控制器未加载.AspNetCore.Identity.Application用户cookie [英] Controller not loading .AspNetCore.Identity.Application user cookie

问题描述

我有一个简单的控制器，在用户登录后会被调用。我可以在身份服务器上看到该用户已登录。我还可以看到在浏览器中设置了.AspNetCore.Identity.Application cookie。

I have a simple controller which is called after the user logs in. I can see on my identity server that the user is logged in. I can also see that .AspNetCore.Identity.Application cookie is set in the browser.

登录后，使用以下命令将用户转发到此控制器

After login the user is forwarded to this controller using

RedirectToAction(nameof(Index), "Manage")

问题是控制器似乎没有被认证。我已经尝试过HttpContext.User和其他所有我认为控制器不能读取Cookie的东西

The problem is that the controller doesn't appear to be authenticated. I have tried HttpContext.User and everything else i can think the controller isn't reading the cookie

[Authorize]
[Route("[controller]/[action]")]
public class ManageController : Controller
{

    [HttpGet]
    [AllowAnonymous]
    public async Task<IActionResult> Index(ManageMessageId? message = null)
    {

      //  try to find user here.
    }
}

我发现有一项工作迫使它加载cookie

I have found a work around which forces it to load the cookie

var loadTheStupidCookie = await HttpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
var user = await _userManager.GetUserAsync(loadTheStupidCookie.Principal);

这是可行的，但我认为必须将其加载到控制器的每个方法中，这太过致命了。控制器不能为我加载Cookie吗？

This works but I think its over kill to have to load it in every method in the controller. Shouldn't the controller be able to load the cookie for me?

从startup.cs

From startup.cs

 services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(options =>
                {
                    options.LoginPath = new PathString("/Account/Login");
                    options.AccessDeniedPath = new PathString("/Account/Forbidden/");
                })
                .AddGoogle("Google", options =>
                {
                    options.AccessType = "offline";
                    options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                    options.ClientId = "xxxxx.apps.googleusercontent.com";
                    options.ClientSecret = "XXXX";
                });

注意：删除[AllowAnonymous]使其完全无法工作，可能是因为它不能

Note: Removing [AllowAnonymous] causes it to not work at all probably due to the fact that it cant see the authentication.

推荐答案

使用 Authorize 属性时，它会将使用通过 AddAuthentication 配置的默认 AuthenticationScheme 。在您的示例中，看起来像这样：

When you use the Authorize attribute, it will use the default AuthenticationScheme configured using AddAuthentication. In your example, that looks like this:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)

因为这是 CookieAuthenticationDefaults.AuthenticationScheme （ Cookies），授权属性在尝试登录用户时使用该属性。您的解决方法表明，您实际上要使用 IdentityConstants.ApplicationScheme （ Identity.Application）`。

Because this is CookieAuthenticationDefaults.AuthenticationScheme("Cookies"), the Authorize attribute is using that when attempting to sign the user in. Your workaround shows that you actually wanted to use IdentityConstants.ApplicationScheme("Identity.Application")` instead.

Authorize 属性可让您指定 AuthenticationScheme （ s）您要使用 AuthenticationSchemes 属性来使用，该属性如下所示：

The Authorize attribute allows you to specify the AuthenticationScheme(s) you want to use, using the AuthenticationSchemes property, which looks like this:

[Authorize(AuthenticationSchemes = "Identity.Application")]

事实证明您不能直接使用 IdentityConstants.ApplicationScheme ，因为这不是编译时常量。尽管可以显式使用字符串值，但是可以通过设置策略来获得编译时的安全性。请参见 docs 为例，了解如何执行此操作。

It turns out you can't use IdentityConstants.ApplicationScheme directly, as this is not a compile-time constant. Although you could use the string value explicitly, you can get the compile time safety by setting up a policy, for example. See the docs for an example on how to do that.

这篇关于控制器未加载.AspNetCore.Identity.Application用户cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！