我在我的应用程序中使用asp.net identity 2.0进行身份验证(Owin中间件).会话劫持:当我登录身份创建AspNet.ApplicationCookie.然后,我复制了AspNet.ApplicationCookie值.然后我从应用程序注销.登出后,我手动创建cookie(AspNet.ApplicationCookie)并进行刷新它重定向我回家页.
权限提升:同时我以用户AI身份登录(AspNet.ApplicationCookie)登录了他的cookie并且我登出了.我以用户BI身份登录后正在编辑用户B Cookie并粘贴用户A cookie并保存.刷新浏览器后,我可以获得UserA访问和身份验证.
我正在清除所有会话并删除所有cookie当我退出.Even Asp.Net身份(Owin)每次都会生成新的AspNet.ApplicationCookie.但它仍然接受旧的cookie并给我一个访问权限.我不会知道为什么吗?任何人都可以告诉我如何在注销后使旧的AspNet.ApplicationCookie无效.这是我在Startup.Auth.cs中的代码
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
}
//这是注销码
public ActionResult LogOff ( )
{
//Delete all cookies while user log out
string[] myCookies = Request.Cookies.AllKeys;
foreach …我正在使用Web API 2.在web api控制器中,我使用了GetUserId使用Asp.net Identity生成用户ID的方法.
我必须为该控制器编写MS单元测试.如何从测试项目中访问用户ID?
我在下面附上了示例代码.
Web API控制器
public IHttpActionResult SavePlayerLoc(IEnumerable<int> playerLocations)
{
int userId = RequestContext.Principal.Identity.GetUserId<int>();
bool isSavePlayerLocSaved = sample.SavePlayerLoc(userId, playerLocations);
return Ok(isSavePlayerLocSaved );
}
Web API控制器测试类
[TestMethod()]
public void SavePlayerLocTests()
{
var context = new Mock<HttpContextBase>();
var mockIdentity = new Mock<IIdentity>();
context.SetupGet(x => x.User.Identity).Returns(mockIdentity.Object);
mockIdentity.Setup(x => x.Name).Returns("admin");
var controller = new TestApiController();
var actionResult = controller.SavePlayerLoc(GetLocationList());
var response = actionResult as OkNegotiatedContentResult<IEnumerable<bool>>;
Assert.IsNotNull(response);
}
我尝试使用上面的模拟方法.但它没有用.当我从测试方法调用到控制器时,如何生成Asp.net用户身份?