[英]ASP.NET Owin OAuth (Google / Facebook) is redirecting to default login.aspx insead of remote log in page
我正在使用 Owin 庫(包括 Google 和 Facebook)設置 OAuth。
從外觀上看,Owin 啟動類注冊得很好。 我發現不是被重定向到 Facebook 或 Google 的適當登錄頁面,而是被重定向到默認的“login.aspx”頁面。 我的解決方案中沒有 login.aspx 頁面。
流在視圖中觸發,如下所示:
@{
// Get list of configured external authentication middleware
var loginProviders = Context.GetOwinContext().Authentication.GetExternalAuthenticationTypes();
if (!loginProviders.Any())
{
<div>
<p>There are no external authentication services configured</p>
</div>
}
else
{
using (Html.BeginForm("ExternalLogin", "OAuth"))
{
@Html.AntiForgeryToken()
<div>
<p>
@foreach (AuthenticationDescription p in loginProviders)
{
<button type="submit" class="btn btn-default" id="@p.AuthenticationType" name="provider" value="@p.AuthenticationType" title="Log in using your @p.Caption account">@p.AuthenticationType</button>
}
</p>
</div>
}
}
}
這會觸發質詢結果,但是質詢結果只會導致重定向到 login.aspx(同樣不存在)
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ExternalLogin(string provider)
{
string redirectUri = Url.Action("ExternalLoginCallback");
// Request a redirect to the external login provider
return new ChallengeResult(provider, redirectUri);
}
我可能會錯過什么?
我已經包含了 Startup.cs 類以進行很好的衡量:
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = Config.OAuthFacebookAppId,
AppSecret = Config.OAuthFacebookAppSecret,
Scope = { "email" }, // "email", also "publish_actions" can be included if post to facebook authorization is required
Provider = new FacebookAuthenticationProvider
{
OnAuthenticated = context =>
{
context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
return Task.FromResult(true);
}
}
});
app.UseGoogleAuthentication(
clientId: Config.OAuthGoogleClientId,
clientSecret: Config.OAuthGoogleClientSecret
);
}
關鍵的修改是添加代碼:
// Stop execution of the current page/method - the 401 forces OWIN to kick-in and do its thing
Response.StatusCode = 401;
Response.End();
AuthenticationProperties.RedirectUri 不會在 Challenge() 中傳遞給 Google
其他問題是未啟用 Google+ API
OWIN 的 GetExternalLoginInfoAsync 總是返回 null
...對於 Facebook,需要將 Owin 庫升級到 3.1.0
如此完整的 ExternalLogin 方法:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public void ExternalLogin(string provider)
{
string redirectUri = Url.Action("ExternalLoginCallback");
var properties = new AuthenticationProperties() { RedirectUri = redirectUri };
HttpContext.GetOwinContext().Authentication.Challenge(properties, provider);
// Stop execution of the current page/method - the 401 forces OWIN to kick-in and do its thing
Response.StatusCode = 401;
Response.End();
}
此問題的根本原因(重定向到 login.aspx)是在遷移到 OWIN 身份驗證的過程中,FormsAuthentication 實際上並未完全關閉,因此這是兩者之間沖突的結果。
要完全停用表單身份驗證模塊並解決此問題,您可以將以下內容添加到 web.config 文件的模塊部分:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.