All geek questions in one place

Owin: OnApplyRedirect is called multiple times and creates an invalid RedirectUri

I use CookieAuthentication in my application with owin and set the redirect URL to OnApplyRedirectas the following code:

 app.UseCookieAuthentication(new CookieAuthenticationOptions
 {
     ExpireTimeSpan = TimeSpan.FromDays(30),
     AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
     LoginPath = new PathString("/account/sign-in"),
     //LogoutPath = new PathString("/account/log-out"),
     ReturnUrlParameter = "returnTo",
     CookieName = "BIR",
     Provider = new CookieAuthenticationProvider()
     {
         OnValidateIdentity = SmObjectFactory.Container.GetInstance<IAppUserManager>().OnValidateIdentity(),
         OnApplyRedirect = c =>
         {
             if (!c.Request.IsAjaxCall())
             {
                 c.Response.Redirect(c.RedirectUri);
             }
         }
     }
 });

my problem is the value c.RedirectUri, I set a breakpoint and track my code after that. I understand what OnApplyRedirect is called server time .

The first call RedirectUrihas:

http://localhost:7537/account/sign-in?returnTo=%2Fadmin-panel

The second call RedirectUrihas:

http://localhost:7537/account/sign-in?returnTo=%2Faccount%2Fsign-in%3FreturnTo%3D%252Fadmin-panel

And further...

In pre call old url add new url. I try to solve this problem, search and research on another and current site, but I can not find the answer, why does it OnApplyRedirectcall several times? Configurationin class Startup.csCalled only once. other details:

  • Owin: 3.1.0
  • ASP.NET MVC: 5.x

  • Visual Studio: 2017 (15.2)

    gist

+4
1

auth into, , [AllowAnonymous] SignIn OWIN.

, , , , , .

, , , .

[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
    [Route("sign-in")]        
    public ActionResult Signin(string returnTo) {            
        ViewBag.ReturnTo = returnTo;
        return View(new LoginViewModel { RememberMe = true });
    }    

    [Route("admin-panel")]
    public Action AdminPanel() {
        return View();
    }
}

, [AllowAnonymous], , [Authorize]

[Authorize]
[RoutePrefix("account")]
public class AccountController : Controller {
    [AllowAnonymous]
    [Route("sign-in")]        
    public ActionResult Signin(string returnTo) {            
        ViewBag.ReturnTo= returnTo;
        return View(new LoginViewModel { RememberMe = true });
    }

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    [Route("sign-in")]   
    public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
        //...
    }

    [Route("admin-panel")]
    public Action AdminPanel() {
        return View();
    }
}

, [Authorize].

[Authorize]
public class AccountController : Controller {
    [Route("account/admin-panel")]
    public Action AdminPanel() {
        return View();
    }
}

public class AuthenticationController : Controller {
    [Route("account/sign-in")]        
    public ActionResult Signin(string returnTo) {            
        ViewBag.ReturnTo= returnTo;
        return View(new LoginViewModel { RememberMe = true });
    }

    [HttpPost]
    [ValidateAntiForgeryToken]
    [Route("account/sign-in")]   
    public async Task<ActionResult> Signin(LoginViewModel model, string returnTo) {
        //...
    }
}
+2

Source: https://habr.com/ru/post/1683004/

More articles:


All Articles