ASP.NET 核心重定向到登录页面而不返回 url
[英]ASP.NET Core redirect to login page without return url
问题描述
I have a Razor Page (.NET 6) project with ASP.NET Core Identity, on startup I set the access path and access denied path like this:
我有一个 Razor 页面 (.NET 6) 项目和 ASP.NET Core Identity,在启动时我设置了访问路径和拒绝访问路径,如下所示:
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = Constants.Cookies.Authentication;
options.LoginPath = Constants.Pages.Login; // /Account/Login
options.AccessDeniedPath = Constants.Pages.Login;
options.SlidingExpiration = true;
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.None;
options.ExpireTimeSpan = TimeSpan.FromHours(1);
});
my OnGet method on the login page accepts the return URL, like so:我在登录页面上的 OnGet 方法接受返回 URL,如下所示:
public async Task<IActionResult> OnGet(string returnUrl)
{
// Some action when returnUrl is from external client
}
the problem is that when a user is on the profile page:问题是当用户在个人资料页面上时:
// Profile page
[Authorize]
public class HomeModel : PageModel
{
//....
}
and the cookie has expired, when the page is refreshed, the user is correctly redirected to the login page to re-login, but is populated the return url with the profile page value:并且 cookie 已过期,当页面刷新时,用户被正确重定向到登录页面以重新登录,但返回 url 并填充配置文件页面值:
https://localhost:5002/Account/Login?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den
instead it should be null or empty.相反,它应该是 null 或为空。
How come this happens, is there a way to do the redirect without this parameter in the query string or should I then check in the get of the login that it is a local url to avoid some steps that I perform?这是怎么发生的,有没有办法在查询字符串中没有这个参数的情况下进行重定向,或者我应该检查登录的获取,它是本地 url 以避免我执行的一些步骤?
Thanks谢谢
1 个解决方案
解决方案1
3 2022-03-23 13:02:25
is there a way to do the redirect without this parameter in the query string
Do you mean remove ?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den ?您是说删除?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den吗?
If so, I suggest you create a custom authentication cookie:如果是这样,我建议您创建一个自定义身份验证 cookie:
public class CookieAuthEvents : CookieAuthenticationEvents
{
public override Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/Account/Login";
return base.RedirectToLogin(context);
}
public override Task RedirectToLogout(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/Account/CustomLogout";
return base.RedirectToLogout(context);
}
public override Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/Account/CustomAccessDenied";
return base.RedirectToAccessDenied(context);
}
public override Task RedirectToReturnUrl(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/CustomReturnUrl";
return base.RedirectToReturnUrl(context);
}
}
In programs, register authentication cookie在程序中,注册身份验证cookie
builder.Services.AddScoped<CookieAuthEvents>();
builder.Services.ConfigureApplicationCookie(ops =>
{
//do your stuff...
ops.EventsType = typeof(CookieAuthEvents);//add this line
});
result:结果:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.