C# Owin:OnApplyRedirect多次调用并创建了错误的重定向URI
我在带有owin的应用程序中使用CookieAuthentication,并在C# Owin:OnApplyRedirect多次调用并创建了错误的重定向URI,c#,asp.net-mvc,asp.net-identity,owin,url-redirection,C#,Asp.net Mvc,Asp.net Identity,Owin,Url Redirection,我在带有owin的应用程序中使用CookieAuthentication,并在OnApplyRedirect上设置重定向url,如下代码所示: app.UseCookieAuthentication(new CookieAuthenticationOptions { ExpireTimeSpan = TimeSpan.FromDays(30), AuthenticationType = DefaultAuthenticationTypes.ApplicationCooki
OnApplyRedirect
上设置重定向url,如下代码所示:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromDays(30),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/sign-in"),
//LogoutPath = new PathString("/account/log-out"),
ReturnUrlParameter = "returnTo",
CookieName = "BIR",
Provider = new CookieAuthenticationProvider()
{
OnValidateIdentity = SmObjectFactory.Container.GetInstance<IAppUserManager>().OnValidateIdentity(),
OnApplyRedirect = c =>
{
if (!c.Request.IsAjaxCall())
{
c.Response.Redirect(c.RedirectUri);
}
}
}
});
app.UseCookieAuthentication(新的CookieAuthenticationOptions
{
ExpireTimeSpan=时间跨度从天(30),
AuthenticationType=DefaultAuthenticationTypes.ApplicationOkie,
LoginPath=新路径字符串(“/account/sign-in”),
//LogoutPath=新路径字符串(“/account/logout”),
ReturnUrlParameter=“returnTo”,
CookieName=“BIR”,
Provider=新CookieAuthenticationProvider()
{
OnValidateIdentity=SmObjectFactory.Container.GetInstance().OnValidateIdentity(),
OnApplyRedirect=c=>
{
如果(!c.Request.IsAjaxCall())
{
c、 Response.Redirect(c.RedirectUri);
}
}
}
});
我的问题是c.RedirectUri
值,我设置了断点并跟踪我的代码。我知道OnApplyRedirect
称为服务器时间
在第一次调用中,重定向URI是:
http://localhost:7537/account/sign-在?返回到=%2管理面板中
在第二个调用中,重定向URI是:
http://localhost:7537/account/sign-in?返回到=%2帐户%2登录%3返回到%3%252 FADMIN面板
还有更多
在预调用旧url中添加新url。
我试图解决这个问题,在另一个和当前的网站上搜索和研究,但没有找到答案,为什么要打几次电话?
Startup.cs
类中的Configuration
方法只调用一次。
其他详情:
- Owin版本:3.1.0
- ASP.NET MVC版本:5.x
- Visual Studio版本:2017(15.2)
签名操作上注释[AllowAnonymous]
来重现问题
因此,您的情况很可能是由于登录操作在用于匿名访问时需要身份验证,从而导致无限循环的重定向失败
在以下需要授权才能访问其管理面板的控制器中,可能会导致您遇到问题
[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
[Route("sign-in")]
public ActionResult Signin(string returnTo) {
ViewBag.ReturnTo = returnTo;
return View(new LoginViewModel { RememberMe = true });
}
[Route("admin-panel")]
public Action AdminPanel() {
return View();
}
}
所有登录、帐户验证和密码恢复操作都应标记有[AllowAnonymous]
属性,以便在[Authorize]
控制器内允许匿名访问
[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
[AllowAnonymous]
[Route("sign-in")]
public ActionResult Signin(string returnTo) {
ViewBag.ReturnTo= returnTo;
return View(new LoginViewModel { RememberMe = true });
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
[Route("sign-in")]
public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
//...
}
[Route("admin-panel")]
public Action AdminPanel() {
return View();
}
}
只是为了确保/account/sign-in
不需要身份验证。i、 e.它用[AllowAnonymous]
[Authorize]
public class AccountController : Controller {
[Route("account/admin-panel")]
public Action AdminPanel() {
return View();
}
}
public class AuthenticationController : Controller {
[Route("account/sign-in")]
public ActionResult Signin(string returnTo) {
ViewBag.ReturnTo= returnTo;
return View(new LoginViewModel { RememberMe = true });
}
[HttpPost]
[ValidateAntiForgeryToken]
[Route("account/sign-in")]
public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
//...
}
}