科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>c# - Can't get "prompt=login" working after upgrade to Startup.cs logic - Stack Overflow

    c# - Can't get "prompt=login" working after upgrade to Startup.cs logic - Stack Overflow

    programmeradmin8浏览0评论

    As part of an app upgrade I needed to make several upgrades(Dot.Net 4.5 > 4.8, Owin and OpenIDConnect. I'm not very familiar with that part of the application, so the code changes below were provided to me and appeared to work fine except for one issue - the previous login & logout behavior has a serious issue - the login and logout processes are behaving incorrectly.

    Here is the important part of the legacy startup.cs:

        public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions()
        {
            CookieManager = new SystemWebCookieManager(),
            CookieHttpOnly = true,
            CookieSecure = CookieSecureOption.Always,
            ExpireTimeSpan = TimeSpan.FromSeconds(Convert.ToInt32(_authSessionTimeout)),
            SlidingExpiration = true
        });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // Sets the ClientId, authority, RedirectUri as obtained from web.config
                ClientId = _clientId,
                Authority = _authority,
                RedirectUri = _redirectUri,
                ClientSecret = _clientSecret,

                // Do not use the token lifetime; this setting overrides the expiration of the auth cookie.
                UseTokenLifetime = false,

                // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
                PostLogoutRedirectUri = _postLogoutRedirectUri,
                Scope = OpenIdConnectScope.OpenIdProfile,

                // ResponseType is set to request the code id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.CodeIdToken,

                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed,
                    RedirectToIdentityProvider = ctx =>
                    {
                        // Prompt the user to login each time
                        ctx.ProtocolMessage.Prompt = "login";

                        // force re-authentication if the user hasn't logged in the last 15 minutes
                        ctx.ProtocolMessage.MaxAge = _authSessionTimeout;

                        return Task.FromResult(0);
                    }
                }
            }
        );
    }

    and here is the corresponding part of the new startup.auth.cs:

        public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions()
        {
            CookieManager = new SystemWebCookieManager(),
            CookieHttpOnly = true,
            CookieSecure = CookieSecureOption.Always,
            ExpireTimeSpan = TimeSpan.FromSeconds(Convert.ToInt32(_authSessionTimeout)),
            SlidingExpiration = true
        });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // Sets the ClientId, authority, RedirectUri as obtained from web.config
                ClientId = _clientId,
                Authority = _authority,
                RedirectUri = _redirectUri,
                ClientSecret = _clientSecret,

                // Do not use the token lifetime; this setting overrides the expiration of the auth cookie.
                UseTokenLifetime = false,

                // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
                PostLogoutRedirectUri = _postLogoutRedirectUri,
                Scope = OpenIdConnectScope.OpenIdProfile,

                // ResponseType is set to request the code id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.CodeIdToken,

                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed,
                    RedirectToIdentityProvider = ctx =>
                    {
                        // Prompt the user to login each time
                        ctx.ProtocolMessage.Prompt = "login";

                        // force re-authentication if the user hasn't logged in the last 15 minutes
                        ctx.ProtocolMessage.MaxAge = _authSessionTimeout;

                        return Task.FromResult(0);
                    }
                }
            }
        );
    }

    The core problem here is that on login, the LEGACY code includes things like the 'Prompt="login"' while the NEW request does not as shown here:

    To be honest, I'm completely lost on what appears to be a problem with the OpenIdConnectAuthenticationNotifications, but I can't find any clear answers to what might be wrong. Any help would be greatly appreciated.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论