我在.NET Core MVC中有应用程序。身份验证是在Identity中完成的,其余应用程序则在Angular中。
登录页面位于Areas.Identity.Pages.Account.Login.cshtml
我读到app.UseMvc()必须在app.UseAuthentication()之后
这是我的Startup.cs文件:
public void ConfigureServices(IServiceCollection services)
{
var keysFolder = Path.Combine(WebHostEnvironment.ContentRootPath, "temp-keys");
services.AddDataProtection()
.SetApplicationName("MyApp")
.PersistKeysToFileSystem(new System.IO.DirectoryInfo(keysFolder))
.SetDefaultKeyLifetime(TimeSpan.FromDays(14));
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("MyAppConnection")));
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Home/Login";
});
services.AddMvc().AddMvcOptions(Mvcoption => {
Mvcoption.EnableEndpointRouting = false;
});
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddControllersWithViews();
services.AddRazorPages();
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
services.AddSingleton<IConfiguration>(Configuration);
...
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddFile("Logs/mylog-{Date}.txt");
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
if (!env.IsDevelopment())
{
app.UseSpaStaticFiles();
}
app.UseRouting();
app.UseAuthentication();
app.UseMvc();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
app.UseSpa(spa =>
{
// To learn more about options for serving an Angular SPA from ASP.NET Core,
// see https://go.microsoft.com/fwlink/?linkid=864501
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
当我在Visual Studio中运行应用程序时,我可以顺利登录。但是,当我在服务器上发布应用程序时,我不能。成功登录后,请返回登录页面。 在我的服务器上记录登录操作:
2020-07-16T16:29:06.9806220+00:00 800004b4-0000-be00-b63f-84710c7967bb [INF] User logged in. (fdce0db4)
2020-07-16T16:29:07.1073699+00:00 800004b5-0000-be00-b63f-84710c7967bb [INF] Invoking IdentityServer endpoint: "IdentityServer4.Endpoints.AuthorizeCallbackEndpoint" for "/connect/authorize/callback" (f7642de5)
2020-07-16T16:29:07.1086131+00:00 800004b5-0000-be00-b63f-84710c7967bb [INF] Showing login: User is not authenticated (4b8d50b2)
答案 0 :(得分:0)
我认为一个好的做法是不要将IdentityServer与您的SPA应用程序混合使用,我认为最好将它们分开。当您遵循关注点分离原则时,故障排除就更容易了。
我也会放置
app.UseAuthorization();
紧随其后
app.UseAuthentication();
您不应同时使用appUseMvc()和UseEndpoints()。删除UseMVC()。参见文档Migrate from ASP.NET Core 2.2 to 3.0