[英]Why is identity null when using .net core 2 AuthorizationHandler in iframe
I have the following AuthorizationRequirement
and AuthorizationHandler
that is registered with DI and is working just fine. 我有以下向DI注册的
AuthorizationRequirement
和AuthorizationHandler
,并且工作正常。 However, when an action with [Authorize(Policy = "ConfirmedEmail")]
is called within an iframe (same origin), context.User.Identity.Name
is allways NULL and therefore so is user
. 但是,在iframe(相同来源)中调用带有
[Authorize(Policy = "ConfirmedEmail")]
操作时, context.User.Identity.Name
始终为NULL,因此user
。 Does anyone have any idea why this is, and more importantly how to fix it? 有谁知道这是为什么,更重要的是如何解决?
When the exact same action is called directly (outside an iframe), context.User.Identity.Name
is correct and the user lookup succeeds. 当直接调用完全相同的操作(在iframe外部)时,
context.User.Identity.Name
是正确的,并且用户查找成功。
public class ConfirmedEmailRequirement : IAuthorizationRequirement { }
public class ConfirmedEmailHandler : AuthorizationHandler<ConfirmedEmailRequirement>
{
private readonly UserManager<User> _userManager;
public ConfirmedEmailHandler(UserManager<User> userManager)
{
_userManager = userManager;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ConfirmedEmailRequirement requirement)
{
var user = await _userManager.GetUserAsync(context.User);
if (user?.EmailConfirmed == true)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
}
UPDATE : I have noticed that although both iframe and non iframe request have the same session cookie, the non iframe request includes a Core.Identity.Application
cookie, the iframe request does not. 更新 :我注意到,尽管iframe和非iframe请求都具有相同的会话cookie,但非iframe请求包含
Core.Identity.Application
cookie,但iframe请求却没有。 I don't know the significance of this or what is causing it. 我不知道此问题的重要性或原因。
I finally managed to get identity to work within an iframe using the following: 我终于设法使用以下方法在iframe中使用身份:
services.ConfigureApplicationCookie(options => {
options.Cookie.Name = "MyAuthCookie";
options.Cookie.SameSite = SameSiteMode.None; //<THIS!!!
});
Hope this saves someone a lot of head scratching some day. 希望这可以节省某人每天挠头的时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.