New posture of asp.net core cross site login redirection

Time:2019-11-1

Preface

As a. Net programmer, one of the pains is that since the birth of asp.net until the latest asp.net core, cross site login redirection can not be realized directly (for example, visit https://q.cnblogs.com, jump to https://passport.cnblogs.com for login), and only jump to the current site.

Take asp.net core for exampleCookieAuthenticationOptions.LoginPathOnly the path can be specified, not the full URL containing the host name. Asp.net core will automatically add the host name of the current request when redirecting.


services.AddAuthentication()
.AddCookie(options =>
{
 options.LoginPath = "/account/signin";
});

The returnurl query parameter also contains only the path, not the complete URL.

In order to relieve the pain, the antidote we take in the asp.net era is either not using the login jump mechanism of asp.net, or through a special usercontroller.login action to make a second jump. In the asp.net core era, we changed to take the antidote of middleware, and made a jump in the special middleware (which is also troublesome).

After reading the source code of asp.net core authentication yesterday, we found a new antidote — modificationCookieAuthenticationEvents.OnRedirectToLoginDelegate to realize cross site login redirection.

Here is the new antidote making method.

Add the following configuration code to addcookie in startup.configureservices to redirect using the modified URL:


services.AddAuthentication()
.AddCookie(options =>
{
 var originRedirectToLogin = options.Events.OnRedirectToLogin;
 options.Events.OnRedirectToLogin = context =>
 {
  return originRedirectToLogin(RebuildRedirectUri(context));
 };
});

The implementation code of rebuildredirecturi is as follows:


private static RedirectContext<CookieAuthenticationOptions> RebuildRedirectUri(
 RedirectContext<CookieAuthenticationOptions> context)
{
 if (context.RedirectUri.StartsWith(ACCOUNT_SITE))
  return context;

 var originUri = new Uri(context.RedirectUri);
 var uriBuilder = new UriBuilder(ACCOUNT_SITE);
 uriBuilder.Path = originUri.AbsolutePath;
 var queryStrings = QueryHelpers.ParseQuery(originUri.Query);
 var returnUrlName = context.Options.ReturnUrlParameter;
 var returnUrl = originUri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped) + queryStrings[returnUrlName];
 uriBuilder.Query = QueryString.Create(returnUrlName, returnUrl).ToString();
 context.RedirectUri = uriBuilder.ToString();
 return context;
}

The above code is used to implement URL conversion. For details, see https://q.cnblogs.com/q/108087/

This long-standing pain is finally eliminated relatively gracefully based on the powerful expansion and configuration capabilities of asp.net core.

summary

The above is the whole content of this article. I hope that the content of this article has a certain reference learning value for everyone’s study or work. If you have any questions, you can leave a message and exchange. Thank you for your support for developepaar.