Asp.net核心身份成功登录重定向到登录页面 [英] Asp.net core Identity successful login redirecting back to login page

问题描述

我遇到一个问题，在成功登录后，asp.net身份框架会将用户重定向回登录页面.

I have a problem where the asp.net identity framework is redirecting the user back to the login page after they have logged in successfully.

这使用标准的Asp.net Core身份.它是版本2.1.1.生成剃须刀页面的脚手架.不知道这是否有意义.

This is using the standard Asp.net Core Identity. It is the version 2.1.1. The scaffolding that generates the razor pages. Not sure if that is significant.

我知道用户成功登录，因为我收到了日志消息

I know the user is successfully logging in because I get the log message

... Areas.Identity.Pages.Account.LoginModel:信息:用户已登录.

...Areas.Identity.Pages.Account.LoginModel: Information: User logged in.

但是随后它将直接重定向回登录页面.

But then it redirects straight back to the login page.

如果我使用提琴手，我可以看到请求上有一个cookie，因此从该角度来看一切都很好.

If I use fiddler I can see that there is a cookie on the request so it all looks good from that perspective.

.AspNetCore.Identity.Application=CfDJ8KJxkuir9ZJIjFLCU2bzm9n6X...

因此，我猜正在处理身份验证但不接受Cookie的中间件?

So I guess the middleware that is handling the authentication but not accepting the cookie?

如果我可以看到auth的实际中间件在做什么，那么我可能有一个主意，但找不到.

If I could see what the actual middleware for the auth was doing I might have an idea but I can't find it.

任何帮助表示赞赏

推荐答案

为了使ASP.NET Core管道能够识别用户已登录，在Configure方法中需要对UseAuthentication的调用您的Startup类的内容，例如:

In order to get the ASP.NET Core pipeline to recognise that a user is signed in, a call to UseAuthentication is required in the Configure method of your Startup class, like so:

app.UseAuthentication();
app.UseMvc(); // Order here is important (explained below).

使用Cookies身份验证方案，UseAuthentication的使用宽松地执行以下操作:

Using the Cookies authentication scheme, the use of UseAuthentication loosely performs the following:

• 从请求中读取.AspNetCore.Identity.Application cookie的内容，该内容表示发出请求的用户的身份.
• 用表示该用户的ClaimsPrincipal填充HttpContext的User属性.

• Reads the content of the .AspNetCore.Identity.Application cookie from the request, which represents the identity of the user making the request.
• Populates the User property of HttpContext with a ClaimsPrincipal that represents said user.

这是对发生的情况的简化说明，但是它突出了身份验证中间件执行的重要工作.没有认证中间件，.AspNetCore.Identity.Application将不会用于认证用户，因此不会认证用户.在您的情况下，尽管用户已登录(即正在设置cookie)，但是管道中间件(例如MVC)没有看到该用户(即未读取cookie)，因此看到了未经身份验证的请求并针对登录.

This is a simplified explanation of what happens, but it highlights the important job that the authentication middleware performs. Without the authentication middleware, the .AspNetCore.Identity.Application will not be used for authenticating the user and therefore the user will not be authenticated. In your case, although the user has signed in (i.e. the cookie is being set), the pipeline middleware (e.g. MVC) does not see this user (i.e. the cookie is not being read) and so sees an unauthenticated request and redirects again for login.

鉴于身份验证中间件读取了cookie并随后填充了ClaimsPrincipal，因此很显然，UseAuthentication调用也必须在之前之前，在UseMvc调用中才能进行.以正确的顺序发生.否则，MVC中间件将在身份验证中间件之前运行，并且将无法与填充的ClaimsPrincipal一起使用.

Given that the authentication middleware reads the cookie and subsequently populates the ClaimsPrincipal, it should be clear that the UseAuthentication call must also be before the UseMvc call in order for this to occur in the correct order. Otherwise, the MVC middleware runs before the Authentication middleware and will not be working with a populated ClaimsPrincipal.

如果不添加用于处理登录的中间件，为什么登录失败?！

Why is it failing to login if you don't add the middleware that handles the login?!?

中间件不处理登录-它处理身份验证过程.用户已经登录，通过.AspNetCore.Identity.Application cookie的存在来确认.此处失败的是读取了该cookie.

The middleware doesn't handle the login - it handles the authentication process. The user has logged in, which is confirmed by the presence of the .AspNetCore.Identity.Application cookie. What is failing here is the reading of said cookie.

这篇关于Asp.net核心身份成功登录重定向到登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！