Question

基本上我从用户表中删除了一个用户，之后使用相同的用户凭据进行登录。简而言之，数据库更改没有反映在owin身份验证中。

注意：我正在使用删除用户实际上正在更新＆＃34; Deletedon＆＃34;用户表中的字段。我也在Owin使用自定义数据上下文。

重新启动IIS后，它工作正常。请帮助!!。

这是我在启动类中的ConfigureOAuth方法：

public void ConfigureOAuth(IAppBuilder app)
{
    var authService = DependencyResolver.Current.GetService<IAuthService>();
    var userService = DependencyResolver.Current.GetService<IUserService>();
    var loginHistoryService = DependencyResolver.Current.GetService<ILoginHistoryService>();
    //use a cookie to temporarily store information about a user logging in with a third party login provider
    OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
    OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/token"),
        AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
        Provider = new AuthorizationServerProvider(authService, userService, loginHistoryService),
        RefreshTokenProvider = new RefreshTokenProvider(authService)
    };
    // Token Generation
    app.UseOAuthAuthorizationServer(OAuthServerOptions);
    app.UseOAuthBearerAuthentication(OAuthBearerOptions);
}

这是我的AuthorizationServerProvider类：

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");

    if (allowedOrigin == null) allowedOrigin = "*";

    context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

    var user = await _authService.ValidateUser(context.UserName, context.Password);
    if (user == false)
    {
        context.SetError("invalid_grant", "The user name or password is incorrect.");
        return;
    }


    var identity = new ClaimsIdentity(context.Options.AuthenticationType);
    identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
    identity.AddClaim(new Claim(ClaimTypes.Role, "Client"));
    identity.AddClaim(new Claim("sub", context.UserName));

    var userInformation = await _userService.GetUserDetails(context.UserName, context.Password);
    if (userInformation != null)
    {
        /*insertion to login history*/

        _loginHistoryService.Create(userInformation.Id);

    }
    var props = new AuthenticationProperties(new Dictionary<string, string>
        {
            {
                "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
            },
            {
                "userName", context.UserName
            },

            {
                "UserId", userInformation.Id.ToString()
            },
             {
                "BranchId", userInformation.BranchId.ToString()
            },
             {
                "Name", userInformation.Name.ToString()
            }

        });

    var ticket = new AuthenticationTicket(identity, props);
    context.Validated(ticket);
}

_authService.ValidateUser提供旧的（未更新的）用户数据。

用户表数据已更新，但未反映在AuthorizationServerProvider＆＃34; GrantResourceOwnerCredentials＆＃34; methord

0 个答案: