因此,当未登录的用户尝试访问带有[Authorize]的Razor页面时,我的应用程序将退出,代码为-1,073,741,571…
我使用的是ASP.NET Core 5.0 RC1
这是完整的日志
这是我认为它发生的地方:
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/login");
options.LogoutPath = new PathString("/logout");
options.AccessDeniedPath = new PathString("/login");
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
});
以下是使用的帮助程序:
public static class RoutingHelpers
{
private const string ApiRoutePrefix = "/api";
private static bool IsApiRequest(this HttpContext context)
{
if (context.Request.Path.StartsWithSegments(ApiRoutePrefix))
{
return true;
}
// Check if this is an ApiController
var endpoint = context.GetEndpoint();
return endpoint != null && endpoint.Metadata.Any(o => o is ApiControllerAttribute);
}
public static Func<RedirectContext<CookieAuthenticationOptions>, Task> HandleApiRequest(int statusCode, Func<RedirectContext<CookieAuthenticationOptions>, Task> original)
{
return redirectContext =>
{
if (!redirectContext.HttpContext.IsApiRequest())
return original(redirectContext);
redirectContext.Response.StatusCode = statusCode;
return Task.CompletedTask;
};
}
}
一般来说,此代码的目标是将[Authorize]d API请求重定向到[Authorize]d Razor Pages之外的其他位置,以避免API响应只是登录页面的整个HTML代码。
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
应该是
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.OnRedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.OnRedirectToLogin);
我想会在2天内将其标记为已解决