在 window.location.href 重定向后处理网络 API 回调的响应
Process web API callback's response after window.location.href redirect
我有一个 Web Api 以这种方式处理 OpenId 登录:
[HttpGet]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IActionResult> ExternalLogin(string provider, string returnUrl = "")
{
ApplicationUser user = await GetAuthUser();
string userId = user?.Id;
var properties = _externalSignInService.ConfigureExternalAuthenticationProperties(provider, Url.Action("ExternalCallback", "Account", new { returnUrl, userId }));
return Challenge(properties, provider);
}
这是从 Angular 具有 JS 重定向功能的应用程序调用的(它是硬编码的,因为我试图先让它工作)。
public loginExternal() {
window.location.href = `https://localhost:5001/v1/account/ExternalLogin?provider=Steam&returnUrl=${window.location.href}`;
}
Steam登录成功后,会调用那里指定的回调方法 Url.Action(...)
[HttpGet]
[AllowAnonymous]
[Route("Steam", Name = "ExternalCallback")]
public async Task<ActionResult<LoginResponseDto>> ExternalCallback(string error = null, string returnUrl = "", string userId = null)
{
if (error != null)
{
return Redirect(returnUrl + "/unauthorized");
}
...sign in duties...
return ProduceLoginResponse(signInResult);
}
private ActionResult<LoginResponseDto> ProduceLoginResponse((AppSignInResult result, SignInData data) loginResults)
{
var (result, data) = loginResults;
return result switch
{
AppSignInResult.Success => Ok(new LoginResponseDto()
{
AccessToken = data.Token.AccessToken,
TokenType = data.Token.TokenType,
ExpiresIn = data.Token.GetRemainingLifetimeSeconds(),
Username = data.Username,
Email = data.Email,
IsExternalLogin = data.IsExternalLogin,
ExternalAuthenticationProvider = data.ExternalAuthenticationProvider
}),
_ => throw new InvalidEnumArgumentException($"Unknown sign-in result '{result}'.")
};
}
所以在我的 Angular 应用程序中,我需要处理这些数据(将 JWT 令牌保存在存储中,等等)。如何做到这一点,记住我使用了 window.location.href 重定向?
我已经通过在 HttpContext.Session 存储中保存用户登录数据并将 return 方法从 return ProduceLoginResponse(signInResult); 更改为 return Redirect(returnHost + "/sign-in"); 并在重定向后,在 angular ngOnInit 方法中的登录组件我正在调用另一个端点以从 HttpContext.Session 存储中获取我的登录数据。
[HttpGet]
[AllowAnonymous]
[Route("sign-in")]
public ActionResult<object> ProvideSignInDataFromSession()
{
var sessionData = HttpContext.Session.GetString(SignInDataKey);
if (sessionData != null)
{
var data = JsonConvert.DeserializeObject<SignInData>(sessionData);
return Ok(new
{
user = data.Username,
access_token = data.Token.AccessToken,
token_type = data.Token.TokenType,
expires_in = data.Token.GetRemainingLifetimeSeconds(),
});
}
return Redirect(CORS.CORS.returnOrigin + "/unauthorized");
}
我有一个 Web Api 以这种方式处理 OpenId 登录:
[HttpGet]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IActionResult> ExternalLogin(string provider, string returnUrl = "")
{
ApplicationUser user = await GetAuthUser();
string userId = user?.Id;
var properties = _externalSignInService.ConfigureExternalAuthenticationProperties(provider, Url.Action("ExternalCallback", "Account", new { returnUrl, userId }));
return Challenge(properties, provider);
}
这是从 Angular 具有 JS 重定向功能的应用程序调用的(它是硬编码的,因为我试图先让它工作)。
public loginExternal() {
window.location.href = `https://localhost:5001/v1/account/ExternalLogin?provider=Steam&returnUrl=${window.location.href}`;
}
Steam登录成功后,会调用那里指定的回调方法 Url.Action(...)
[HttpGet]
[AllowAnonymous]
[Route("Steam", Name = "ExternalCallback")]
public async Task<ActionResult<LoginResponseDto>> ExternalCallback(string error = null, string returnUrl = "", string userId = null)
{
if (error != null)
{
return Redirect(returnUrl + "/unauthorized");
}
...sign in duties...
return ProduceLoginResponse(signInResult);
}
private ActionResult<LoginResponseDto> ProduceLoginResponse((AppSignInResult result, SignInData data) loginResults)
{
var (result, data) = loginResults;
return result switch
{
AppSignInResult.Success => Ok(new LoginResponseDto()
{
AccessToken = data.Token.AccessToken,
TokenType = data.Token.TokenType,
ExpiresIn = data.Token.GetRemainingLifetimeSeconds(),
Username = data.Username,
Email = data.Email,
IsExternalLogin = data.IsExternalLogin,
ExternalAuthenticationProvider = data.ExternalAuthenticationProvider
}),
_ => throw new InvalidEnumArgumentException($"Unknown sign-in result '{result}'.")
};
}
所以在我的 Angular 应用程序中,我需要处理这些数据(将 JWT 令牌保存在存储中,等等)。如何做到这一点,记住我使用了 window.location.href 重定向?
我已经通过在 HttpContext.Session 存储中保存用户登录数据并将 return 方法从 return ProduceLoginResponse(signInResult); 更改为 return Redirect(returnHost + "/sign-in"); 并在重定向后,在 angular ngOnInit 方法中的登录组件我正在调用另一个端点以从 HttpContext.Session 存储中获取我的登录数据。
[HttpGet]
[AllowAnonymous]
[Route("sign-in")]
public ActionResult<object> ProvideSignInDataFromSession()
{
var sessionData = HttpContext.Session.GetString(SignInDataKey);
if (sessionData != null)
{
var data = JsonConvert.DeserializeObject<SignInData>(sessionData);
return Ok(new
{
user = data.Username,
access_token = data.Token.AccessToken,
token_type = data.Token.TokenType,
expires_in = data.Token.GetRemainingLifetimeSeconds(),
});
}
return Redirect(CORS.CORS.returnOrigin + "/unauthorized");
}