控制器未加载.AspNetCore.Identity.Application用户cookie [英] Controller not loading .AspNetCore.Identity.Application user cookie
问题描述
我有一个简单的控制器,在用户登录后会被调用。我可以在身份服务器上看到该用户已登录。我还可以看到在浏览器中设置了.AspNetCore.Identity.Application cookie。
I have a simple controller which is called after the user logs in. I can see on my identity server that the user is logged in. I can also see that .AspNetCore.Identity.Application cookie is set in the browser.
登录后,使用以下命令将用户转发到此控制器
After login the user is forwarded to this controller using
RedirectToAction(nameof(Index), "Manage")
问题是控制器似乎没有被认证。我已经尝试过HttpContext.User和其他所有我认为控制器不能读取Cookie的东西
The problem is that the controller doesn't appear to be authenticated. I have tried HttpContext.User and everything else i can think the controller isn't reading the cookie
[Authorize]
[Route("[controller]/[action]")]
public class ManageController : Controller
{
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> Index(ManageMessageId? message = null)
{
// try to find user here.
}
}
我发现有一项工作迫使它加载cookie
I have found a work around which forces it to load the cookie
var loadTheStupidCookie = await HttpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
var user = await _userManager.GetUserAsync(loadTheStupidCookie.Principal);
这是可行的,但我认为必须将其加载到控制器的每个方法中,这太过致命了。控制器不能为我加载Cookie吗?
This works but I think its over kill to have to load it in every method in the controller. Shouldn't the controller be able to load the cookie for me?
从startup.cs
From startup.cs
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = new PathString("/Account/Login");
options.AccessDeniedPath = new PathString("/Account/Forbidden/");
})
.AddGoogle("Google", options =>
{
options.AccessType = "offline";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = "xxxxx.apps.googleusercontent.com";
options.ClientSecret = "XXXX";
});
注意:删除[AllowAnonymous]使其完全无法工作,可能是因为它不能
Note: Removing [AllowAnonymous] causes it to not work at all probably due to the fact that it cant see the authentication.
推荐答案
使用 Authorize
属性时,它会将使用通过 AddAuthentication
配置的默认 AuthenticationScheme
。在您的示例中,看起来像这样:
When you use the Authorize
attribute, it will use the default AuthenticationScheme
configured using AddAuthentication
. In your example, that looks like this:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
因为这是 CookieAuthenticationDefaults.AuthenticationScheme
( Cookies),授权
属性在尝试登录用户时使用该属性。您的解决方法表明,您实际上要使用 IdentityConstants.ApplicationScheme
( Identity.Application)`。
Because this is CookieAuthenticationDefaults.AuthenticationScheme
("Cookies"), the Authorize
attribute is using that when attempting to sign the user in. Your workaround shows that you actually wanted to use IdentityConstants.ApplicationScheme
("Identity.Application")` instead.
Authorize
属性可让您指定 AuthenticationScheme
( s)您要使用 AuthenticationSchemes
属性来使用,该属性如下所示:
The Authorize
attribute allows you to specify the AuthenticationScheme
(s) you want to use, using the AuthenticationSchemes
property, which looks like this:
[Authorize(AuthenticationSchemes = "Identity.Application")]
事实证明您不能直接使用 IdentityConstants.ApplicationScheme
,因为这不是编译时常量。尽管可以显式使用字符串值,但是可以通过设置策略来获得编译时的安全性。请参见 docs 为例,了解如何执行此操作。
It turns out you can't use IdentityConstants.ApplicationScheme
directly, as this is not a compile-time constant. Although you could use the string value explicitly, you can get the compile time safety by setting up a policy, for example. See the docs for an example on how to do that.
这篇关于控制器未加载.AspNetCore.Identity.Application用户cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!