stackoom
  简体   繁体   中英

ASP.NET Core redirect to login page without return url

 原文  2022-03-23 11:25:17       c#/ asp.net-core/ razor-pages/ asp.net-core-identity

Question

I have a Razor Page (.NET 6) project with ASP.NET Core Identity, on startup I set the access path and access denied path like this:

services.ConfigureApplicationCookie(options =>
{
    options.Cookie.Name = Constants.Cookies.Authentication;
    options.LoginPath = Constants.Pages.Login; // /Account/Login
    options.AccessDeniedPath = Constants.Pages.Login; 
    options.SlidingExpiration = true;
    options.Cookie.HttpOnly = true;
    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    options.Cookie.SameSite = SameSiteMode.None;
    options.ExpireTimeSpan = TimeSpan.FromHours(1);
 });

my OnGet method on the login page accepts the return URL, like so:

public async Task<IActionResult> OnGet(string returnUrl)
{
     // Some action when returnUrl is from external client
}

the problem is that when a user is on the profile page:

// Profile page
[Authorize]
public class HomeModel : PageModel
{
     //....
}

and the cookie has expired, when the page is refreshed, the user is correctly redirected to the login page to re-login, but is populated the return url with the profile page value:

https://localhost:5002/Account/Login?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den

instead it should be null or empty.
How come this happens, is there a way to do the redirect without this parameter in the query string or should I then check in the get of the login that it is a local url to avoid some steps that I perform?
Thanks

1 answers

solution1
 3  2022-03-23 13:02:25

is there a way to do the redirect without this parameter in the query string

Do you mean remove ?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den ?

If so, I suggest you create a custom authentication cookie:

public class CookieAuthEvents : CookieAuthenticationEvents
{
    public override Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context)
    {
        context.RedirectUri = "/Account/Login";
        return base.RedirectToLogin(context);
    }

    public override Task RedirectToLogout(RedirectContext<CookieAuthenticationOptions> context)
    {
        context.RedirectUri = "/Account/CustomLogout";
        return base.RedirectToLogout(context);
    }

    public override Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context)
    {
        context.RedirectUri = "/Account/CustomAccessDenied";
        return base.RedirectToAccessDenied(context);
    }

    public override Task RedirectToReturnUrl(RedirectContext<CookieAuthenticationOptions> context)
    {
        context.RedirectUri = "/CustomReturnUrl";
        return base.RedirectToReturnUrl(context);
    }
}

In programs, register authentication cookie

builder.Services.AddScoped<CookieAuthEvents>();

builder.Services.ConfigureApplicationCookie(ops =>
{
   //do your stuff...
    ops.EventsType = typeof(CookieAuthEvents);//add this line
   
});

result:

在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Redirect to same page after Login in Asp.net core mvc redirect to url in ASP.net core How to use multiple login pages in .ASP.NET Core MVC and unauthorized user redirect different login page Redirect Page With JQuery In Asp.net Core Login Page with ASP.NET Core (MVC) Working with return url in asp.net core Force Redirect to Another Page when First Time Login in ASP.NET Core How to Redirect to Last Visited page After Login in Asp.net core mvc How to redirect to login page in ASP.NET Core 6 web app with Angular frontend? ASP.NET Core 2.0 Identity, 2 controllers redirect each to different login page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM