На моем основном сайте ASP.net после 20 минут бездействия сеанс истекает, и при следующем действии, которое выполняет пользователь, требующий аутентификации, сайт перенаправляется обратно в / Account / Login.Проблема в том, что я хотел бы перенаправить обратно на другую страницу в зависимости от истекшего сеанса.
Например, люди заходят на мой сайт по адресу https://example.com/Account/Login?appId=12345. Однако, когда сеансистекает, и пользователь перенаправляется обратно на страницу входа в систему, appId = 12345 удаляется.(12345 может быть любым, в зависимости от пользователя).Я не уверен, как включить пользовательский параметр в URL-адрес перенаправления, уникальный для каждого сеанса.
Вот как у меня настроено время ожидания в Startup.cs:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AutomaticAuthenticate = true,
AutomaticChallenge = true,
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(20)
LoginPath = "/Account/Login"
});
Я былспросил мои методы входа в httpget и httppost, так что вот очень урезанная версия (особенно метод POST):
[RequireHttps]
[HttpGet]
public IActionResult Login(string returnUrl = "/", // The path to direct to after the login is complete
bool activated = false, // If the screen should prompt that the account has been activated. This flag is used from email activation only
string email = null, // To pre-populate an e-mail address in the username field
bool interactive = false, // Interactive login (ask for username first, then password OR create user)
string applicationId = null, // An application id (for tblApplications) to format the screen and log directly in to an application
string errorMessage = null
) {
LoginViewModel model = new LoginViewModel();
// Pre-set Username
model.EmailAddress = email;
// Application
Guid applicationGuid;
if (applicationId != null && Guid.TryParse(applicationId, out applicationGuid)) {
tblApplication application = dbo.GetSingle<tblApplication>(x => x.ApplicationGuid == applicationGuid);
if (application != null) {
model.applicationId = applicationId;
model.ApplicationTitle = application.Title;
List<tblSettings> settings = dbo.GetList<tblSettings>(x => x.ApplicationId == application.ApplicationId).ToList();
if (settings.Where(x => x.SettingMasterId == 41 && x.SettingValue1 == "1").Count() > 0) model.showHeader = false;
if (settings.Where(x => x.SettingMasterId == 42 && x.SettingValue1 == "1").Count() > 0) model.showFooter = false;
if (settings.Any(x => x.SettingMasterId == 52)) model.LoginHeader = settings.FirstOrDefault(x => x.SettingMasterId == 52).SettingValue1;
if (settings.Any(x => x.SettingMasterId == 63 && x.SettingValue1 != null)) model.themeId = int.Parse(settings.Where(x => x.SettingMasterId == 63 && x.SettingValue1 != null).FirstOrDefault().SettingValue1);
if (settings.Where(x => x.SettingMasterId == 67 && x.SettingValue1 == "1").Count() > 0) model.Interactive = true;
}
}
// Return URL after login successful
ViewData["ReturnUrl"] = returnUrl;
// Activation message from security provider
if (activated) model.activated = true;
// Interactive
if (interactive) model.Interactive = true;
// Error Message
if (errorMessage != null) model.BannerErrorMessage = errorMessage;
// Return to form
return View(model);
}
[HttpPost]
public async Task<IActionResult> Login(LoginViewModel vm, string returnUrl = null) {
if (ModelState.IsValid) {
tblIdentity identity = null;
try {
// Pull the client identity record from the database
identity = dbo.ExecuteQuery<tblIdentity>(x => x.ClientId == vm.EmailAddress).FirstOrDefault();
if (identity == null)
throw new Exception("Invalid Email or Password");
// ** Authentication Code here. On failure, throw exception
if (user.EmailVerified == null || user.EmailVerified == false) {
// ** Code for email address not verified
return RedirectToAction("AccountNotVerified", model);
}
else {
// Call the login procedure to create cookes
ClaimsPrincipal claimsPrincipal = await login(identity, user.UserId, user.FullName, user.Email, vm.applicationId);
// Sign user into cookie middleware
await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal);
// Redirect back to the return url
return RedirectToLocal(returnUrl);
}
}
catch (Exception e) {
ModelState.AddModelError("", e.Message);
}
}
return View(vm);
}
public async Task<ClaimsPrincipal> login(tblClientIdentity identity, string userId, string fullName, string email, string applicationId = null) {
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(new[] {
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(ClaimTypes.Name, fullName),
new Claim(ClaimTypes.Email, email)},
CookieAuthenticationDefaults.AuthenticationScheme));
// Application
if (string.IsNullOrWhiteSpace(applicationId) == false) {
Guid applicationGuid;
if (Guid.TryParse(applicationId, out applicationGuid)) {
tblApplication application = dbo.GetSingle<tblApplication>(x => x.ApplicationGuid == applicationGuid);
if (application != null) {
claimsPrincipal.Identities.First().AddClaim(new Claim("ApplicationId", applicationId, ClaimValueTypes.String, "https://example.com"));
HttpContext.Session.SetString("ApplicationId", applicationId);
}
else {
if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
RedirectToAction("Login", "Account", new { ErrorMessage = "The application could not be loaded" });
}
}
else {
if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
}
}
else {
if (HttpContext != null) HttpContext.Session.Remove("ApplicationId");
}
return claimsPrincipal;
}