问题描述
我创建了一个自定义身份验证状态提供程序,用于检查我们内部 LDAP 服务上的用户名和密码。 我的以下代码在初始登录期间工作正常。但是登录后,如果我按 F5 或刷新页面,它会自动进入登录页面。 有人可以帮忙吗?
public class CustomAuthenticationStateProvider : AuthenticationStateProvider
{
private readonly ILdapAuthenticationService _ldapAuthenticationService;
private ClaimsPrincipal _cachedClaimsPrincipal;
public CustomAuthenticationStateProvider(ILdapAuthenticationService
ldapAuthenticationService)
{
_ldapAuthenticationService = ldapAuthenticationService;
}
public override async
Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState>
GetAuthenticationStateAsync()
{
if (_cachedClaimsPrincipal != null)
return await Task.Fromresult(
new
Microsoft.AspNetCore.Components.Authorization.AuthenticationState(_cachedClaimsPrincipal));
return await Task.Fromresult(new
Microsoft.AspNetCore.Components.Authorization.AuthenticationState(new ClaimsPrincipal(new
ClaimsIdentity())));
}
public void ValidateLogin(string username,string password)
{
if (string.IsNullOrEmpty(username)) throw new Exception("Enter username");
if (string.IsNullOrEmpty(password)) throw new Exception("Enter password");
if (_ldapAuthenticationService.AuthenticateUser(username,password))
{
_cachedClaimsPrincipal = _ldapAuthenticationService.CurrentUser.ClaimsPrincipal;
}
NotifyAuthenticationStateChanged(
Task.Fromresult(new
AuthenticationState(_ldapAuthenticationService.CurrentUser.ClaimsPrincipal)));
}
}
public class RedirectToLogin : ComponentBase
{
[Inject]
protected NavigationManager NavigationManager { get; set; }
[CascadingParameter]
private Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState>
authenticationStateTask { get; set; }
protected override void OnInitialized()
{
NavigationManager.Navigateto("/");
}
}
创建 RedirectToLogin 以便用户在浏览任何页面之前必须进行身份验证
解决方法
您的 CustomAuthenticationStateProvider 将有一个在请求后终止的范围,因此在此类的本地成员中缓存 ClaimsPrincipal 将不起作用:
private ClaimsPrincipal _cachedClaimsPrincipal;
在构造函数上添加调试日志,您将看到它为每个请求创建(因此 _cachedClaimsPrincipal 中的任何存储值都将丢失)。
public CustomAuthenticationStateProvider(ILdapAuthenticationService
ldapAuthenticationService)
{
System.Diagnostics.Debug.WriteLine("Constructor");
_ldapAuthenticationService = ldapAuthenticationService;
}
您需要将其缓存在一个持久的位置(例如 Session 对象)。