一是外部登录尝试重定向到登录的动作，第二个作品 [英] First external login attempt redirects back to login action, second one works

问题描述

我使用OWIN的外部认证机构在我的ASP.Net MVC 5/2的WebAPI项目，我已经打了一个奇怪的问题。

登录流程是完全一样在这里左右。用户点击登录页面，挑选供应商，并在获取记录我的问题是，在运营商的第一次点击重定向回同样的登录页面：

 的http：//本地主机：57291 /帐号/登录RETURNURL =％2fAccount％2fExternalLogin
 

这将使意义，如果ExternalLogin行动将缺乏使用AllowAnonymous属性。

当用户点击了第二次一切正常。

我也尝试与不同的浏览器，问题是跨浏览器，IE11和Firefox。

一致

Login.cshtml：

  @using（Html.BeginForm（ExternalLogin，帐户，新的{RETURNURL = ViewBag.ReturnUrl}））
{
    ＆LT;＆字段集GT;
        ＆LT;传奇＆GT; @ Strings.ExternalAuthenticationProvidersDescription＆LT; /传说＆GT;
        ＆所述p为H.;
            @foreach（在Model.ExternalAuthenticationProviders VAR P）
            {
                ＆LT;按钮式=提交名称=提供者值=@ p.AuthenticationType称号=登录使用@ p.Caption帐户＆GT; @ p.Caption＆LT; /按钮＆GT;
            }
        ＆所述; / P＆GT;
    ＆LT; /字段集＆GT;
}
 

AccountController.cs

 公共类的AccountController：控制器
{
  ...    [使用AllowAnonymous]
    [HttpPost]
    公众的ActionResult ExternalLogin（字符串提供商，串RETURNURL）
    {
        返回新ChallengeResult（供应商，Url.Action（ExternalLoginCallback，帐户，新
        {
            loginProvider =供应商，
            RETURNURL = RETURNURL
        }））;
    }
  ...
}
 

ChallengeResult.cs：

 公共类ChallengeResult：HttpUnauthorizedResult
{
    公共ChallengeResult（字符串提供商，字符串的redirectUrl）
    {
        LoginProvider =供应商;
        的redirectUrl =的redirectUrl;
    }    公共字符串LoginProvider {搞定;组; }
    公共字符串的redirectUrl {搞定;组; }    公共覆盖无效的ExecuteReuslt（ControllerContext上下文）
    {
        context.HttpContext.GetOwinContext（）。Authentication.Challenge（新AuthenticationProperties
        {
            RedirectUri =的redirectUrl
        }，LoginProvider）;
    }
}
 

FilterConfig.cs

 公共类一个FilterConfig
{
    公共静态无效RegisterGlobalFilters（GlobalFilterCollection过滤器）
    {
        filters.Add（新HandleErrorAttribute（））;        //使所有的API控制器默认安全
        filters.Add（新AuthorizeAttribute（））;
    }
}
 

解决方案

原来的问题是，我的项目最初开始了作为有这在web.config中造成问题的一个MVC应用4：

 ＆LT;身份验证模式=表格＆GT;
  ＆LT;形式loginUrl =〜/帐号/登录超时=2880/＆GT;
＆LT; /认证＆GT;
 

我认为无论OWIN和Forms身份验证是活跃在同一时间。

I'm using OWIN's external authentication providers in my ASP.Net MVC 5 / WebApi 2 project and I've hit a strange problem.

The login workflow is exactly like here on SO. User hits the login page, picks a provider and gets logged in. My problem is that the first click on a provider redirects back to the same login page:

http://localhost:57291/Account/Login?ReturnUrl=%2fAccount%2fExternalLogin

This would make sense if the ExternalLogin action would be lacking the AllowAnonymous attribute.

When the user clicks a second time everything works.

I've also tried that with different browsers and the problem is consistent across Chrome, IE11 and Firefox.

Login.cshtml:

@using (Html.BeginForm("ExternalLogin", "Account", new { ReturnUrl = ViewBag.ReturnUrl }))
{
    <fieldset>
        <legend>@Strings.ExternalAuthenticationProvidersDescription</legend>
        <p>
            @foreach (var p in Model.ExternalAuthenticationProviders)
            {
                <button type="submit" name="provider" value="@p.AuthenticationType" title="Log in using your @p.Caption account">@p.Caption</button>
            }
        </p>
    </fieldset>
}

AccountController.cs

public class AccountController : Controller
{
  ...

    [AllowAnonymous]
    [HttpPost]
    public ActionResult ExternalLogin(string provider, string returnUrl)
    {
        return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new
        {
            loginProvider = provider, 
            ReturnUrl = returnUrl
        }));
    }
  ...
}

ChallengeResult.cs:

public class ChallengeResult : HttpUnauthorizedResult
{
    public ChallengeResult(string provider, string redirectUrl)
    {
        LoginProvider = provider;
        RedirectUrl = redirectUrl;
    }

    public string LoginProvider { get; set; }
    public string RedirectUrl { get; set; }

    public override void ExecuteResult(ControllerContext context)
    {
        context.HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
        {
            RedirectUri = RedirectUrl
        }, LoginProvider);
    }
}

FilterConfig.cs

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        // make all api controllers secure by default
        filters.Add(new AuthorizeAttribute());
    }
}

解决方案

Turns out the issue was that my project initially started out as an MVC 4 application which had this in web.config causing the issue:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

I think both OWIN and Forms authentication was active at the same time.

这篇关于一是外部登录尝试重定向到登录的动作，第二个作品的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！