В моем приложении пользователь должен войти в приложение и затем авторизовать facebook (нажав кнопку в защищенной области), чтобы приложение могло получать сообщения в Facebook и т. Д. Приложение всегда перенаправляет пользователя на экран входа в систему. Я считаю, что это связано с приложением, которое настраивает CookiePolicyOptions с CheckConsentNeeded = true, но установка его в false не помогает.
Что мне не хватает?
Страница после входа пользователя в систему:
<form asp-area="Identity" asp-page="/Account/ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post">
<div class="row">
<div class="col-md-6">
<div class="form-group">
<button type="submit" class="btn btn-sm btn-facebook btn-icon-label" value="Facebook">
<span class="btn-inner--icon">
<i class="fab fa-facebook"></i>
</span>
</button>
</div>
</div>
Идентичность / счета / ExternalLogin.cshtml.cs
[AllowAnonymous]
public class ExternalLoginModel : PageModel
{
public IActionResult OnPost(string provider, string returnUrl = null)
{
var redirectUrl = Url.Page("./ExternalLogin", pageHandler: "Callback", values: new { returnUrl });
var authenticationProperties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
return new ChallengeResult(provider, authenticationProperties);
}
StartUp.cs:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;<= I believe that this could be one of the issues
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("SQLServerConnectionString")));
services.AddIdentity<ApplicationUser, IdentityRole>(config =>
{
config.SignIn.RequireConfirmedEmail = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services
.AddAuthentication(
)
.AddCookie()
.AddFacebook(facebookOptions =>
{
facebookOptions.AppId = Configuration["FacebookAuthSettings:AppId"];
facebookOptions.AppSecret = Configuration["FacebookAuthSettings:AppSecret"];
facebookOptions.SaveTokens = true;
facebookOptions.Events.OnCreatingTicket = oAuthCreatingTicketContext =>
{
var authenticationTokens = oAuthCreatingTicketContext.Properties.GetTokens().ToList();
var authenticationToken = new AuthenticationToken()
{
Name = "TicketCreated",
Value = DateTime.UtcNow.ToString()
};
authenticationTokens.Add(authenticationToken);
oAuthCreatingTicketContext.Properties.StoreTokens(authenticationTokens);
return Task.CompletedTask;
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2).
AddRazorPagesOptions(options =>
{
options.AllowAreas = true;
options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
});
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = $"/Identity/Account/Login";
options.LogoutPath = $"/Identity/Account/Logout";
options.AccessDeniedPath = $"/Identity/Account/AccessDenied";
});
services.AddAntiforgery(o => o.HeaderName = "XSRF-TOKEN");
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
});
//enforce HTTPS globally in the app.
services.Configure<MvcOptions>(mvcOptions =>
{
mvcOptions.Filters.Add(new RequireHttpsAttribute());
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc();
}
}