[英]Asp.Net Core 2.2 Identity Authentication
I am having a weird situation in my web app whereby I can successfully sign in but not authenticated. 我在我的网络应用程序中遇到了一个奇怪的情况,我可以成功登录但未经过身份验证。 I have checked the property: User.Identity.IsAuthenticated property and its value is false. 我检查了属性:User.Identity.IsAuthenticated属性,其值为false。 I am using the default Account controller 我正在使用默认的帐户控制器
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
I put a break break-point and the value of result is Success but User.Identity.IsAuthenticated is false. 我设置了一个休息断点,结果的值是Success,但User.Identity.IsAuthenticated是false。
Below is my code for the ConfigureServices method in Startup class: 下面是我在Startup类中的ConfigureServices方法的代码:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<SchoolIdentityContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("IdentityConnection")));
services.AddIdentity<User, IdentityRole>()
.AddEntityFrameworkStores<SchoolIdentityContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = "/Account/Signin";
options.LogoutPath = "/Account/Signout";
options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
});
services.AddScoped(typeof(IAppLogger<>), typeof(LoggerAdapter<>));
services.AddScoped<IBookCategoryService, BookCategoryService>();
services.AddScoped<IBookService, BookService>();
services.AddHttpClient("chikoroapi", c =>
{
c.BaseAddress = new Uri("http://localhost:5100/api");
});
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 8;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 3;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
_services = services;
}
And the configure method is as below 配置方法如下
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
ListAllRegisteredServices(app);
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
//app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
I have cross-checked with the documentation several times and I can't figure out what I am missing. 我已多次与文档交叉检查,我无法弄清楚我错过了什么。
SignIn persists the given information for future requests, it does not set HttpContext.User on the current one. SignIn为将来的请求保留给定的信息,它不会在当前的请求上设置HttpContext.User。
You could only get User.Identity.IsAuthenticated
as ture for subsequent request on login. 您只能将User.Identity.IsAuthenticated
视为后续登录请求。
Refer to https://github.com/aspnet/Security/issues/1318 请参阅https://github.com/aspnet/Security/issues/1318
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.