ASP.Net 核心 MVC6 未授权时重定向到登录 [英] ASP.Net core MVC6 Redirect to Login when not authorised

问题描述

我正在使用 ASP.Net 核心 MVC 6，如果用户未通过身份验证，我试图让他们重定向到登录页面.

I am using ASP.Net core MVC 6, I am trying to get the user redirected to the login page if they are not authenticated.

我似乎无法让它工作，目前用户只是得到一个空白页面.

I cant seem to get it to work, currently the user just gets a blank page.

下面是我在 Startup.cs 中的 ConfigureServices 方法

Below is my ConfigureServices method in Startup.cs

        public void ConfigureServices(IServiceCollection services) {
        // Add framework services.
        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))
        );

        services.AddIdentity<ApplicationUser, IdentityRole>(options => {
            // configure identity options
            options.Password.RequireDigit = true;
            options.Password.RequireLowercase = true;
            options.Password.RequireUppercase = true;
            options.Password.RequireNonAlphanumeric = true;
            options.Password.RequiredLength = 7;

            options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
            options.Cookies.ApplicationCookie.AutomaticChallenge = true;
            options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";

            // User settings
            options.User.RequireUniqueEmail = true;
        })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        services.AddMvc();

        // Add application services.
        services.AddTransient<IEmailSender, AuthMessageSender>();
        services.AddTransient<ISmsSender, AuthMessageSender>();
    }

推荐答案

我自己也在纠结这个问题，我得出的结论是，最新版本的Microsoft.AspNetCore.Identity.EntityFrameworkCore"依赖.

I was just wrestling with this myself and I've come to the conclusion that there seems to be an issue in the latest version of the "Microsoft.AspNetCore.Identity.EntityFrameworkCore" dependency.

我最初使用的是 1.1.0 版，但经过大量调试、owin 中间件日志记录等之后，我得出的结论是我没有做错任何事情.我查了一下:

I was originally using version 1.1.0 but after lots of debugging, owin middleware logging etc, I came to the conclusion that I wasn't doing anything wrong. I checked:

• 授权属性起作用并阻止了请求

• 添加如下事件处理程序 (OnRedirectToLogin) 以验证重定向 URL(仅用于调试)

• Authorize attribute worked and blocked the request

• Added event handlers (OnRedirectToLogin) as below to verify the redirect URL (this was only for debugging)

options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents
{ 
    OnRedirectToLogin = evt => {
        evt.Response.Redirect(evt.RedirectUri); // this url is correct, but the redirect never happens!??
        return Task.FromResult(0);
    }
};     

解决方案:我将我的包回滚到 1.0.1 版，然后重定向按预期启动 - 到 LoginPath 设置中 Startup.cs 中定义的 URL

The resolution: I rolled back my package to the version 1.0.1 and then the redirects kicked in as expected - to the URL defined in Startup.cs in the LoginPath setting

options.Cookies.ApplicationCookie.LoginPath = new PathString("/Auth/Login");

澄清一下，这个版本有效:Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.1"

我将向 ASPNETCORE 团队提出一个关于 1.1.0 版本的错误以进行调查.

I'm going to raise a bug with the ASPNETCORE team for investigation as regards to the 1.1.0 version.

这篇关于ASP.Net 核心 MVC6 未授权时重定向到登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！