.net - Blazor: external callback is logging a different user - Stack Overflow

admin管理员组

文章数量:1419202

I have a normal Blazor app, with the default boilerplate user/password authentication from MS. I have 2 users, root and test.

I logged in with root and clicked remember me. Then I logout and log in again with free, and initiated a payment process. The flow navigates to an outside page (different domain), and then calling a callback on succes back to may app/domain.

The problem is that now, I am logged in as root instead of free.

Is there a way to fix/prevent this?

I have a normal Blazor app, with the default boilerplate user/password authentication from MS. I have 2 users, root and test.

I logged in with root and clicked remember me. Then I logout and log in again with free, and initiated a payment process. The flow navigates to an outside page (different domain), and then calling a callback on succes back to may app/domain.

The problem is that now, I am logged in as root instead of free.

Is there a way to fix/prevent this?

• asp-core
• cookies
• blazor

Share Improve this question Follow edited Jan 30 at 7:50 Tiny Wang 16.5k22 gold badges1818 silver badges3838 bronze badges asked Jan 29 at 13:53 AndreiMAndreiM 88611 gold badge1111 silver badges2020 bronze badges 1

• We can't guess what your application is doing, how authentication was configured or how the web app uses that unspecified external service. If the web app uses authentication cookies, and the payment gateway redirects to your site, the user's cookies would still be there. We can't guess how you determined that root is now the user. Did you use AuthenticationStateProvider ? Used AuthorizeView to display the name? – Panagiotis Kanavos Commented Jan 29 at 14:16

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

I had a test with a .Net 6 blazor server application and an 6 MVC application. You mentioned with the default boilerplate user/password authentication from MS so that the blazor server app I created via VS chose "Microsoft identity platfor" as the authentication type.

My test uses codes below. The blazor app will redirect to my MVC app, and in my MVC controller action it will return Redirect("https://localhost:7100/"); to mock the payment callback.

@page "/"
@inject IJSRuntime jsRuntime
@inject NavigationManager NavManager

<PageTitle>Index</PageTitle>
<h1>Hello, world!</h1>
Welcome to your new app.
<SurveyPrompt Title="How is Blazor working for you?" />
<button onclick="@direct">direct with NavigationManager to external site</button>
<button onclick="@direct2">direct with js invoke to external site</button>

@code{
    public void direct()
    {
        NavManager.NavigateTo("https://localhost:7037/home/DynamicContent");
    }
    public async Task direct2()
    {
        await jsRuntime.InvokeAsync<object>("open", "https://localhost:7037/home/DynamicContent", "_blank");
    }
}

Everything worked well, I signed in with my account and choose Stay signed in,

then I click sign out button in my site, it will redirect to Microsoft Identity platform sign out page and guide me to choose my account to sign out, and it will finally redirct to /MicrosoftIdentity/Account/SignedOut. Then I go back to my blazor site and click to navigate to MVC page, it can still redirct back without any signed-in account.

We could deduce that the issue might relate to the persistent authentication cookies stored in the browser when using the "Remember Me" option. And if we used official Microsoft Identity SDK, I trust it will help handle the cookie automatically. If you are working on OpenIdConnect + Azure AD configuration, I'm afraid you need to deal with the cookie manually, and you might need codes similart to

await SignInManager.SignOutAsync();
HttpContext.Response.Cookies.Delete(".AspNetCore.Identity.Application"); 

本文标签： netBlazor external callback is logging a different userStack Overflow