我将AutoFac设置为在MVC 5中与ASP.NET Identity一起使用。表面上看起来一切正常,即用户可以创建帐户并登录。但是后来我发现,更改Security Stamp不会使用户注销。要么是由于AspNetUsers表中的暴力破解,要么是用户更改了密码并希望在其他浏览器中注销。
这就是我按照this unofficial article设置AutoFac的方式。
public void Configuration(IAppBuilder app)
{
var builder = new ContainerBuilder();
builder.RegisterType<ApplicationDbContext>().AsSelf().InstancePerRequest();
builder.RegisterType<ApplicationUserStore>().As<IUserStore<ApplicationUser>>().InstancePerRequest();
builder.RegisterType<ApplicationUserManager>().AsSelf().InstancePerRequest();
builder.RegisterType<ApplicationSignInManager>().AsSelf().InstancePerRequest();
builder.Register<IAuthenticationManager>(c => HttpContext.Current.GetOwinContext().Authentication).InstancePerRequest();
builder.Register<IDataProtectionProvider>(c => app.GetDataProtectionProvider()).InstancePerRequest();
builder.RegisterControllers(typeof(MvcApplication).Assembly);
var container = builder.Build();
DependencyResolver.SetResolver(new AutofacDependencyResolver(container));
app.UseAutofacMiddleware(container);
app.UseAutofacMvc();
ConfigureAuth(app);
}
这就是我设置cookie身份验证中间件的方式。它是默认值,但验证间隔较短。
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromSeconds(15),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
}
如果我在GenerateUserIdentityAsync中设置了断点,则只有在用户首次登录时才会调用该断点。
最佳答案
安全标记验证器需要ApplicationUserManager,它会尝试从OWIN上下文中解析实例(因为它不知道更好)。因此,您仍然需要向OWIN注册ApplicationUsreManager:
app.CreatePerOwinContext(() => DependencyResolver.Current.GetService<ApplicationUserManager>());