在我的ASP.net核心站点中,在20分钟不活动后,会话到期,并且在用户执行的下一个需要身份验证的操作上,站点会重定向回/ Account / Login。问题是,我想根据过期的会话重定向回不同的页面。
例如,人们在https://example.com/Account/Login?appId=12345登录我的网站。但是,当会话过期并且用户被重定向回登录页面时,将剥离appId = 12345。 (12345可以是任何取决于用户的东西)。我不确定如何在每个会话唯一的重定向网址中包含自定义参数。
以下是我在Startup.cs中配置当前超时的方法:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AutomaticAuthenticate = true,
AutomaticChallenge = true,
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(20)
LoginPath = "/Account/Login"
});
我被问到我的httpget和httppost登录方法,所以这里有一个非常简化的版本(特别是POST方法):
[RequireHttps]
[HttpGet]
public IActionResult Login(string returnUrl = "/", // The path to direct to after the login is complete
bool activated = false, // If the screen should prompt that the account has been activated. This flag is used from email activation only
string email = null, // To pre-populate an e-mail address in the username field
bool interactive = false, // Interactive login (ask for username first, then password OR create user)
string applicationId = null, // An application id (for tblApplications) to format the screen and log directly in to an application
string errorMessage = null
) {
LoginViewModel model = new LoginViewModel();
// Pre-set Username
model.EmailAddress = email;
// Application
Guid applicationGuid;
if (applicationId != null && Guid.TryParse(applicationId, out applicationGuid)) {
tblApplication application = dbo.GetSingle<tblApplication>(x => x.ApplicationGuid == applicationGuid);
if (application != null) {
model.applicationId = applicationId;
model.ApplicationTitle = application.Title;
List<tblSettings> settings = dbo.GetList<tblSettings>(x => x.ApplicationId == application.ApplicationId).ToList();
if (settings.Where(x => x.SettingMasterId == 41 && x.SettingValue1 == "1").Count() > 0) model.showHeader = false;
if (settings.Where(x => x.SettingMasterId == 42 && x.SettingValue1 == "1").Count() > 0) model.showFooter = false;
if (settings.Any(x => x.SettingMasterId == 52)) model.LoginHeader = settings.FirstOrDefault(x => x.SettingMasterId == 52).SettingValue1;
if (settings.Any(x => x.SettingMasterId == 63 && x.SettingValue1 != null)) model.themeId = int.Parse(settings.Where(x => x.SettingMasterId == 63 && x.SettingValue1 != null).FirstOrDefault().SettingValue1);
if (settings.Where(x => x.SettingMasterId == 67 && x.SettingValue1 == "1").Count() > 0) model.Interactive = true;
}
}
// Return URL after login successful
ViewData["ReturnUrl"] = returnUrl;
// Activation message from security provider
if (activated) model.activated = true;
// Interactive
if (interactive) model.Interactive = true;
// Error Message
if (errorMessage != null) model.BannerErrorMessage = errorMessage;
// Return to form
return View(model);
}
[HttpPost]
public async Task<IActionResult> Login(LoginViewModel vm, string returnUrl = null) {
if (ModelState.IsValid) {
tblIdentity identity = null;
try {
// Pull the client identity record from the database
identity = dbo.ExecuteQuery<tblIdentity>(x => x.ClientId == vm.EmailAddress).FirstOrDefault();
if (identity == null)
throw new Exception("Invalid Email or Password");
// ** Authentication Code here. On failure, throw exception
if (user.EmailVerified == null || user.EmailVerified == false) {
// ** Code for email address not verified
return RedirectToAction("AccountNotVerified", model);
}
else {
// Call the login procedure to create cookes
ClaimsPrincipal claimsPrincipal = await login(identity, user.UserId, user.FullName, user.Email, vm.applicationId);
// Sign user into cookie middleware
await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal);
// Redirect back to the return url
return RedirectToLocal(returnUrl);
}
}
catch (Exception e) {
ModelState.AddModelError("", e.Message);
}
}
return View(vm);
}
public async Task<ClaimsPrincipal> login(tblClientIdentity identity, string userId, string fullName, string email, string applicationId = null) {
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(new[] {
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(ClaimTypes.Name, fullName),
new Claim(ClaimTypes.Email, email)},
CookieAuthenticationDefaults.AuthenticationScheme));
// Application
if (string.IsNullOrWhiteSpace(applicationId) == false) {
Guid applicationGuid;
if (Guid.TryParse(applicationId, out applicationGuid)) {
tblApplication application = dbo.GetSingle<tblApplication>(x => x.ApplicationGuid == applicationGuid);
if (application != null) {
claimsPrincipal.Identities.First().AddClaim(new Claim("ApplicationId", applicationId, ClaimValueTypes.String, "https://example.com"));
HttpContext.Session.SetString("ApplicationId", applicationId);
}
else {
if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
RedirectToAction("Login", "Account", new { ErrorMessage = "The application could not be loaded" });
}
}
else {
if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
}
}
else {
if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
}
return claimsPrincipal;
}