每次更改并重新编译 blazor 代码后,如何停止 cookie 失效?
How to stop the cookie invalidation after each time a blazor piece of code is changed and recompiled?
我正在使用托管的 Blazor WebAssembly 项目模板,在将 cookie 设置为主要身份验证方法(也适用于 API)之后,一切都很好,很花哨,直到我更改一行代码(前端或后端-结束),自动编译开始,网页重新加载(感谢“开始不调试”),但是这次auth cookie似乎无效,我似乎不再登录了。
有没有办法阻止这种行为?或者阻止 cookie 身份验证在不同编译之间更改的方法?
以下是我的 CookieAuthenticationEvents implementations/overrides:
public class CookieAuth : CookieAuthenticationEvents
{
readonly IUserService UserRepository;
public CookieAuth(IUserService userRepository)
{
UserRepository = userRepository;
}
public override Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
public override Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
public override async Task ValidatePrincipal(CookieValidatePrincipalContext context)
{
var userPrincipal = context.Principal;
var userId = (from c in userPrincipal.Claims
where c.Type == ClaimTypes.NameIdentifier
select c.Value).FirstOrDefault();
var isTeacherAndBlocked = await UserRepository.IsTeacherAndIsBlocked(userId);
if (isTeacherAndBlocked)
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return;
}
var lastChanged = (from c in userPrincipal.Claims
where c.Type == "LastChanged"
select c.Value).FirstOrDefault();
if (!DateTime.TryParse(lastChanged, out DateTime lastChangedDate))
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return;
}
if (!await UserRepository.ValidateLastChanged(lastChanged, userId))
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
}
}
同时UserRepository.ValidateLastChanged(...)检查获取的日期字符串是否与数据库中的匹配(这是一种确定用户是否更改密码然后从另一台设备转到旧会话的方法,在这种情况下我希望那种会话无效)
然后是通常的 Startup.cs cookie 配置:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Name = "wtf";
options.EventsType = typeof(CookieAuth);
options.SlidingExpiration = true;
});
没关系,弄清楚这是日期作为字符串之间的比较问题,只是不要这样做,用刻度。 :D
我正在使用托管的 Blazor WebAssembly 项目模板,在将 cookie 设置为主要身份验证方法(也适用于 API)之后,一切都很好,很花哨,直到我更改一行代码(前端或后端-结束),自动编译开始,网页重新加载(感谢“开始不调试”),但是这次auth cookie似乎无效,我似乎不再登录了。
有没有办法阻止这种行为?或者阻止 cookie 身份验证在不同编译之间更改的方法?
以下是我的 CookieAuthenticationEvents implementations/overrides:
public class CookieAuth : CookieAuthenticationEvents
{
readonly IUserService UserRepository;
public CookieAuth(IUserService userRepository)
{
UserRepository = userRepository;
}
public override Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
public override Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
public override async Task ValidatePrincipal(CookieValidatePrincipalContext context)
{
var userPrincipal = context.Principal;
var userId = (from c in userPrincipal.Claims
where c.Type == ClaimTypes.NameIdentifier
select c.Value).FirstOrDefault();
var isTeacherAndBlocked = await UserRepository.IsTeacherAndIsBlocked(userId);
if (isTeacherAndBlocked)
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return;
}
var lastChanged = (from c in userPrincipal.Claims
where c.Type == "LastChanged"
select c.Value).FirstOrDefault();
if (!DateTime.TryParse(lastChanged, out DateTime lastChangedDate))
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return;
}
if (!await UserRepository.ValidateLastChanged(lastChanged, userId))
{
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
}
}
同时UserRepository.ValidateLastChanged(...)检查获取的日期字符串是否与数据库中的匹配(这是一种确定用户是否更改密码然后从另一台设备转到旧会话的方法,在这种情况下我希望那种会话无效)
然后是通常的 Startup.cs cookie 配置:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Name = "wtf";
options.EventsType = typeof(CookieAuth);
options.SlidingExpiration = true;
});
没关系,弄清楚这是日期作为字符串之间的比较问题,只是不要这样做,用刻度。 :D