添加 Oauth 时，应用程序重定向到 Account/AccessDenied [英] App redirects to Account/AccessDenied on adding Oauth

问题描述

我偶然发现了一个问题，即在向当前登录的用户添加社交媒体身份验证后，应用程序不一致地将用户重定向到 Account/AccessDenied/.它似乎在用户第一次登录时起作用，然后通过尝试添加另一种身份验证方法将用户返回到 Account/AccessDenied?ReturnUrl=%2Fmanage%2Flinklogincallback.

I've stumbled upon an issue where inconsistently the application redirects the user to Account/AccessDenied/ upon adding a social media authentication to the current logged in user. It seems to work the first time the user is logged in, then by trying to add another authentication method it returns the user to Account/AccessDenied?ReturnUrl=%2Fmanage%2Flinklogincallback.

我的猜测是 [Authorize] 属性出了问题，但我第二次尝试添加外部身份验证方法.

My guess is that something is going wrong with the [Authorize] attribute, but only the second time I try adding external authentication method.

管理控制器

[Authorize]
public class ManageController : Controller
{
    //
    // POST: /Manage/LinkLogin
    [HttpPost]
    [ValidateAntiForgeryToken]
    public IActionResult LinkLogin(string provider)
    {
        // Request a redirect to the external login provider to link a login for the current user
        var redirectUrl = Url.Action("LinkLoginCallback", "Manage");
        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl, _userManager.GetUserId(User));
        return Challenge(properties, provider);
    }

    //
    // GET: /Manage/LinkLoginCallback
    [HttpGet]
    public async Task<ActionResult> LinkLoginCallback()
    {
        var user = await GetCurrentUserAsync();
        if (user == null)
        {
            return View("Error");
        }
        var info = await _signInManager.GetExternalLoginInfoAsync(await _userManager.GetUserIdAsync(user));
        if (info == null)
        {
            return RedirectToAction(nameof(ManageLogins), new { Message = ManageMessageId.Error });
        }
        var result = await _userManager.AddLoginAsync(user, info);
        var message = result.Succeeded ? ManageMessageId.AddLoginSuccess : ManageMessageId.Error;
        return RedirectToAction(nameof(ManageLogins), new { Message = message });
    }
}

会不会是startup.cs的排列顺序?

Could it be the order of how startup.cs is arranged?

这是请求/响应

推荐答案

我已经从负责安全存储库的 aspnet 团队确认这是一个错误(请参阅此 issue) 并在下一个版本之前解决.一个临时的解决方法是设置一个名为

I've got confirmed by aspnet team working on Security repo that this is a bug (see this issue) and resolved until next release. A temporary workaround is to set a cookie named

身份.外部

为 null，这是在向您的帐户添加外部登录时创建的.

to null, which is created upon adding external login to your account.

if (Request.Cookies["Identity.External"] != null)
{
     Response.Cookies.Delete("Identity.External"); 
}

这篇关于添加 Oauth 时，应用程序重定向到 Account/AccessDenied的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！