使用登录管理器成功登录后，用户仍显示为已注销? [英] After successful signin with signin manager user is still shown as signed out?

问题描述

我已经将Asp.Net身份框架添加到了我从前端调用的WebAPI中.

I have added the Asp.Net identity framework to a WebAPI which I call from a front end.

注册帐户(并在数据库中看到正确显示的帐户)后，我使用该用户名和密码登录，结果是成功，但用户未按照登录管理器登录?

After registering an account (and seeing it appear correctly in the database) I sign in with that users username and password, the result is success but the user is not signed in according to the sign in manager?

我已尝试通过以下示例使用Cookie身份验证:

I've tried using cookie authentication using this example: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x (adding the code snippets to the webapi) and running this on sign in which happens in a WebAPI controller action:

        var result = await signInManager.PasswordSignInAsync
                                           (username, password,
                                             true, false); //succeeded
        await HttpContext.SignInAsync("MyCookieAuthenticationScheme", User);

推荐答案

The documentation for BaseController explains that the User property:

获取或设置与执行操作相关联的用户的System.Security.Claims.ClaimsPrincipal.

Gets or sets the System.Security.Claims.ClaimsPrincipal for user associated with the executing action.

这表明 User 是在执行操作之前确定的，因此仅表示首先发起请求的用户(如果您使用密码登录，则很可能是经过身份验证的用户).

This suggests that User is determined ahead of the action being executed and therefore simply represents the user that first initiated the request (which most likely will be an authenticated user if you're using password sign ins).

在围绕类似情况的Github 问题中，David Fowler解释说:

In a Github issue that revolves around a similar scenario, David Fowler explains that:

...登录操作不会更改当前请求用户主体.只有设置了cookie或不记名令牌(或创建身份的身份验证所需的任何内容)后，才会在传入请求中发生这种情况.

...the sign in operation doesn't change the current request user principal. That only happens on incoming requests once the cookie or bearer token (or whatever thing the type of auth requires to create an identity) is set.

IdentityResult.Succeeded 为 true 的事实应足以验证用户是否已登录，因为这只会是 false 登录操作失败时.如果要在成功登录后使用 User 属性进行进一步处理，建议您重定向到另一个操作，该下一个请求将包括用户的登录信息.

The fact that IdentityResult.Succeeded is true should be enough to verify that the user has been signed in, as this will only be false when the sign in operation fails. If you want to do further processing using the User property after a successful sign in, I suggest you redirect to another action, whereby this next request would include the user's sign-in information.

这篇关于使用登录管理器成功登录后，用户仍显示为已注销?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！