MVC Owin Cookie 身份验证 - 覆盖 ReturnUrl 生成 [英] MVC Owin Cookie Authentication - Override ReturnUrl Generation

问题描述

我有一个使用 Owin Cookie 身份验证的 MVC 应用程序.我启用了 SlidingExpiration 并正常工作.但是，当用户的登录过期并将它们发送回 LoginPath 时，ReturnUrl 给我带来了一些问题:

I have an MVC application using Owin Cookie Authentication. I have SlidingExpiration enabled and working. However, when a user's login expires and they are sent back to the LoginPath, the ReturnUrl is giving me some problems:

1. 我只希望包含指向 GET 操作的 ReturnUrl，不是 POST 操作.
2. 我想包含 PathAndQuery 而不仅仅是 Path，以便我可以重新填写用户可能已在表单上填写的任何项目.

我尝试创建自己的 AuthorizeAttribute(下面的代码)并将其应用于我的一个控制器中的某些方法，但似乎在会话过期时它从未被命中.

I tried creating my own AuthorizeAttribute (code below) and applying it to some of the methods in one of my controllers, but it seems like it is never hit when the session is expired.

public class CheckLoginExpirationFilter : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
        {
            string returnUrl = null;
            if (filterContext.HttpContext.Request.HttpMethod.Equals("GET", StringComparison.CurrentCultureIgnoreCase))
                returnUrl = filterContext.HttpContext.Request.Url.GetComponents(UriComponents.PathAndQuery, UriFormat.SafeUnescaped);

            filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary()
        {
            { "client", filterContext.RouteData.Values[ "client" ] },
            { "controller", "Security" },
            { "action", "Login" },
            { "ReturnUrl", returnUrl }
        });
        }
    }
}

相关问题的答案表明自定义 AuthorizeAttribute 是标准 [解决方案]，当您想要覆盖此行为"，但我似乎无法使其正常工作.

An answer to a related question indicates that a custom AuthorizeAttribute is the "standard [solution], when you want to override this behavior," but I can't seem to get it to work.

推荐答案

看起来我想通了:我改变了我的启动配置如下:

Looks like I figured it out: I altered my startup config as follows:

    public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Security/Login"),
            CookieSecure = CookieSecureOption.SameAsRequest,
            SlidingExpiration = true,
            CookieName = "Program.Auth",
            ExpireTimeSpan = TimeSpan.FromSeconds(15)/*FromHours(1)*/,
            Provider = new CookieAuthenticationProvider { OnApplyRedirect = CustomRedirect }
        });

        // TODO - Figure out what claims type to base this on.
        AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Email;
    }

    private static void CustomRedirect(CookieApplyRedirectContext context)
    {
        var redirectUrl = context.Options.LoginPath.ToString();
        if (context.Request.Method == WebRequestMethods.Http.Get)
        {
            var returnUrl = context.Request.Path.ToString();
            if (!string.IsNullOrEmpty(returnUrl) && !returnUrl.Equals("/"))
                redirectUrl += "?" + context.Options.ReturnUrlParameter + "=" + returnUrl;
        }
        else if (context.Request.Method == WebRequestMethods.Http.Post)
        {
            //TODO: add toastr message showing that the post did not succeed
        }
        context.Response.Redirect(redirectUrl + "?tbn=inactive");
    }
}

现在我只得到一个用于 GET 请求的 ReturnUrl.我用 PathAndQuery 进行了测试，但到目前为止它一直导致其他问题.目前，我想说这里的主要问题已经解决了.

Now I only get a ReturnUrl for GET requests. I tested with PathAndQuery but so far it has been causing other problems. For the moment, I would say the main problem here is solved.

这篇关于MVC Owin Cookie 身份验证 - 覆盖 ReturnUrl 生成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！