重新定义它。
我有一个 asp.net 核心 (api) 解决方案 a.sln,它有 accountcontroller.cs,它允许用户登录到应用程序。这是具有 Login 方法的 AccountController.cs 代码。
/// <summary>
/// Handle postback from username/password login
/// </summary>
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginInputModel model, string button)
{
if (button != "login")
{
var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
if (context != null)
{
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
return Redirect(model.ReturnUrl);
}
else
{
return Redirect("~/");
}
}
if (ModelState.IsValid)
{
var user = await _userManager.FindByNameOrEmailAsync(model.Username);
if (user != null)
{
if (await _userManager.CheckPasswordAsync(user, model.Password) && !await _userManager.IsEmailConfirmedAsync(user))
{
ModelState.AddModelError("", Messages.UserEmailUnverified(_httpContextAccessor));
}
else if (await _userManager.CheckPasswordAsync(user, model.Password) && !(await _userManager.IsLockedOutAsync(user)))
{
var userRoles = await _userManager.GetRolesAsync(user);
var userClaims = userRoles.Select(x => new Claim(ClaimTypes.Role, x)).ToList();
await _events.RaiseAsync(
new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName));
var rememberMe = _accountOptions.AllowRememberLogin && model.RememberLogin;
var props = new AuthenticationProperties()
{
IsPersistent = rememberMe,
ExpiresUtc = DateTimeOffset.UtcNow.Add(rememberMe ? TimeSpan.FromDays(_accountOptions.RememberMeLoginDurationDays)
: TimeSpan.FromMinutes(_accountOptions.StandardLoginDurationMinutes))
};
userClaims.Add(new Claim("remember_me", model.RememberLogin.ToString()));
var appIdentity = new ClaimsIdentity(userClaims, CookieAuthenticationDefaults.AuthenticationScheme);
HttpContext.User.AddIdentity(appIdentity);
await HttpContext.SignInAsync(user.Id, user.UserName, props, userClaims.ToArray());
//after successful login reset lockout count
await _userManager.ResetAccessFailedCountAsync(user);
bool isAllowedUrl = !_middlewareConf.ClientRedirectUrls.Where(urlToCheck => model.ReturnUrl.Contains(urlToCheck)).IsNullOrEmpty();
if (_interaction.IsValidReturnUrl(model.ReturnUrl) || isAllowedUrl)
{
return Redirect(model.ReturnUrl);
}
return Redirect(_loginConfiguration.DefaultRedirectUrl);
}
else
{
var error = await _accountManager.HandleLockout(user);
ModelState.AddModelError("", error);
}
}
else
{
await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, $"Invalid credentials."));
ModelState.AddModelError("", _accountOptions.InvalidCredentialsErrorMessage);
}
}
var vm = await _account.BuildLoginViewModelAsync(model);
return View(vm);
}
在上面的登录方法中,我们明确添加了声明“remember_me”。
成功登录后,我被定向到另一个 asp.net 核心解决方案,在 start.cs 上我试图找到相同的声明。这是 start.cs 的代码。
public void Configuration(IAppBuilder app)
{
var idConfig = IdentityConfiguration.Configuration;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseKentorOwinCookieSaver();
//tell app to use Cookies as the default
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
// Use cookie authentication
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "Cookies",
ExpireTimeSpan = TimeSpan.FromMinutes(idConfig.CookieExpiresMinutes ?? 60),
SlidingExpiration = idConfig.CookieSlidingExpiration ?? false,
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = signInContext =>
{
var rememberMeClaim = signInContext.Identity.Claims.FirstOrDefault(c => c.Type == "remember_me");
if (bool.TryParse(rememberMeClaim?.Value, out var rememberMe))
{
if (rememberMe && idConfig.RememberCookieExpiresDays.HasValue)
{
signInContext.CookieOptions.Expires = DateTime.Now.AddDays(idConfig.RememberCookieExpiresDays.Value);
}
}
}
}
});
}
但是在上面的代码中,我找不到相同的声明“remember_me”。
我错过了什么吗?