OnValidateIdentity会话为空-Mvc Owin [英] OnValidateIdentity session is null - Mvc Owin

问题描述

当前，访问OnValidateIdentity中的Session时遇到问题-HttpContext.Current.Session为null.我怎么了我的申请如下: -我有2个项目:Mvc与WebApi -我希望用户在更改密码后注销->更改安全标记. -我实现为:Mvc项目将验证用户请求时更改的SecurityStamp.我将从其他webapi网站获得SecurityStamp.这意味着我的mvc无法通过webapi直接访问数据库.而且我必须在authorize标头中输入令牌，才能从webapi获得安全性标记.但是，我无法从session访问令牌，成功登录后，我将令牌存储在Session中.代码示例:

Currently, I have problems when access Session in OnValidateIdentity - HttpContext.Current.Session is null. What's I wrong . My application as below: - I have 2 project : Mvc vs WebApi - I want user will logout when I changed password -> change security stamp. - I implement as: The Mvc Project will validate SecurityStamp changed when user request. And I'm will get SecurityStamp from other webapi website . This mean My mvc not access directly to database that through out webapi. And I'm must be input token in authorize header to get securitystamp from webapi. But, I can't access token from session , when I login successfully I stored the token in the Session. Code example:

public void ConfigureAuthentication(IAppBuilder app)
    {            
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            CookieSecure = CookieSecureOption.SameAsRequest,
            LoginPath = new PathString("/Home"),
            LogoutPath = new PathString("/Account/Logout"),
            ExpireTimeSpan = TimeSpan.FromMinutes(30),
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity = async ctx =>
                {
                    var claim = ctx.Identity.FindFirst("SecurityStamp");
                    var accessToken = HttpContext.Current.Session["token"].ToString();

                    using (HttpClient httpClient = new HttpClient())
                    {
                        // Used accessToken variable for httpClient
                        // TODO Get security stamp from webapi . Ex :
                        string securityStampWebApi = "demo";
                        if (securityStampWebApi != claim.Value)
                        {
                            ctx.RejectIdentity();
                        }
                    }
                }
            }
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    }

建议其他实施方式以结束此案.

suggestion other implementaion to I can finish this case.

推荐答案

cookie中间件在IIS管道中的身份验证阶段运行，该阶段在HttpContext或会话状态可用之前.因此，您将需要没有它的工作.

The cookie middleware runs at the authenticate stage in the IIS pipeline, which is prior to HttpContextor session state being made available. So you will need to work without it.

这篇关于OnValidateIdentity会话为空-Mvc Owin的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！