Asp.net core Identity 成功登录重定向回登录页面 [英] Asp.net core Identity successful login redirecting back to login page

查看:32
本文介绍了Asp.net core Identity 成功登录重定向回登录页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我遇到了一个问题,即在用户成功登录后,asp.net 身份框架会将用户重定向回登录页面.

I have a problem where the asp.net identity framework is redirecting the user back to the login page after they have logged in successfully.

这是使用标准的 Asp.net Core Identity.它是 2.1.1 版本.生成剃刀页面的脚手架.不确定这是否重要.

This is using the standard Asp.net Core Identity. It is the version 2.1.1. The scaffolding that generates the razor pages. Not sure if that is significant.

我知道用户已成功登录,因为我收到了日志消息

I know the user is successfully logging in because I get the log message

...Areas.Identity.Pages.Account.LoginModel:信息:用户登录.

...Areas.Identity.Pages.Account.LoginModel: Information: User logged in.

但随后它会直接重定向回登录页面.

But then it redirects straight back to the login page.

如果我使用 fiddler,我可以看到请求中有一个 cookie,所以从这个角度来看一切都很好.

If I use fiddler I can see that there is a cookie on the request so it all looks good from that perspective.

.AspNetCore.Identity.Application=CfDJ8KJxkuir9ZJIjFLCU2bzm9n6X...

所以我猜是处理身份验证但不接受 cookie 的中间件?

So I guess the middleware that is handling the authentication but not accepting the cookie?

如果我能看到身份验证的实际中间件在做什么,我可能有一个想法,但我找不到.

If I could see what the actual middleware for the auth was doing I might have an idea but I can't find it.

感谢任何帮助

推荐答案

为了让 ASP.NET Core 管道识别用户已登录,需要调用 UseAuthenticationStartup 类的 Configure 方法,如下所示:

In order to get the ASP.NET Core pipeline to recognise that a user is signed in, a call to UseAuthentication is required in the Configure method of your Startup class, like so:

app.UseAuthentication();
app.UseMvc(); // Order here is important (explained below).

使用 Cookies 身份验证方案,使用 UseAuthentication 松散地执行以下操作:

Using the Cookies authentication scheme, the use of UseAuthentication loosely performs the following:

  • 从请求中读取 .AspNetCore.Identity.Application cookie 的内容,它表示发出请求的用户的身份.
  • 使用代表所述用户的 ClaimsPrincipal 填充 HttpContextUser 属性.
  • Reads the content of the .AspNetCore.Identity.Application cookie from the request, which represents the identity of the user making the request.
  • Populates the User property of HttpContext with a ClaimsPrincipal that represents said user.

这是对所发生情况的简化解释,但它突出了身份验证中间件执行的重要工作.如果没有身份验证中间件,.AspNetCore.Identity.Application 将不会用于对用户进行身份验证,因此不会对用户进行身份验证.在您的情况下,尽管用户已登录(即正在设置 cookie),但管道中间件(例如 MVC)看不到该用户(即未读取 cookie),因此会看到未经身份验证的请求并再次重定向登录.

This is a simplified explanation of what happens, but it highlights the important job that the authentication middleware performs. Without the authentication middleware, the .AspNetCore.Identity.Application will not be used for authenticating the user and therefore the user will not be authenticated. In your case, although the user has signed in (i.e. the cookie is being set), the pipeline middleware (e.g. MVC) does not see this user (i.e. the cookie is not being read) and so sees an unauthenticated request and redirects again for login.

鉴于身份验证中间件读取 cookie 并随后填充 ClaimsPrincipal,应该清楚 UseAuthentication 调用也必须在 beforeUseMvc 调用以使其以正确的顺序发生.否则,MVC 中间件在身份验证中间件之前运行,并且不会与填充的 ClaimsPrincipal 一起工作.

Given that the authentication middleware reads the cookie and subsequently populates the ClaimsPrincipal, it should be clear that the UseAuthentication call must also be before the UseMvc call in order for this to occur in the correct order. Otherwise, the MVC middleware runs before the Authentication middleware and will not be working with a populated ClaimsPrincipal.

为什么不添加处理登录的中间件会登录失败?!?

Why is it failing to login if you don't add the middleware that handles the login?!?

中间件不处理登录 - 它处理身份验证过程.用户登录,这通过 .AspNetCore.Identity.Application cookie 的存在得到确认.这里失败的是读取所述 cookie.

The middleware doesn't handle the login - it handles the authentication process. The user has logged in, which is confirmed by the presence of the .AspNetCore.Identity.Application cookie. What is failing here is the reading of said cookie.

这篇关于Asp.net core Identity 成功登录重定向回登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆