带有 owin cookie 中间件的 MVC 5 - owinContext.Authentication.sign 不发布 cookie
MVC 5 with owin cookie middleware - owinContext.Authentication.sign in not issuing cookies
我正在使用 MVC 5.2 并试图让 Owin cookie 中间件正常工作。
在我的登录控制器中,我执行以下操作:
public class LoginController
{
[AllowAnonymous]
public ActionResult Login(LoginViewModel loginViewModel)
{
//authenticate
....
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "abc"),
new Claim(ClaimTypes.Email, "abc@abc.com")
};
var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
//create the cookie - i thought
authenticationManager.SignIn(new AuthenticationProperties{IsPersistent = true}, id);
//redirect to protected action
return RedirectToAction("Index", "RoutingController");
}
[Authorize]
public class RoutingController : Controller
{
[HttpGet]
public ActionResult Index()
{
return this.View();
}
}
我连接了以下中间件
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login/Login"),
CookieSecure = CookieSecureOption.Always
});
}
事情是这样的
- 得到/Login/Login
- 重定向到 Routing/Index
- 重定向到 Login/Login
永久 302 循环...
我错过了什么?
谢谢
//
// POST: /Account/Login
[HttpPost, AllowAnonymous, ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindAsync(model.UserName, model.Password);
if (user != null)
{
await SignInAsync(user, model.RememberMe);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
为了防伪工作,您还应该将其添加到您的登录页面
@Html.AntiForgeryToken()
我正在使用 MVC 5.2 并试图让 Owin cookie 中间件正常工作。
在我的登录控制器中,我执行以下操作:
public class LoginController
{
[AllowAnonymous]
public ActionResult Login(LoginViewModel loginViewModel)
{
//authenticate
....
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, "abc"),
new Claim(ClaimTypes.Email, "abc@abc.com")
};
var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
//create the cookie - i thought
authenticationManager.SignIn(new AuthenticationProperties{IsPersistent = true}, id);
//redirect to protected action
return RedirectToAction("Index", "RoutingController");
}
[Authorize]
public class RoutingController : Controller
{
[HttpGet]
public ActionResult Index()
{
return this.View();
}
}
我连接了以下中间件
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login/Login"),
CookieSecure = CookieSecureOption.Always
});
}
事情是这样的
- 得到/Login/Login
- 重定向到 Routing/Index
- 重定向到 Login/Login
永久 302 循环...
我错过了什么?
谢谢
//
// POST: /Account/Login
[HttpPost, AllowAnonymous, ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindAsync(model.UserName, model.Password);
if (user != null)
{
await SignInAsync(user, model.RememberMe);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
为了防伪工作,您还应该将其添加到您的登录页面
@Html.AntiForgeryToken()