未经授权的ASP.Net核心MVC6重定向到登录 [英] ASP.Net core MVC6 Redirect to Login when not authorised

问题描述

我正在使用ASP.Net core MVC 6，如果用户未经身份验证，我试图将其重定向到登录页面。

I am using ASP.Net core MVC 6, I am trying to get the user redirected to the login page if they are not authenticated.

我似乎无法要使其正常工作，当前用户只能得到一个空白页面。

I cant seem to get it to work, currently the user just gets a blank page.

下面是我在Startup.cs中的ConfigureServices方法

Below is my ConfigureServices method in Startup.cs

        public void ConfigureServices(IServiceCollection services) {
        // Add framework services.
        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))
        );

        services.AddIdentity<ApplicationUser, IdentityRole>(options => {
            // configure identity options
            options.Password.RequireDigit = true;
            options.Password.RequireLowercase = true;
            options.Password.RequireUppercase = true;
            options.Password.RequireNonAlphanumeric = true;
            options.Password.RequiredLength = 7;

            options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
            options.Cookies.ApplicationCookie.AutomaticChallenge = true;
            options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";

            // User settings
            options.User.RequireUniqueEmail = true;
        })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        services.AddMvc();

        // Add application services.
        services.AddTransient<IEmailSender, AuthMessageSender>();
        services.AddTransient<ISmsSender, AuthMessageSender>();
    }

推荐答案

我只是在努力我本人和我得出的结论是，最新版本的 Microsoft.AspNetCore.Identity.EntityFrameworkCore依赖项中似乎有一个问题。

I was just wrestling with this myself and I've come to the conclusion that there seems to be an issue in the latest version of the "Microsoft.AspNetCore.Identity.EntityFrameworkCore" dependency.

我最初使用的是1.1.0版本，但经过大量调试，中间件日志记录等，我得出的结论是我没有做错任何事情。我检查了以下内容：

I was originally using version 1.1.0 but after lots of debugging, owin middleware logging etc, I came to the conclusion that I wasn't doing anything wrong. I checked:

• Authorize属性起作用并阻止了请求



• 添加了事件处理程序（ OnRedirectToLogin），如下所示验证重定向URL（仅用于调试）

• Authorize attribute worked and blocked the request

• Added event handlers (OnRedirectToLogin) as below to verify the redirect URL (this was only for debugging)

options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents
{ 
    OnRedirectToLogin = evt => {
        evt.Response.Redirect(evt.RedirectUri); // this url is correct, but the redirect never happens!??
        return Task.FromResult(0);
    }
};     

分辨率 ：
我将程序包回滚到1.0.1版本，然后按预期启动了重定向-到LoginPath设置中Startup.cs中定义的URL

The resolution: I rolled back my package to the version 1.0.1 and then the redirects kicked in as expected - to the URL defined in Startup.cs in the LoginPath setting

options.Cookies.ApplicationCookie.LoginPath = new PathString("/Auth/Login");

此版本有效：
Microsoft.AspNetCore.Identity.EntityFrameworkCore ： 1.0.1

我将向ASPNETCORE团队提出一个有关1.1.0版本的错误。

I'm going to raise a bug with the ASPNETCORE team for investigation as regards to the 1.1.0 version.

这篇关于未经授权的ASP.Net核心MVC6重定向到登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！