Asp.net核心1.1验证安全标记不起作用

时间:2017-05-31 12:18:31

标签: c# asp.net-core asp.net-core-mvc asp.net-core-1.1 asp.net-core-identity

好的,所以我现在已经苦苦挣扎了2天,并且找不到任何相关内容。

我正在使用asp.net核心1.1,我已经在我的系统中实现了身份,它运行良好。但我的问题是用户在更新安全标记后仍然在线。

我尝试将SecurityStampValidationInterval设置为zero,1秒,但似乎没有效果。

此时我不确定它是不是一个bug?或者我做错了什么?

这是我的IdentityOptions的样子:

services.Configure<IdentityOptions>(options =>
            {
                options.Tokens.PasswordResetTokenProvider = _defaultTokenProviderName;

                options.Password.RequireDigit = true;
                options.Password.RequiredLength = 6;
                options.Password.RequireLowercase = true;
                options.Password.RequireUppercase = true;
                options.Password.RequireNonAlphanumeric = false;

                options.User.RequireUniqueEmail = true;

                options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.";

                options.SecurityStampValidationInterval = TimeSpan.Zero;



                options.Cookies.ApplicationCookie.CookieName = "Identity_cookie";
                options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
                options.Cookies.ApplicationCookie.SlidingExpiration = true;

            options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents()
            {
                OnRedirectToLogin = (context) =>
                {
                    var cul = context.HttpContext.Features.Get<IRequestCultureFeature>();
                    var lang = cul.RequestCulture.Culture.TwoLetterISOLanguageName;


                    context.Response.Redirect($"/{lang}/Account/Login?{context.Options.ReturnUrlParameter}" +
                         $"={System.Net.WebUtility.UrlEncode(context.Request.Path + context.Request.QueryString)}");
                    return Task.FromResult(0);
                },

            };
            });

这就是我更新安全标记的方式:

user.Blocked = !user.Blocked;
await _userManager.UpdateSecurityStampAsync(user);
await _userManager.UpdateAsync(user);

提前致谢。

1 个答案:

答案 0 :(得分:0)

我更新了我的问题以包含其余代码(抱歉它位于service.AddIdentity..下,所以我忘了复制它。)

所以我的问题是关于设置options.Cookies.ApplicationCookie.Events以便从身份选项中使用自定义OnRedirectToLogin出于某种原因我必须将其移至app.UseCookieAuthentication()

我的新代码是:

app.UseIdentity();

            app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                Events = new CookieAuthenticationEvents()
                {
                    OnRedirectToLogin = (context) =>
                    {
                        var cul = context.HttpContext.Features.Get<IRequestCultureFeature>();
                        var lang = cul.RequestCulture.Culture.TwoLetterISOLanguageName;


                        context.Response.Redirect($"/{lang}/Account/Login?{context.Options.ReturnUrlParameter}" +
                             $"={System.Net.WebUtility.UrlEncode(context.Request.Path + context.Request.QueryString)}");
                        return Task.FromResult(0);
                    },

                }
            });

services.Configure<IdentityOptions>

options.Tokens.PasswordResetTokenProvider = _defaultTokenProviderName;

                options.Password.RequireDigit = true;
                options.Password.RequiredLength = 6;
                options.Password.RequireLowercase = true;
                options.Password.RequireUppercase = true;
                options.Password.RequireNonAlphanumeric = false;

                options.User.RequireUniqueEmail = true;

                options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_.";

                options.SecurityStampValidationInterval = TimeSpan.Zero;



                options.Cookies.ApplicationCookie.CookieName = "Identity_cookie";
                options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
                options.Cookies.ApplicationCookie.SlidingExpiration = true;

我不知道这是一个错误还是什么,但配置假设在ConfigureServices内,我是对的吗?