kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign out the principal when it is rejected due to security stamp changes

Browse Source
This commit is contained in:
sbwalker 2024-09-26 15:53:14 -04:00
parent d468e675c2
commit df71dd14f7
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
View File

@ -169,6 +169,7 @@ namespace Microsoft.Extensions.DependencyInjection
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.LoginPath = "/login"; // overrides .NET Identity default of /Account/Login
options.Events.OnRedirectToLogin = context =>
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;

6
Oqtane.Server/Security/PrincipalValidator.cs
View File

@ -7,13 +7,15 @@ using Oqtane.Models;
using Oqtane.Extensions;
using Oqtane.Shared;
using Oqtane.Managers;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication;
namespace Oqtane.Security
{
public static class PrincipalValidator
{
public static Task ValidateAsync(CookieValidatePrincipalContext context)
public static async Task ValidateAsync(CookieValidatePrincipalContext context)
{
if (context != null && context.Principal.Identity.IsAuthenticated && context.Principal.Identity.Name != null)
{
@ -49,6 +51,7 @@ namespace Oqtane.Security
// remove principal (ie. log user out)
Log(_logger, alias, "Permissions Removed For User {Username} Accessing {Url}", context.Principal.Identity.Name, path);
context.RejectPrincipal();
await context.HttpContext.SignOutAsync(Constants.AuthenticationScheme);
}
}
else
@ -58,7 +61,6 @@ namespace Oqtane.Security
}
}
}
return Task.CompletedTask;
}
private static void Log (ILogManager logger, Alias alias, string message, string username, string path)