I have a Razor Page (.NET 6) project with ASP.NET Core Identity, on startup I set the access path and access denied path like this:
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = Constants.Cookies.Authentication;
options.LoginPath = Constants.Pages.Login; // /Account/Login
options.AccessDeniedPath = Constants.Pages.Login;
options.SlidingExpiration = true;
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.None;
options.ExpireTimeSpan = TimeSpan.FromHours(1);
});
my OnGet method on the login page accepts the return URL, like so:
public async Task<IActionResult> OnGet(string returnUrl)
{
// Some action when returnUrl is from external client
}
the problem is that when a user is on the profile page:
// Profile page
[Authorize]
public class HomeModel : PageModel
{
//....
}
and the cookie has expired, when the page is refreshed, the user is correctly redirected to the login page to re-login, but is populated the return url with the profile page value:
https://localhost:5002/Account/Login?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den
instead it should be null or empty.
How come this happens, is there a way to do the redirect without this parameter in the query string or should I then check in the get of the login that it is a local url to avoid some steps that I perform?
Thanks
is there a way to do the redirect without this parameter in the query string
Do you mean remove ?ReturnUrl=%2FProfile%2FHome%3Fculture%3Den
?
If so, I suggest you create a custom authentication cookie:
public class CookieAuthEvents : CookieAuthenticationEvents
{
public override Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/Account/Login";
return base.RedirectToLogin(context);
}
public override Task RedirectToLogout(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/Account/CustomLogout";
return base.RedirectToLogout(context);
}
public override Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/Account/CustomAccessDenied";
return base.RedirectToAccessDenied(context);
}
public override Task RedirectToReturnUrl(RedirectContext<CookieAuthenticationOptions> context)
{
context.RedirectUri = "/CustomReturnUrl";
return base.RedirectToReturnUrl(context);
}
}
In programs, register authentication cookie
builder.Services.AddScoped<CookieAuthEvents>();
builder.Services.ConfigureApplicationCookie(ops =>
{
//do your stuff...
ops.EventsType = typeof(CookieAuthEvents);//add this line
});
result:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.