注销/超时重定向ASP.net核心

时间:2018-05-15 13:40:54

标签: asp.net asp.net-core

在我的ASP.net核心站点中,在20分钟不活动后,会话到期,并且在用户执行的下一个需要身份验证的操作上,站点会重定向回/ Account / Login。问题是,我想根据过期的会话重定向回不同的页面。

例如,人们在https://example.com/Account/Login?appId=12345登录我的网站。但是,当会话过期并且用户被重定向回登录页面时,将剥离appId = 12345。 (12345可以是任何取决于用户的东西)。我不确定如何在每个会话唯一的重定向网址中包含自定义参数。

以下是我在Startup.cs中配置当前超时的方法:

 app.UseCookieAuthentication(new CookieAuthenticationOptions {
      AutomaticAuthenticate = true,
      AutomaticChallenge = true,
      SlidingExpiration = true,
      ExpireTimeSpan = TimeSpan.FromMinutes(20)
      LoginPath = "/Account/Login"
 });

我被问到我的httpget和httppost登录方法,所以这里有一个非常简化的版本(特别是POST方法):

 [RequireHttps]
 [HttpGet]
 public IActionResult Login(string returnUrl = "/", // The path to direct to after the login is complete
                               bool activated = false, // If the screen should prompt that the account has been activated. This flag is used from email activation only
                               string email = null,    // To pre-populate an e-mail address in the username field
                               bool interactive = false,    // Interactive login (ask for username first, then password OR create user)
                               string applicationId = null, // An application id (for tblApplications) to format the screen and log directly in to an application
                               string errorMessage = null
                              ) {

        LoginViewModel model = new LoginViewModel();

        // Pre-set Username
        model.EmailAddress = email;

        // Application
        Guid applicationGuid;
        if (applicationId != null && Guid.TryParse(applicationId, out applicationGuid)) {
            tblApplication application = dbo.GetSingle<tblApplication>(x => x.ApplicationGuid == applicationGuid);
            if (application != null) {
                model.applicationId = applicationId;
                model.ApplicationTitle = application.Title;

                List<tblSettings> settings = dbo.GetList<tblSettings>(x => x.ApplicationId == application.ApplicationId).ToList();
                if (settings.Where(x => x.SettingMasterId == 41 && x.SettingValue1 == "1").Count() > 0) model.showHeader = false;
                if (settings.Where(x => x.SettingMasterId == 42 && x.SettingValue1 == "1").Count() > 0) model.showFooter = false;
                if (settings.Any(x => x.SettingMasterId == 52)) model.LoginHeader = settings.FirstOrDefault(x => x.SettingMasterId == 52).SettingValue1;
                if (settings.Any(x => x.SettingMasterId == 63 && x.SettingValue1 != null)) model.themeId = int.Parse(settings.Where(x => x.SettingMasterId == 63 && x.SettingValue1 != null).FirstOrDefault().SettingValue1);
                if (settings.Where(x => x.SettingMasterId == 67 && x.SettingValue1 == "1").Count() > 0) model.Interactive = true;
            }
        }

        // Return URL after login successful
        ViewData["ReturnUrl"] = returnUrl;

        // Activation message from security provider 
        if (activated) model.activated = true;

        // Interactive
        if (interactive) model.Interactive = true;

        // Error Message
        if (errorMessage != null) model.BannerErrorMessage = errorMessage;

        // Return to form
        return View(model);
    }

[HttpPost]
public async Task<IActionResult> Login(LoginViewModel vm, string returnUrl = null) {
        if (ModelState.IsValid) {
            tblIdentity identity = null;
            try {

                // Pull the client identity record from the database
                identity = dbo.ExecuteQuery<tblIdentity>(x => x.ClientId == vm.EmailAddress).FirstOrDefault();
                if (identity == null)
                    throw new Exception("Invalid Email or Password");

                // ** Authentication Code here. On failure, throw exception

                if (user.EmailVerified == null || user.EmailVerified == false) {
                    // ** Code for email address not verified
                    return RedirectToAction("AccountNotVerified", model);
                }
                else {
                    // Call the login procedure to create cookes
                    ClaimsPrincipal claimsPrincipal = await login(identity, user.UserId, user.FullName, user.Email, vm.applicationId);

                    // Sign user into cookie middleware
                    await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal);

                    // Redirect back to the return url
                    return RedirectToLocal(returnUrl);
                }
            }
            catch (Exception e) {

                ModelState.AddModelError("", e.Message);
            }
        }
        return View(vm);
    }

    public async Task<ClaimsPrincipal> login(tblClientIdentity identity, string userId, string fullName, string email, string applicationId = null) {

        var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(new[] {
                                                                            new Claim(ClaimTypes.NameIdentifier, userId),
                                                                            new Claim(ClaimTypes.Name, fullName),
                                                                            new Claim(ClaimTypes.Email, email)},
                                                CookieAuthenticationDefaults.AuthenticationScheme));

        // Application
        if (string.IsNullOrWhiteSpace(applicationId) == false) {
            Guid applicationGuid;
            if (Guid.TryParse(applicationId, out applicationGuid)) {
                tblApplication application = dbo.GetSingle<tblApplication>(x => x.ApplicationGuid == applicationGuid);
                if (application != null) {
                    claimsPrincipal.Identities.First().AddClaim(new Claim("ApplicationId", applicationId, ClaimValueTypes.String, "https://example.com"));
                    HttpContext.Session.SetString("ApplicationId", applicationId);
                }
                else {
                    if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
                    RedirectToAction("Login", "Account", new { ErrorMessage = "The application could not be loaded" });
                }
            }
            else {
                if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
            }
        }
        else {
            if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
        }
        return claimsPrincipal;
    }

0 个答案:

没有答案