好的,所以我现在已经苦苦挣扎了2天,并且找不到任何相关内容。
我正在使用asp.net核心1.1,我已经在我的系统中实现了身份,它运行良好。但我的问题是用户在更新安全标记后仍然在线。
我尝试将SecurityStampValidationInterval
设置为zero,1
秒,但似乎没有效果。
此时我不确定它是不是一个bug?或者我做错了什么?
这是我的IdentityOptions
的样子:
services.Configure<IdentityOptions>(options =>
{
options.Tokens.PasswordResetTokenProvider = _defaultTokenProviderName;
options.Password.RequireDigit = true;
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = true;
options.Password.RequireUppercase = true;
options.Password.RequireNonAlphanumeric = false;
options.User.RequireUniqueEmail = true;
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.";
options.SecurityStampValidationInterval = TimeSpan.Zero;
options.Cookies.ApplicationCookie.CookieName = "Identity_cookie";
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
options.Cookies.ApplicationCookie.SlidingExpiration = true;
options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = (context) =>
{
var cul = context.HttpContext.Features.Get<IRequestCultureFeature>();
var lang = cul.RequestCulture.Culture.TwoLetterISOLanguageName;
context.Response.Redirect($"/{lang}/Account/Login?{context.Options.ReturnUrlParameter}" +
$"={System.Net.WebUtility.UrlEncode(context.Request.Path + context.Request.QueryString)}");
return Task.FromResult(0);
},
};
});
这就是我更新安全标记的方式:
user.Blocked = !user.Blocked;
await _userManager.UpdateSecurityStampAsync(user);
await _userManager.UpdateAsync(user);
提前致谢。
答案 0 :(得分:0)
我更新了我的问题以包含其余代码(抱歉它位于service.AddIdentity..
下,所以我忘了复制它。)
所以我的问题是关于设置options.Cookies.ApplicationCookie.Events
以便从身份选项中使用自定义OnRedirectToLogin
出于某种原因我必须将其移至app.UseCookieAuthentication()
我的新代码是:
app.UseIdentity();
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = (context) =>
{
var cul = context.HttpContext.Features.Get<IRequestCultureFeature>();
var lang = cul.RequestCulture.Culture.TwoLetterISOLanguageName;
context.Response.Redirect($"/{lang}/Account/Login?{context.Options.ReturnUrlParameter}" +
$"={System.Net.WebUtility.UrlEncode(context.Request.Path + context.Request.QueryString)}");
return Task.FromResult(0);
},
}
});
和services.Configure<IdentityOptions>
:
options.Tokens.PasswordResetTokenProvider = _defaultTokenProviderName;
options.Password.RequireDigit = true;
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = true;
options.Password.RequireUppercase = true;
options.Password.RequireNonAlphanumeric = false;
options.User.RequireUniqueEmail = true;
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.";
options.SecurityStampValidationInterval = TimeSpan.Zero;
options.Cookies.ApplicationCookie.CookieName = "Identity_cookie";
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
options.Cookies.ApplicationCookie.SlidingExpiration = true;
我不知道这是一个错误还是什么,但配置假设在ConfigureServices
内,我是对的吗?