注销后对多个浏览器选项卡进行 Blazor WASM 独立项目重新身份验证
我已经在我们的 blazor WASM 项目上使用 JWT auth 实现了授权。一切顺利 - 登录和注销...直到
场景: 我注意到,如果我复制“已登录(经过身份验证的身份用户)选项卡”,现在会打开两个有效的授权用户选项卡。在第一个选项卡中,我注销:我被重定向到登录页面,存储的令牌消失了,一切似乎都正常 - 但是当我转到第二个选项卡并单击转到新页面(在选项卡内)时,我我能够这样做。当我调试并检查身份验证状态时..它仍然具有经过验证的身份用户!
预期结果: 当我在第一个经过身份验证的选项卡中注销时,我希望第二个选项卡的身份验证状态也被取消身份验证。
错误消息:
目前没有
我尝试过的内容:
我四处寻找有人为 Blazor WASM 独立应用程序解决相同的问题。我确实看过这个人的视频,他在视频中描述了大多数人通过直接注入而不是使用级联参数来错误地使用 AuthenticationStateProvider。他实际上演示了我遇到的确切问题 - 但随后继续使用 Balzor Server 类库解决它(使用 RevalidateServerAuthenticationStateProvider 以及 ValidateAuthenticationStateAsync 函数上的一些自定义代码)!不是 WASM 解决方案!他的视频链接:https://www .youtube.com/watch?v=42O7rECc87o&list=WL&index=37&t=952s - 13:23 他演示了我试图描述的问题。
我的注销序列的代码:
首先 - 当您单击注销按钮时 - 我重定向到注销页面。我们将从这里开始:
Logout.Razor.cs
[CascadingParameter]
public Task<AuthenticationState> AuthenticationStateTask { get; set; }
protected override async Task OnInitializedAsync()
{
await AuthService.Logout();
var authState = await AuthenticationStateTask;
var user = authState.User;
if (!user.Identity.IsAuthenticated)
{
NavManager.NavigateTo("/");
}
}
您可以看到您正在等待 AuthService 将您注销。
AuthService.cs
private readonly AuthenticationStateProvider _authStateProvider;
public async Task Logout()
{
await _localStorage.RemoveItemAsync("authToken");
await ((CustomAuthStateProvider)_authStateProvider).NotifyUserLogout();
_client.DefaultRequestHeaders.Authorization = null;
}
然后您正在等待 CustomAuthStateProvider:AuthenticationStateProdiver 通知状态已更改。
CustomAuthStateProvider.cs
_anonymous = new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
public async Task NotifyUserLogout()
{
var authState = Task.FromResult(_anonymous);
NotifyAuthenticationStateChanged(authState);
}
此时,在活动页面中,我们已注销并重定向到登录页面。 我希望有一些针对我缺少的 authstate 的浏览器会话选项,或者有一些在 WASM 项目上处理这种情况的微软文档 - 但我的花生大脑似乎无法找到它。
其他信息:我纯粹只是使用 AuthenticationStateProdiver 进行自定义登录。 我没有使用 OidcAuthentication 或 MsalAuthentication 服务。 这是一个独立的 WASM 应用程序,具有完全解耦的 API。所有 .net6 都生活在 azure 上。
期待看看其他人是否也遇到这个问题!
商业议员、
议员
I have implemented authorization with JWT auth on our blazor WASM project. All was well - logging in and logging out...until
Scenario:
I noticed that if I duplicated my 'logged in (authenticated identity user) tab', now having two valid authorized user tabs open. In the first tab I log out: I am re-directed to the login page, the stored token is gone, everything seems ok - but when I go to the second tab and click to go to a new page(within the tab) I am able to do so. When I debug and check the auth state.. it still has the validated identity user!
Expected Results:
When I logout in the first autenticated tab, I expect the auth state of the second tab to also be deauthenticated.
Error Messages:
Currently none
What I have tried:
I searched around for someone solving the same thing for Blazor WASM standalone apps. I did come across this guy's video where he describes most people are using the AuthenticationStateProvider wrong by injecting it directly instead of using a cascading parameter. He actually then demonstates the exact issue I am having - but then proceeds to solve it with a Balzor Server class library(using RevalidateServerAuthenticationStateProvider with some custom code on the ValidateAuthenticationStateAsync function)! Not a WASM solution! Link to his video: https://www.youtube.com/watch?v=42O7rECc87o&list=WL&index=37&t=952s - 13:23 he demonstrates the issue I have attempted to depict.
Code of my logout sequence:
To start - when you click the logout button - I redirect to a logout page. We will start here:
Logout.Razor.cs
[CascadingParameter]
public Task<AuthenticationState> AuthenticationStateTask { get; set; }
protected override async Task OnInitializedAsync()
{
await AuthService.Logout();
var authState = await AuthenticationStateTask;
var user = authState.User;
if (!user.Identity.IsAuthenticated)
{
NavManager.NavigateTo("/");
}
}
You can see you then are waiting for the AuthService to log you out.
AuthService.cs
private readonly AuthenticationStateProvider _authStateProvider;
public async Task Logout()
{
await _localStorage.RemoveItemAsync("authToken");
await ((CustomAuthStateProvider)_authStateProvider).NotifyUserLogout();
_client.DefaultRequestHeaders.Authorization = null;
}
Then you are waiting on the CustomAuthStateProvider:AuthenticationStateProdiver to notify that the state has changed.
CustomAuthStateProvider.cs
_anonymous = new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
public async Task NotifyUserLogout()
{
var authState = Task.FromResult(_anonymous);
NotifyAuthenticationStateChanged(authState);
}
At this point in the active page we are logged out and redirected to the login page.
I was hoping there is some browser session option for the authstate I am missing or there is some microsoft documentation of handling this situation on WASM projects - but my peanut brain can't seem to find it.
Additional Information: I am purely only using the AuthenticationStateProdiver for a custom login.
I am not using OidcAuthentication or MsalAuthentication services.
This is a standlone WASM app with a completely decoupled API. All .net6 living on azure.
Looking forward to see if anyone else has this issue!
BR,
MP
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论