我使用最新版本的ASP.NET MVC 6。
设置Startup.cs文件的以下设置:
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
{
options.Cookies.ApplicationCookie.LoginPath = new PathString("/account/login");
options.Cookies.ApplicationCookie.AccessDeniedPath = new PathString("/error/accessdenied");
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(1);
options.Cookies.ApplicationCookie.SlidingExpiration = false;
options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
options.Cookies.ApplicationCookie.AutomaticChallenge = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
}
在
Account中,控制器具有操作Login [HttpGet]
[AllowAnonymous]
public IActionResult Login(string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
return View();
}
在上面的方法中,获取
returnUrl没问题。同样在控制器
Error中具有操作AccessDenied [AllowAnonymous]
[HttpGet]
public IActionResult AccessDenied(string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
return View();
}
但是,当用户无权访问站点页面时,系统会将用户转发到页面
../error/accessdenied。此刻,在我重定向之后,
returnUrl的值为null。我可以获取用户重定向到的页面的地址(以及它是否适用于
LoginPath)吗? 最佳答案
看来它将在RC2中发布,请查看GitHub上的CookieAuthorizationHandler.HandleForbiddenAsync方法源代码,
protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
{
var properties = new AuthenticationProperties(context.Properties);
var returnUrl = properties.RedirectUri;
if (string.IsNullOrEmpty(returnUrl))
{
returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
}
var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri), properties);
await Options.Events.RedirectToAccessDenied(redirectContext);
return true;
}
您可以在Home repository上获得有关如何从RC1迁移到RC2的反馈。