I am using ASP.Net core MVC 6, I am trying to get the user redirected to the login page if they are not authenticated.
我用ASP。netcore MVC 6,我正在尝试让用户重定向到登录页面,如果他们没有经过身份验证。
I cant seem to get it to work, currently the user just gets a blank page.
我似乎无法让它工作,目前用户只得到一个空白页。
Below is my ConfigureServices method in Startup.cs
以下是我在startup.c的配置服务方法。
public void ConfigureServices(IServiceCollection services) {
// Add framework services.
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))
);
services.AddIdentity<ApplicationUser, IdentityRole>(options => {
// configure identity options
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireUppercase = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequiredLength = 7;
options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
options.Cookies.ApplicationCookie.AutomaticChallenge = true;
options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";
// User settings
options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddMvc();
// Add application services.
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
}
2 个解决方案
#1
1
I was just wrestling with this myself and I've come to the conclusion that there seems to be an issue in the latest version of the "Microsoft.AspNetCore.Identity.EntityFrameworkCore" dependency.
我自己也在纠结这个问题,我得出的结论是,在最新版本的“Microsoft.AspNetCore.Identity”中似乎存在一个问题。EntityFrameworkCore”的依赖。
I was originally using version 1.1.0 but after lots of debugging, owin middleware logging etc, I came to the conclusion that I wasn't doing anything wrong. I checked:
我最初使用的是1.1.0版本,但是经过大量的调试,owin中间件日志等,我得出了我没有做错任何事情的结论。我检查:
- Authorize attribute worked and blocked the request
- 授权属性工作并阻止请求。
-
Added event handlers (OnRedirectToLogin) as below to verify the redirect URL (this was only for debugging)
在下面添加事件处理程序(OnRedirectToLogin),以验证重定向URL(这只是用于调试)
options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents { OnRedirectToLogin = evt => { evt.Response.Redirect(evt.RedirectUri); // this url is correct, but the redirect never happens!?? return Task.FromResult(0); } };
The resolution: I rolled back my package to the version 1.0.1 and then the redirects kicked in as expected - to the URL defined in Startup.cs in the LoginPath setting
解决方案:我将我的包回滚到版本1.0.1,然后重定向按预期的方式启动——到启动时定义的URL。在登录路径设置中的cs。
options.Cookies.ApplicationCookie.LoginPath = new PathString("/Auth/Login");
To clarify, THIS version works: Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.1"
要澄清,这个版本的工作是:Microsoft.AspNetCore.Identity。EntityFrameworkCore 1.0.1“:
I'm going to raise a bug with the ASPNETCORE team for investigation as regards to the 1.1.0 version.
关于1.1.0版,我将向ASPNETCORE团队提出一个问题。
#2
3
Same problem here. A quick fix while this problem is solved:
同样的问题在这里。解决这个问题的一个捷径:
public class LogInRequiredFilter : IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext context)
{
if (!AttributeManager.HasAttribute(context, typeof(LogInRequired))) return;
if (context.HttpContext.User.Identity.IsAuthenticated) return;
context.Result = new RedirectResult("/login?ReturnUrl=" + Uri.EscapeDataString(context.HttpContext.Request.Path));
}
}
public class LogInRequired : Attribute
{
public LogInRequired()
{
}
}
And then in your controller:
然后在控制器中:
[HttpGet, LogInRequired]
public IActionResult
return View();
}
This will redirect you to your login page and afterwards it redirects you to the original page you wanted to access.
这将重定向到您的登录页面,然后它会将您重定向到您想要访问的原始页面。
Attribute manager code:
属性管理器代码:
public static Boolean HasAttribute(AuthorizationFilterContext context, Type targetAttribute)
{
var hasAttribute = false;
var controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
if (controllerActionDescriptor != null)
{
hasAttribute = controllerActionDescriptor
.MethodInfo
.GetCustomAttributes(targetAttribute, false).Any();
}
return hasAttribute;
}
#1
1
I was just wrestling with this myself and I've come to the conclusion that there seems to be an issue in the latest version of the "Microsoft.AspNetCore.Identity.EntityFrameworkCore" dependency.
我自己也在纠结这个问题,我得出的结论是,在最新版本的“Microsoft.AspNetCore.Identity”中似乎存在一个问题。EntityFrameworkCore”的依赖。
I was originally using version 1.1.0 but after lots of debugging, owin middleware logging etc, I came to the conclusion that I wasn't doing anything wrong. I checked:
我最初使用的是1.1.0版本,但是经过大量的调试,owin中间件日志等,我得出了我没有做错任何事情的结论。我检查:
- Authorize attribute worked and blocked the request
- 授权属性工作并阻止请求。
-
Added event handlers (OnRedirectToLogin) as below to verify the redirect URL (this was only for debugging)
在下面添加事件处理程序(OnRedirectToLogin),以验证重定向URL(这只是用于调试)
options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents { OnRedirectToLogin = evt => { evt.Response.Redirect(evt.RedirectUri); // this url is correct, but the redirect never happens!?? return Task.FromResult(0); } };
The resolution: I rolled back my package to the version 1.0.1 and then the redirects kicked in as expected - to the URL defined in Startup.cs in the LoginPath setting
解决方案:我将我的包回滚到版本1.0.1,然后重定向按预期的方式启动——到启动时定义的URL。在登录路径设置中的cs。
options.Cookies.ApplicationCookie.LoginPath = new PathString("/Auth/Login");
To clarify, THIS version works: Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.1"
要澄清,这个版本的工作是:Microsoft.AspNetCore.Identity。EntityFrameworkCore 1.0.1“:
I'm going to raise a bug with the ASPNETCORE team for investigation as regards to the 1.1.0 version.
关于1.1.0版,我将向ASPNETCORE团队提出一个问题。
#2
3
Same problem here. A quick fix while this problem is solved:
同样的问题在这里。解决这个问题的一个捷径:
public class LogInRequiredFilter : IAuthorizationFilter
{
public void OnAuthorization(AuthorizationFilterContext context)
{
if (!AttributeManager.HasAttribute(context, typeof(LogInRequired))) return;
if (context.HttpContext.User.Identity.IsAuthenticated) return;
context.Result = new RedirectResult("/login?ReturnUrl=" + Uri.EscapeDataString(context.HttpContext.Request.Path));
}
}
public class LogInRequired : Attribute
{
public LogInRequired()
{
}
}
And then in your controller:
然后在控制器中:
[HttpGet, LogInRequired]
public IActionResult
return View();
}
This will redirect you to your login page and afterwards it redirects you to the original page you wanted to access.
这将重定向到您的登录页面,然后它会将您重定向到您想要访问的原始页面。
Attribute manager code:
属性管理器代码:
public static Boolean HasAttribute(AuthorizationFilterContext context, Type targetAttribute)
{
var hasAttribute = false;
var controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
if (controllerActionDescriptor != null)
{
hasAttribute = controllerActionDescriptor
.MethodInfo
.GetCustomAttributes(targetAttribute, false).Any();
}
return hasAttribute;
}