一是外部登录尝试重定向到登录的动作,第二个作品 [英] First external login attempt redirects back to login action, second one works
问题描述
我使用OWIN的外部认证机构在我的ASP.Net MVC 5/2的WebAPI项目,我已经打了一个奇怪的问题。
登录流程是完全一样在这里左右。用户点击登录页面,挑选供应商,并在获取记录我的问题是,在运营商的第一次点击重定向回同样的登录页面:
的http://本地主机:57291 /帐号/登录RETURNURL =%2fAccount%2fExternalLogin
这将使意义,如果ExternalLogin行动将缺乏使用AllowAnonymous属性。
当用户点击了第二次一切正常。
我也尝试与不同的浏览器,问题是跨浏览器,IE11和Firefox。
一致Login.cshtml:
@using(Html.BeginForm(ExternalLogin,帐户,新的{RETURNURL = ViewBag.ReturnUrl}))
{
<&字段集GT;
<传奇> @ Strings.ExternalAuthenticationProvidersDescription< /传说>
&所述p为H.;
@foreach(在Model.ExternalAuthenticationProviders VAR P)
{
<按钮式=提交名称=提供者值=@ p.AuthenticationType称号=登录使用@ p.Caption帐户> @ p.Caption< /按钮>
}
&所述; / P>
< /字段集>
}
AccountController.cs
公共类的AccountController:控制器
{
... [使用AllowAnonymous]
[HttpPost]
公众的ActionResult ExternalLogin(字符串提供商,串RETURNURL)
{
返回新ChallengeResult(供应商,Url.Action(ExternalLoginCallback,帐户,新
{
loginProvider =供应商,
RETURNURL = RETURNURL
}));
}
...
}
ChallengeResult.cs:
公共类ChallengeResult:HttpUnauthorizedResult
{
公共ChallengeResult(字符串提供商,字符串的redirectUrl)
{
LoginProvider =供应商;
的redirectUrl =的redirectUrl;
} 公共字符串LoginProvider {搞定;组; }
公共字符串的redirectUrl {搞定;组; } 公共覆盖无效的ExecuteReuslt(ControllerContext上下文)
{
context.HttpContext.GetOwinContext()。Authentication.Challenge(新AuthenticationProperties
{
RedirectUri =的redirectUrl
},LoginProvider);
}
}
FilterConfig.cs
公共类一个FilterConfig
{
公共静态无效RegisterGlobalFilters(GlobalFilterCollection过滤器)
{
filters.Add(新HandleErrorAttribute()); //使所有的API控制器默认安全
filters.Add(新AuthorizeAttribute());
}
}
原来的问题是,我的项目最初开始了作为有这在web.config中造成问题的一个MVC应用4:
<身份验证模式=表格>
<形式loginUrl =〜/帐号/登录超时=2880/>
< /认证>
我认为无论OWIN和Forms身份验证是活跃在同一时间。
I'm using OWIN's external authentication providers in my ASP.Net MVC 5 / WebApi 2 project and I've hit a strange problem.
The login workflow is exactly like here on SO. User hits the login page, picks a provider and gets logged in. My problem is that the first click on a provider redirects back to the same login page:
http://localhost:57291/Account/Login?ReturnUrl=%2fAccount%2fExternalLogin
This would make sense if the ExternalLogin action would be lacking the AllowAnonymous attribute.
When the user clicks a second time everything works.
I've also tried that with different browsers and the problem is consistent across Chrome, IE11 and Firefox.
Login.cshtml:
@using (Html.BeginForm("ExternalLogin", "Account", new { ReturnUrl = ViewBag.ReturnUrl }))
{
<fieldset>
<legend>@Strings.ExternalAuthenticationProvidersDescription</legend>
<p>
@foreach (var p in Model.ExternalAuthenticationProviders)
{
<button type="submit" name="provider" value="@p.AuthenticationType" title="Log in using your @p.Caption account">@p.Caption</button>
}
</p>
</fieldset>
}
AccountController.cs
public class AccountController : Controller
{
...
[AllowAnonymous]
[HttpPost]
public ActionResult ExternalLogin(string provider, string returnUrl)
{
return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new
{
loginProvider = provider,
ReturnUrl = returnUrl
}));
}
...
}
ChallengeResult.cs:
public class ChallengeResult : HttpUnauthorizedResult
{
public ChallengeResult(string provider, string redirectUrl)
{
LoginProvider = provider;
RedirectUrl = redirectUrl;
}
public string LoginProvider { get; set; }
public string RedirectUrl { get; set; }
public override void ExecuteResult(ControllerContext context)
{
context.HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
{
RedirectUri = RedirectUrl
}, LoginProvider);
}
}
FilterConfig.cs
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
// make all api controllers secure by default
filters.Add(new AuthorizeAttribute());
}
}
Turns out the issue was that my project initially started out as an MVC 4 application which had this in web.config causing the issue:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
I think both OWIN and Forms authentication was active at the same time.
这篇关于一是外部登录尝试重定向到登录的动作,第二个作品的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!