fix(cookie): 修复第三方cookie认证无法重定向问题

1 year ago · 918cad0444
1 changed files with 15 additions and 9 deletions
--- a/aspnet-core/services/LY.MicroService.Applications.Single/Authentication/AbpCookieAuthenticationHandler.cs
+++ b/aspnet-core/services/LY.MicroService.Applications.Single/Authentication/AbpCookieAuthenticationHandler.cs
@ -1,6 +1,7 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.Options;
+using Microsoft.Net.Http.Headers;
 using System.Text.Encodings.Web;
 using Volo.Abp.Http;

@ -22,15 +23,18 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler
        ISystemClock clock) : base(options, logger, encoder, clock)
    {
    }
+
+    protected const string XRequestFromHeader = "X-Request-From";
+    protected const string DontRedirectRequestFromHeader = "vben";
    protected override Task InitializeEventsAsync()
    {
        var events = new CookieAuthenticationEvents
        {
            OnRedirectToLogin = ctx =>
            {
-                if (ctx.Request.CanAccept(MimeTypes.Application.Json))
+                if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal))
                {
-                    ctx.Response.Headers.Location = ctx.RedirectUri;
+                    // ctx.Response.Headers.Location = ctx.RedirectUri;
                    ctx.Response.StatusCode = 401;
                }
                else
@ -41,10 +45,10 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler
            },
            OnRedirectToAccessDenied = ctx =>
            {
-                if (ctx.Request.CanAccept(MimeTypes.Application.Json))
+                if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal))
                {
-                    ctx.Response.Headers.Location = ctx.RedirectUri;
-                    ctx.Response.StatusCode = 403;
+                    // ctx.Response.Headers.Location = ctx.RedirectUri;
+                    ctx.Response.StatusCode = 401;
                }
                else
                {
@ -54,9 +58,10 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler
            },
            OnRedirectToLogout = ctx =>
            {
-                if (ctx.Request.CanAccept(MimeTypes.Application.Json))
+                if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal))
                {
-                    ctx.Response.Headers.Location = ctx.RedirectUri;
+                    // ctx.Response.Headers.Location = ctx.RedirectUri;
+                    ctx.Response.StatusCode = 401;
                }
                else
                {
@ -66,9 +71,10 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler
            },
            OnRedirectToReturnUrl = ctx =>
            {
-                if (ctx.Request.CanAccept(MimeTypes.Application.Json))
+                if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal))
                {
-                    ctx.Response.Headers.Location = ctx.RedirectUri;
+                    // ctx.Response.Headers.Location = ctx.RedirectUri;
+                    ctx.Response.StatusCode = 401;
                }
                else
                {