<ApplicationSignInManager> logger, IAuthenticationSchemeProvider schemes) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
{
_logger = logger;
}
public override async Task<SignInResult> PasswordSignInAsync(string userEmail, string password, bool isPersistent, bool shouldLockout)
{
if (UserManager == null)
return SignInResult.Failed;
var result = await new FindUserCommand(_logger, UserManager, userEmail, password, shouldLockout).Execute();
if (result != SignInResult.TwoFactorRequired) return result;
var user = await UserManager.FindByEmailAsync(userEmail);
return await SignInOrTwoFactorAsync(user, true); // Required sets the session Cookie
}
}
公共类应用程序SignInManager:SignInManager
{
专用只读ILogger\u记录器;
公共应用程序SigninManager(UserManager UserManager、IHttpContextAccessor contextAccessor、IUserClaimsPrincipalFactory claimsFactory、IOOptions Accessor、,
ILogger logger、IAuthenticationSchemeProvider schemes):基本(用户管理器、上下文访问器、claimsFactory、OptionAccessor、logger、schemes)
{
_记录器=记录器;
}
public override异步任务PasswordSignInAsync(字符串userEmail、字符串password、bool ispersist、bool shouldllockout)
{
if(UserManager==null)
返回信号结果失败;
var result=wait new FindUserCommand(_logger,UserManager,userEmail,password,shouldllockout)。Execute();
if(result!=SignInResult.TwoFactorRequired)返回结果;
var user=await UserManager.findbyemailsync(userEmail);
return wait SignInOrTwoFactorAsync(user,true);//必需设置会话Cookie
}
}
基本上
SignInOrTwoFactorAsync(用户,true)需要调用code>。作用域请求仅适用于当前请求。通过使用RedirectToAction
,您将302发送回浏览器,然后浏览器会向您的新操作发出新请求,从而创建一个新范围。UseTwoFactorSignInCookie(…)代码>是否存在于您的解决方案中?@Mackan我认为ASP.NET Core不需要这样做。@serpent5啊,Core。我太落后了。返回identity 2纯粹为了进行诊断,请查看运行wait HttpContext.authenticateSync(IdentityConstants.TwoFactorUserIdScheme)返回的值LoginWith2fa
-这是null
?这是第一个调用,本质上是在gettwactorauthenticationuserasync
中进行的第一个调用。
services.AddIdentity<ApplicationUser, IdentityRole<long>>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddSignInManager<ApplicationSignInManager>()
.AddDefaultTokenProviders();
public class ApplicationSignInManager : SignInManager<ApplicationUser>
{
private readonly ILogger _logger;
public ApplicationSignInManager(UserManager<ApplicationUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<ApplicationUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor,
ILogger<ApplicationSignInManager> logger, IAuthenticationSchemeProvider schemes) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
{
_logger = logger;
}
public override async Task<SignInResult> PasswordSignInAsync(string userEmail, string password, bool isPersistent, bool shouldLockout)
{
if (UserManager == null)
return SignInResult.Failed;
var result = await new FindUserCommand(_logger, UserManager, userEmail, password, shouldLockout).Execute();
if (result != SignInResult.TwoFactorRequired) return result;
var user = await UserManager.FindByEmailAsync(userEmail);
return await SignInOrTwoFactorAsync(user, true); // Required sets the session Cookie
}
}