[翻译]  First external login attempt redirects back to login action, second one works

[CHINESE]  第一次外部登录尝试重定向回登录操作,第二次登录操作


I'm using OWIN's external authentication providers in my ASP.Net MVC 5 / WebApi 2 project and I've hit a strange problem.

我在我的ASP.Net MVC 5 / WebApi 2项目中使用OWIN的外部认证提供程序,我遇到了一个奇怪的问题。

The login workflow is exactly like here on SO. User hits the login page, picks a provider and gets logged in. My problem is that the first click on a provider redirects back to the same login page:

登录工作流程就像在SO上一样。用户点击登录页面,选择提供商并登录。我的问题是,首次点击提供商会重定向回相同的登录页面:

http://localhost:57291/Account/Login?ReturnUrl=%2fAccount%2fExternalLogin

This would make sense if the ExternalLogin action would be lacking the AllowAnonymous attribute.

如果ExternalLogin操作缺少AllowAnonymous属性,这将有意义。

When the user clicks a second time everything works.

当用户第二次点击时一切正常。

I've also tried that with different browsers and the problem is consistent across Chrome, IE11 and Firefox.

我也尝试过使用不同的浏览器,问题在Chrome,IE11和Firefox中都是一致的。

Login.cshtml:

Login.cshtml:

@using (Html.BeginForm("ExternalLogin", "Account", new { ReturnUrl = ViewBag.ReturnUrl }))
{
    <fieldset>
        <legend>@Strings.ExternalAuthenticationProvidersDescription</legend>
        <p>
            @foreach (var p in Model.ExternalAuthenticationProviders)
            {
                <button type="submit" name="provider" value="@p.AuthenticationType" title="Log in using your @p.Caption account">@p.Caption</button>
            }
        </p>
    </fieldset>
}

AccountController.cs

AccountController.cs

public class AccountController : Controller
{
  ...

    [AllowAnonymous]
    [HttpPost]
    public ActionResult ExternalLogin(string provider, string returnUrl)
    {
        return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new
        {
            loginProvider = provider, 
            ReturnUrl = returnUrl
        }));
    }
  ...
}

ChallengeResult.cs:

ChallengeResult.cs:

public class ChallengeResult : HttpUnauthorizedResult
{
    public ChallengeResult(string provider, string redirectUrl)
    {
        LoginProvider = provider;
        RedirectUrl = redirectUrl;
    }

    public string LoginProvider { get; set; }
    public string RedirectUrl { get; set; }

    public override void ExecuteResult(ControllerContext context)
    {
        context.HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
        {
            RedirectUri = RedirectUrl
        }, LoginProvider);
    }
}

FilterConfig.cs

FilterConfig.cs

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        // make all api controllers secure by default
        filters.Add(new AuthorizeAttribute());
    }
}

3 个解决方案

#1


8  

Turns out the issue was that my project initially started out as an MVC 4 application which had this in web.config causing the issue:

事实证明,我的项目最初是作为一个MVC 4应用程序开始的,它在web.config中导致了这个问题:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

I think both OWIN and Forms authentication was active at the same time.

我认为OWIN和Forms身份验证同时处于活动状态。

#2


0  

I have the same issue that occurs when i update the ASPNet.Web.Pages.Web.Data 3.1.1 nuget to any later versions. With 3.1.1 it is works! I found the solution here.

我有同样的问题,当我将ASPNet.Web.Pages.Web.Data 3.1.1 nuget更新到任何更高版本时发生。随着3.1.1它是有效的!我在这里找到了解决方案。

#3


0  

As Forms Authentication was added i was being redirected to Login Page. So, removing this code helped

随着表单身份验证的添加,我被重定向到登录页面。因此,删除此代码有帮助

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

but i had to add this line as well

但我也必须添加这一行

<system.webServer>
   <validation validateIntegratedModeConfiguration="false" />
   <modules>
      <remove name="FormsAuthentication" />  <-- added this line to remove it completely --> 
   </modules>
</system.webServer>

hope this helps someone.

希望这有助于某人。


注意!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。



 
© 2014-2018 ITdaan.com 粤ICP备14056181号