应用添加Oauth后重定向到Account / AccessDenied [英] App redirects to Account/AccessDenied on adding Oauth

问题描述

我偶然发现了一个问题，即在向当前登录用户添加社交媒体身份验证后，应用程序不一致地将用户重定向到 Account / AccessDenied / 。第一次登录时似乎可以正常工作，然后尝试添加其他身份验证方法，将用户返回到 Account / AccessDenied？ReturnUrl =％2Fmanage％2Flinklogincallback 。

I've stumbled upon an issue where inconsistently the application redirects the user to Account/AccessDenied/ upon adding a social media authentication to the current logged in user. It seems to work the first time the user is logged in, then by trying to add another authentication method it returns the user to Account/AccessDenied?ReturnUrl=%2Fmanage%2Flinklogincallback.

我的猜测是[Authorize]属性出了问题，但这只是我第二次尝试添加外部身份验证方法。

My guess is that something is going wrong with the [Authorize] attribute, but only the second time I try adding external authentication method.

ManageController

[Authorize]
public class ManageController : Controller
{
    //
    // POST: /Manage/LinkLogin
    [HttpPost]
    [ValidateAntiForgeryToken]
    public IActionResult LinkLogin(string provider)
    {
        // Request a redirect to the external login provider to link a login for the current user
        var redirectUrl = Url.Action("LinkLoginCallback", "Manage");
        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl, _userManager.GetUserId(User));
        return Challenge(properties, provider);
    }

    //
    // GET: /Manage/LinkLoginCallback
    [HttpGet]
    public async Task<ActionResult> LinkLoginCallback()
    {
        var user = await GetCurrentUserAsync();
        if (user == null)
        {
            return View("Error");
        }
        var info = await _signInManager.GetExternalLoginInfoAsync(await _userManager.GetUserIdAsync(user));
        if (info == null)
        {
            return RedirectToAction(nameof(ManageLogins), new { Message = ManageMessageId.Error });
        }
        var result = await _userManager.AddLoginAsync(user, info);
        var message = result.Succeeded ? ManageMessageId.AddLoginSuccess : ManageMessageId.Error;
        return RedirectToAction(nameof(ManageLogins), new { Message = message });
    }
}

可能是startup.cs的顺序

Could it be the order of how startup.cs is arranged?

这是请求/响应

推荐答案

我已经被从事安全性仓库工作的aspnet团队确认这是一个错误（请参见问题），并解决直到下一个版本。
一个临时的解决方法是设置名为

I've got confirmed by aspnet team working on Security repo that this is a bug (see this issue) and resolved until next release. A temporary workaround is to set a cookie named

Identity.External

Identity.External

的cookie

为空，这是在向您的帐户添加外部登录名后创建的。

to null, which is created upon adding external login to your account.

if (Request.Cookies["Identity.External"] != null)
{
     Response.Cookies.Delete("Identity.External"); 
}

这篇关于应用添加Oauth后重定向到Account / AccessDenied的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！