How to prevent an authenticated user from being not able to open the IndentitySever login page so that they do not re-enter their credentials since they are already logged in
I am using two separate applications Blazor Web Assembly hosted on Asp net and WebApi that uses Identity Server for Authentication.
The browser opens to the login page, I enter the credentials and the server application of identityServer completes the process successfully and redirects me to the home page, then I pressed the back button of the browser and the identityServer login page opens
I even tried to activate the remember me to make identity remember that the user logged in but I still get the same result the login page opens although user is authenticated
Code App with IdentityServer4 Startup.cs
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
//.AddSigningCredential(;
services.AddAuthentication()
.AddIdentityServerJwt();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
/*ptions.SlidingExpiration = true;*/
});
Code App with IdentityServer4 Login.cshtml
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
_logger.LogInformation("User logged in.");
return LocalRedirect(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToPage("./Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
}
// If we got this far, something failed, redisplay form
return Page();
}
Any thoughts will be greatly appreciated. Best
To answer your question directly, you could check if a idsrv.session
cookie is present
this.Request.Cookies["idsrv.session"]
As an alternative, you could let your user log in again if they want to. Let's take a look at the IdentityServer4 demo: https://demo.identityserver.io/Account/Login?ReturnUrl=%2Fdiagnostics
Log in using:
User: bob
Password: bob
Now click back and take a look at the header, you can see that you are indeed logged in.
Now let's enter some new credentials:
User: alice
Password: alice
And now see what happens
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.