我有两个网络应用程序。一个是Web表单应用程序和另一个带有web api的MVC应用程序。两个应用程序都使用相同的数在Web表单应用程序中,我有一个绑定到gridview的用户列表。当我点击一个用户时,它应该带我到MVC应用程序,而不要求我提供登录详细信息。我在MVC应用程序中创建了一个webapi端点,它请求一个身份验证令牌。端点返回带有位置标头值的HttpResponseMessage(MVC应用程序的位置)。当我单击一个用户时,它成功从服务器获取令牌,但它没有重定向到MVC应用程序。我不确定我在这里做错了什么。我如何验证MVC应用程序打开它以分隔选项卡?
网络Api代码:
[HttpPost]
[AllowAnonymous]
[Route("api/account/stafflogin")]
public async Task<HttpResponseMessage> StaffLogin(StaffLoginModel staffLoginModel)
{
var context = Request.GetOwinContext();
var authManager = context.Authentication;
authManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
var loginResponse = await GetToken(staffLoginModel.UserName, staffLoginModel.Password);
var responseMessage = await loginResponse.Content.ReadAsStringAsync();
var tokenJson = responseMessage;
TokenResponse tokenResponse = new TokenResponse(tokenJson, staffLoginModel.CompanyId, staffLoginModel.PersonId);
Token token = tokenResponse.BearerToken;
HttpResponseMessage response = new HttpResponseMessage();
try
{
if (token.StatusCode != HttpStatusCode.OK)
{
response = Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unexpected error occured");
response.Headers.Location = new Uri("/Account/Login");
}
// If all good, build a new claims identity from token/user details
var identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, token.UserId));
//identity.AddClaim(new Claim(ClaimTypes.Name, token.Username));
identity.AddClaim(new Claim(ClaimTypes.GivenName, token.FirstName));
identity.AddClaim(new Claim(ClaimTypes.Surname, token.LastName));
identity.AddClaim(new Claim(ClaimTypes.Authentication, token.AccessToken));
identity.AddClaim(new Claim("IsMember", token.IsMember));
identity.AddClaim(new Claim("IsNewMember", token.IsNewMember));
identity.AddClaim(new Claim("CompanyId", token.CompanyId));
identity.AddClaim(new Claim("StaffId", token.StaffId));
identity.AddClaim(new Claim("PersonId", token.PersonId));
// add user roles to identity so we can restrict access to application if desired...
token.Roles.ForEach(role =>
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
});
if (Convert.ToBoolean(token.IsMember))
{
// Set response headers to enable sign-in process. N.B .SignIn() DOES NOT directly set a cookie, that is done by the OWIN middleware
authManager.SignIn(
new AuthenticationProperties()
{
IsPersistent = true,
ExpiresUtc = new DateTimeOffset(token.ExpiresIn, TimeSpan.Zero)
}, identity);
response = Request.CreateResponse(HttpStatusCode.OK);
response.Headers.Location = new Uri("http://localhost:54033/dashboard");
}
}
catch (Exception)
{
response = Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unexpected error occured");
response.Headers.Location = new Uri("http://localhost:54033/Account/Login");
}
return response;
}
客户端代码
Protected Sub OnCommand(sender As Object, e As CommandEventArgs)
Dim companyId As Integer = 25
Dim personId As Integer = 323
Dim user = Membership.GetUser(New Guid(UserStaff.ASPNETUserID))
Dim client As New TestHttpClient
Dim url = ""
Try
Dim response As HttpResponseMessage = client .Open(user.UserName, user.GetPassword(), CType(companyId, Integer), CType(personId, Integer)).Result
If response.StatusCode = HttpStatusCode.OK Then
url = response.Headers.Location.ToString()
Page.ClientScript.RegisterClientScriptBlock(Me.GetType(), "Open", "window.open('http://localhost:54033/home','_blank');", True)
End If
Catch ex As Exception
Elmah.ErrorSignal.FromCurrentContext().Raise(ex)
End Try
End Sub