RedirectToAction启动新会话
我有一个登录我的用户的控制器。假设现有用户和密码正确,我会检查他们是否启用了2fa。
AccountControler登录方式
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, _configurationSettings.LockoutOnFailure);
if (result.Succeeded)
{
var user = await _userManager.FindByEmailAsync(model.Email);
await _signInManager.SignInAsync(user, _configurationSettings.IsPersistent);
_logger.LogInformation("User logged in.");
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToAction(nameof(Lockout));
}
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
// If we got this far, something failed, redisplay form
return View(model);
}
假设用户确实启用了2fa,那么我将它们重定向到LoginWith2fa方法。
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> LoginWith2fa(bool rememberMe, string returnUrl = null)
{
// Ensure the user has gone through the username & password screen first
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
throw new ApplicationException($"Unable to load two-factor authentication user.");
}
var model = new LoginWith2faViewModel { RememberMe = rememberMe };
ViewData["ReturnUrl"] = returnUrl;
return View(model);
}
这是我的问题来自var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();总是返回null。我放了几个断点,它看起来像是在ApplicationSignInManager和AccountController中重新构建我的构造函数。在那里给我一个新的会议。
SignInManager在startup.cs中注册为作用域
services.AddIdentity<ApplicationUser, IdentityRole<long>>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddSignInManager<ApplicationSignInManager>()
.AddDefaultTokenProviders();
如何调用RedirectToAction并保留相同的会话?
我一直在关注这个项目Identity Server 4 Demo
更新:关于HttpContext的评论
1 个答案:
答案 0 :(得分:1)
感谢@muqeetkhan给我提示。我正在使用自定义SignInManager,它需要设置正确的会话cookie,以便将用户数据传播到下一页。
public class ApplicationSignInManager : SignInManager<ApplicationUser>
{
private readonly ILogger _logger;
public ApplicationSignInManager(UserManager<ApplicationUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<ApplicationUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor,
ILogger<ApplicationSignInManager> logger, IAuthenticationSchemeProvider schemes) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
{
_logger = logger;
}
public override async Task<SignInResult> PasswordSignInAsync(string userEmail, string password, bool isPersistent, bool shouldLockout)
{
if (UserManager == null)
return SignInResult.Failed;
var result = await new FindUserCommand(_logger, UserManager, userEmail, password, shouldLockout).Execute();
if (result != SignInResult.TwoFactorRequired) return result;
var user = await UserManager.FindByEmailAsync(userEmail);
return await SignInOrTwoFactorAsync(user, true); // Required sets the session Cookie
}
}
基本上需要调用SignInOrTwoFactorAsync(user, true);。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?