ASP.NET MVC Core2 Cookie身份验证问题

时间:2018-01-22 04:15:58

标签: c# asp.net authentication cookies asp.net-core-mvc

环境(发展):

Visual Studio 2017 ASP.NET Core2 Web应用程序 https://localhost:44300/

ISSUE:

从View Form中,当我在具有[Authorize]属性的控制器中调用HttpPost方法时,它失败并返回“此页面无效... HTTP ERROR 400”

如果我删除SignInAsync并在HttpPost上允许匿名,它可以正常工作。

启动时的代码:

        public void ConfigureServices(IServiceCollection services)
    {
        try
        {
            //services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)    
            services.AddAuthentication("CookieSecurityScheme")
                .AddCookie("CookieSecurityScheme", options =>
                {
                    options.ExpireTimeSpan = new TimeSpan(90, 0, 0, 0);
                    options.LoginPath = new PathString("/Home/Index/");
                    options.AccessDeniedPath = new PathString("/Home/Index/");
                    options.LogoutPath = new PathString("/Home/Index/");
                });

            services.AddMvc();
            services.AddAntiforgery();
            services.Configure<MvcOptions>(options =>
            {
                options.Filters.Add(new RequireHttpsAttribute());
            });
        }
        catch (Exception ex)
        {
            gFunc.ProcessError(ex);
        }
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        try
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }
            app.UseStaticFiles();
            app.UseAuthentication();

            var options = new RewriteOptions().AddRedirectToHttps();
            app.UseRewriter(options);

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");

                routes.MapRoute(
                    name: "signin",
                    template: "{controller=Home}/{action=Index}/{agencyID}/{contactID}");
            });
        }
        catch (Exception ex)
        {
            gFunc.ProcessError(ex);
        }
    }

控制器代码:

            // create claims
        var claims = new List<Claim>
        {
            new Claim(ClaimTypes.Name, c_signed_in.FirstName + gFunc.SPACE + c_signed_in.FamilyName),
            new Claim(ClaimTypes.Email, c_signed_in.Email),
            new Claim(ClaimTypes.SerialNumber, c_signed_in.AccountPassword)
            //new Claim(ClaimTypes.Email, c_signed_in.Email)
        };

        // create principal
        ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme));

        // sign-in
        await HttpContext.SignInAsync(scheme: "CookieSecurityScheme", principal: principal);

尝试:

SignInAsync和SignOutAsync工作正常,我可以看到用户通过以下方式进行身份验证:HttpContext.User

我已经看了很多关于这样做的例子,我不明白为什么会失败。

0 个答案:

没有答案
相关问题
最新问题