Identity Core TwoFactorSignIn是否包含错误?

时间:2016-09-28 11:33:36

标签: c# asp.net-core asp.net-identity asp.net-core-mvc

我已经在ASP.NET核心应用程序上工作了几个月。现在接近完成第一个测试版我意识到我没有启用双因素身份验证,现在我认为我在Microsoft.AspNetCore.Identity的实现中发现了一个错误。如果我们查看如何检索用户,则执行以下操作:

    /// <summary>
    /// Returns the User ID claim value if present otherwise returns null.
    /// </summary>
    /// <param name="principal">The <see cref="ClaimsPrincipal"/> instance.</param>
    /// <returns>The User ID claim value, or null if the claim is not present.</returns>
    /// <remarks>The User ID claim is identified by <see cref="ClaimTypes.NameIdentifier"/>.</remarks>
    public virtual string GetUserId(ClaimsPrincipal principal)
    {
        if (principal == null)
        {
            throw new ArgumentNullException(nameof(principal));
        }
        return principal.FindFirstValue(Options.ClaimsIdentity.UserIdClaimType);
    }

    /// <summary>
    /// Returns the user corresponding to the IdentityOptions.ClaimsIdentity.UserIdClaimType claim in
    /// the principal or null.
    /// </summary>
    /// <param name="principal">The principal which contains the user id claim.</param>
    /// <returns>The user corresponding to the IdentityOptions.ClaimsIdentity.UserIdClaimType claim in
    /// the principal or null</returns>
    public virtual Task<TUser> GetUserAsync(ClaimsPrincipal principal)
    {
        if (principal == null)
        {
            throw new ArgumentNullException(nameof(principal));
        }
        var id = GetUserId(principal);
        return id == null ? Task.FromResult<TUser>(null) : FindByIdAsync(id);
    }

但是,TwoFactorSignInAsync中的SignInManager方法从未设置UserIdClaimType类型的声明,但它设置了相同Name声明的4倍,包含用户的Id声明1}}。
这是TwoFactorSignInAsync实现中的错误,还是我的Identity配置中的某些配置不正确?这是:

CookieAuthenticationOptions cookieOptions = new CookieAuthenticationOptions
{
   CookieHttpOnly = true,
   LoginPath = "/User/Login",
   CookieSecure = CookieSecurePolicy.Always,
   LogoutPath = "/User/Logout"
 };

 services.AddIdentity<User, Role>(options =>
 {
     options.Cookies.ApplicationCookie = cookieOptions;
     options.Cookies.ExternalCookie = cookieOptions;
     options.Cookies.TwoFactorRememberMeCookie = cookieOptions;
     options.Cookies.TwoFactorUserIdCookie = cookieOptions;

     options.Password = new PasswordOptions
     {
         RequiredLength = 8,
         RequireLowercase = true,
         RequireUppercase = true,
         RequireNonAlphanumeric = true
     };

     options.SignIn.RequireConfirmedEmail = true;
 })
 .AddUserStore<MyStore>()
 .AddRoleStore<MyStore>()
 .AddDefaultTokenProviders();

有关GitHub问题,请参阅Does TwoFactorSignIn contain a bug or am I configuring Identity incorrectly? #981

1 个答案:

答案 0 :(得分:1)

根据@HaoK's comment

  

如果成功,则双因素登录,表示NEXT请求将具有   用户设置。当前请求的身份验证已经发生。   没有任何SignIn对当前请求没有影响。

解决方案是在调用TwoFactorSignInAsync之后删除GetCurrentUserAsync方法,我错误地认为这是立即记录在用户中。

相关问题
最新问题