completed antiforgery implementation, improved external login claim mapping, principal construction, and user experience

Oqtane.Client/UI/SiteRouter.razor

@@ -84,19 +84,29 @@
 		var action = (!string.IsNullOrEmpty(route.Action)) ? route.Action : Constants.DefaultAction; 
 		var querystring = ParseQueryString(route.Query);
 
-		// reload the client application if there is a forced reload or the user navigated to a site with a different alias 
-		if (querystring.ContainsKey("reload") || (!route.AbsolutePath.Substring(1).ToLower().StartsWith(SiteState.Alias.Path.ToLower()) && !string.IsNullOrEmpty(SiteState.Alias.Path)))
+		// reload the client application from the server if there is a forced reload or the user navigated to a site with a different alias 
+		if (querystring.ContainsKey("reload") || (!NavigationManager.ToBaseRelativePath(_absoluteUri).ToLower().StartsWith(SiteState.Alias.Path.ToLower()) && !string.IsNullOrEmpty(SiteState.Alias.Path)))
 		{
-			NavigationManager.NavigateTo(_absoluteUri.Replace("?reload", ""), true);
-			return;
-		}
-		else
-		{
-			// the refresh parameter is used to refresh the PageState
-			if (querystring.ContainsKey("refresh"))
+			if (querystring["reload"] == "post")
 			{
-				refresh = UI.Refresh.Site;
+				// post back so that the cookies are set correctly - required on any change to the principal 
+				var interop = new Interop(JSRuntime);
+				var fields = new { returnurl = "/" + NavigationManager.ToBaseRelativePath(_absoluteUri) };
+				string url = Utilities.TenantUrl(SiteState.Alias, "/pages/external/");
+				await interop.SubmitForm(url, fields);
+				return;
 			}
+			else
+			{
+				NavigationManager.NavigateTo(_absoluteUri.Replace("?reload", ""), true);
+				return;				
+			}
+		}
+		
+		// the refresh parameter is used to refresh the client-side PageState
+		if (querystring.ContainsKey("refresh"))
+		{
+			refresh = UI.Refresh.Site;
 		}
 
 		if (PageState != null)