【发布时间】:2017-05-14 21:00:26
【问题描述】:
我正在尝试创建一个简单的登录路由,这段代码可以很好地登录并将 cookie 发送到浏览器:
[Route("Login")]
[AllowAnonymous]
public async Task<IHttpActionResult> Login(UserBindingModel model)
{
if (ModelState.IsValid)
{
var user = await UserManager.FindUserAsync(model.username, model.password);
if (user != null)
{
await SignInAsync(user, true);
return Ok();
}
}
return BadRequest();
}
这里是被调用的 SignInAsync 方法:
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
Authentication.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
这是我的 IdentityConfig:
public class ApplicationUserManager : UserManager<ApplicationUser>
{
public ApplicationUserManager(IUserStore<ApplicationUser> store)
: base(store)
{
}
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
var manager = new ApplicationUserManager(new TestUserStore());
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = false,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = false,
};
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"));
}
return manager;
}
public async Task<ApplicationUser> FindUserAsync(string username, string password)
{
var userStore = new TestUserStore();
ApplicationUser user = await userStore.FindByNameAsync(username, password);
return await Task.FromResult(user);
}
}
尽管这会将 cookie 正确发送到浏览器并且身份验证部分正常工作,但每当我调用另一个 api 控制器时,我都会不断收到请求是未经授权的。我对身份框架不是很熟悉,所以我不知道发生了什么。
【问题讨论】:
-
您能否提供您的启动验证码?
-
“api方法”,你是说ApiController吗?
-
@john Identityconfig 代码是我的 startup.auth 代码
-
@KimHoang 是的,我的意思是 api 控制器。任何需要授权的人都不会被调用。
-
@John 很抱歉造成混乱。我刚刚添加了startup.auth代码
标签: c# asp.net asp.net-mvc asp.net-identity asp.net-authorization