根据是否为 API 调用重定向未授权请求的问题
Issues with redirecting unauthorized requests based on whether it's an API call or not
因此,当未登录的用户尝试访问上面有 [Authorize] 的 Razor 页面时,我的应用程序以代码 -1,073,741,571 退出...
我正在使用 ASP.NET Core 5.0 RC1
这是我认为它发生的地方:
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/login");
options.LogoutPath = new PathString("/logout");
options.AccessDeniedPath = new PathString("/login");
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
});
以下是使用的助手:
public static class RoutingHelpers
{
private const string ApiRoutePrefix = "/api";
private static bool IsApiRequest(this HttpContext context)
{
if (context.Request.Path.StartsWithSegments(ApiRoutePrefix))
{
return true;
}
// Check if this is an ApiController
var endpoint = context.GetEndpoint();
return endpoint != null && endpoint.Metadata.Any(o => o is ApiControllerAttribute);
}
public static Func<RedirectContext<CookieAuthenticationOptions>, Task> HandleApiRequest(int statusCode, Func<RedirectContext<CookieAuthenticationOptions>, Task> original)
{
return redirectContext =>
{
if (!redirectContext.HttpContext.IsApiRequest())
return original(redirectContext);
redirectContext.Response.StatusCode = statusCode;
return Task.CompletedTask;
};
}
}
一般来说,此代码的目标是将 [Authorize]d API 请求重定向到其他地方,而不是 [Authorize]d Razor Pages,以避免 API 响应只是登录页面的整个 HTML 代码。
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
应该是
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.OnRedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.OnRedirectToLogin);
我想会在 2 天内将其标记为已解决
因此,当未登录的用户尝试访问上面有 [Authorize] 的 Razor 页面时,我的应用程序以代码 -1,073,741,571 退出...
我正在使用 ASP.NET Core 5.0 RC1
这是我认为它发生的地方:
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/login");
options.LogoutPath = new PathString("/logout");
options.AccessDeniedPath = new PathString("/login");
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
});
以下是使用的助手:
public static class RoutingHelpers
{
private const string ApiRoutePrefix = "/api";
private static bool IsApiRequest(this HttpContext context)
{
if (context.Request.Path.StartsWithSegments(ApiRoutePrefix))
{
return true;
}
// Check if this is an ApiController
var endpoint = context.GetEndpoint();
return endpoint != null && endpoint.Metadata.Any(o => o is ApiControllerAttribute);
}
public static Func<RedirectContext<CookieAuthenticationOptions>, Task> HandleApiRequest(int statusCode, Func<RedirectContext<CookieAuthenticationOptions>, Task> original)
{
return redirectContext =>
{
if (!redirectContext.HttpContext.IsApiRequest())
return original(redirectContext);
redirectContext.Response.StatusCode = statusCode;
return Task.CompletedTask;
};
}
}
一般来说,此代码的目标是将 [Authorize]d API 请求重定向到其他地方,而不是 [Authorize]d Razor Pages,以避免 API 响应只是登录页面的整个 HTML 代码。
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
应该是
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.OnRedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.OnRedirectToLogin);
我想会在 2 天内将其标记为已解决