ASP.NET MVC - 根据匿名 Ajax 请求刷新 Auth Cookie
ASP.NET MVC - Refresh Auth Cookie on Anonymous Ajax Requests
我试图在向具有 [AllowAnonymous] 属性的控制器发出 ajax 请求后刷新会话。由于某些原因,现在不可能删除此属性。正在通过 OWIN (Microsoft.Owin v4.1.0).
进行身份验证
验证过程如下:
public class Startup_Auth
{
public void Configuration(IAppBuilder app)
{
try
{
MyAuthenticationProvider provider = new MyAuthenticationProvider() { OnValidateIdentity = MyValidation };
app.SetDefaultSignInAsAuthenticationType("ExternalCookie");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ExternalCookie",
AuthenticationMode = AuthenticationMode.Active,
CookieName = "MyCookie",
CookieSecure = CookieSecureOption.Always,
LoginPath = new PathString(PATH),
ExpireTimeSpan = TimeSpan.FromMinutes(EXPIRATION),
Provider = provider,
TicketDataFormat = new MyTicketDataFormat()
});
}
...
}
private static Task MyValidation(CookieValidateIdentityContext context)
{
...
}
}
我也试过控制器的OnActionExecuting:
[AllowAnonymous]
public class MyController : Controller
{
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
// can't access cookies here
}
}
非常欢迎任何建议。
您需要创建声明身份并通过这种方式在 AuthenticationManager (SignInManager.SignInAsync) 上调用 SignIn,声明已更新:
// Get User and a claims-based identity
ApplicationUser user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
var Identity = new ClaimsIdentity(User.Identity);
// Remove existing claim and replace with a new value
await UserManager.RemoveClaimAsync(user.Id, Identity.FindFirst("AccountNo"));
await UserManager.AddClaimAsync(user.Id, new Claim("AccountNo", value));
// Re-Signin User to reflect the change in the Identity cookie
await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
// [optional] remove claims from claims table dbo.AspNetUserClaims, if not needed
var userClaims = UserManager.GetClaims(user.Id);
if (userClaims.Any())
{
foreach (var item in userClaims)
{
UserManager.RemoveClaim(user.Id, item);
}
}
我试图在向具有 [AllowAnonymous] 属性的控制器发出 ajax 请求后刷新会话。由于某些原因,现在不可能删除此属性。正在通过 OWIN (Microsoft.Owin v4.1.0).
验证过程如下:
public class Startup_Auth
{
public void Configuration(IAppBuilder app)
{
try
{
MyAuthenticationProvider provider = new MyAuthenticationProvider() { OnValidateIdentity = MyValidation };
app.SetDefaultSignInAsAuthenticationType("ExternalCookie");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ExternalCookie",
AuthenticationMode = AuthenticationMode.Active,
CookieName = "MyCookie",
CookieSecure = CookieSecureOption.Always,
LoginPath = new PathString(PATH),
ExpireTimeSpan = TimeSpan.FromMinutes(EXPIRATION),
Provider = provider,
TicketDataFormat = new MyTicketDataFormat()
});
}
...
}
private static Task MyValidation(CookieValidateIdentityContext context)
{
...
}
}
我也试过控制器的OnActionExecuting:
[AllowAnonymous]
public class MyController : Controller
{
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
// can't access cookies here
}
}
非常欢迎任何建议。
您需要创建声明身份并通过这种方式在 AuthenticationManager (SignInManager.SignInAsync) 上调用 SignIn,声明已更新:
// Get User and a claims-based identity
ApplicationUser user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
var Identity = new ClaimsIdentity(User.Identity);
// Remove existing claim and replace with a new value
await UserManager.RemoveClaimAsync(user.Id, Identity.FindFirst("AccountNo"));
await UserManager.AddClaimAsync(user.Id, new Claim("AccountNo", value));
// Re-Signin User to reflect the change in the Identity cookie
await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
// [optional] remove claims from claims table dbo.AspNetUserClaims, if not needed
var userClaims = UserManager.GetClaims(user.Id);
if (userClaims.Any())
{
foreach (var item in userClaims)
{
UserManager.RemoveClaim(user.Id, item);
}
}