I have an Angular app with ASP.NET Core backend. I manage user accounts with Identity
. At fresh start, everything works fine, I can log in. Then I log out and want to log in once again. But this time, I get a 400 bad request code. The api path is correct (otherwise I couldn't log in the first time), as the login datas are. And on third try I can log in again. I think, it must be something with the tokens. I get this after a successful login:
And this after re-login:
In the Startup.cs
I have this (ConfigureServices
):
services.AddAntiforgery(options => { options.HeaderName = "X-XSRF-TOKEN"; });
And this (Configure
):
app.Use(nextDelegate => context =>
{
string path = context.Request.Path.Value;
string[] directUrls = { "/masterdata", "/production", "/forecast", "/planning", "/admin" };
if (path.StartsWith("/api") || string.Equals("/", path) || directUrls.Any(url => path.StartsWith(url)))
{
var tokens = antiforgery.GetAndStoreTokens(context);
context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions()
{
HttpOnly = false,
Secure = false,
IsEssential = true
});
}
return nextDelegate(context);
});
This are the involved methods in the AccountController.cs
:
private async Task<bool> DoLoginUser(LoginModel LoginUser)
{
AppUser User = await UserManager.FindByNameAsync(LoginUser.UserName);
if (User != null)
{
await SignInManager.SignOutAsync();
Microsoft.AspNetCore.Identity.SignInResult Result = await SignInManager.PasswordSignInAsync(User, LoginUser.Password, false, false);
return Result.Succeeded;
}
return false;
}
[AllowAnonymous]
[HttpPost("api/account/login")]
public async Task<IActionResult> LoginUser([FromBody] LoginModel LoginUser)
{
if (ModelState.IsValid && await DoLoginUser(LoginUser))
{
AppUser User = await UserManager.FindByNameAsync(LoginUser.UserName);
User.RoleName = UserManager.GetRolesAsync(User).Result.FirstOrDefault();
return Json(new
{
User.Id,
User.UserName,
User.RealName,
Email = "",
Password = "",
User.RoleName,
User.AppTheme
});
}
return Json(false);
}
[HttpPost("api/account/logout")]
public async Task<IActionResult> LogoutUser()
{
await SignInManager.SignOutAsync();
return Ok();
}
And on the client side:
login() {
this.authenticated = false;
return this.service.login(this.name, this.password).pipe(
map(response => {
if (response) {
this.authenticated = true;
this.password = null;
this.user = <User>response;
this.cookieService.set("userName", this.user.userName);
this.cookieService.set("userRealName", this.user.realName);
this.cookieService.set("userRoleName", this.user.roleName);
this.cookieService.set("userId", this.user.id.toString());
return this.user;
}
return this.authenticated;
}),
catchError(e => {
this.authenticated = false;
return of(false);
}));
}
logout() {
this.authenticated = false;
this.cookieService.deleteAll();
this.service.logout();
this.router.navigateByUrl("/");
}
Why is this?
Thanks.
question from:
https://stackoverflow.com/questions/65943723/cant-re-login-with-asp-net-core-identity 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…