Search
Search

User access to login page after authentication

mohammad Published at Dev
86
mohammad :

I use identity for authentication in my application, but after authentication the user can access login and register page again!

Login method:


var claims = new List<Claim>()
            {
                new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
                new Claim(ClaimTypes.Name, user.Fullname),
            };
            var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
            var principal = new ClaimsPrincipal(identity);

            var properties = new AuthenticationProperties
            {
                IsPersistent = model.RememberMe
            };
            HttpContext.SignInAsync(principal, properties);

            ViewBag.IsSuccess = true;
            if (ReturnUrl != "/")
            {
                return Redirect(ReturnUrl);
            }

            return Redirect("/dashboard");

startup code:

services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

            }).AddCookie(options =>
            {
                options.LoginPath = "/login";
                options.LogoutPath = "/logout";
                options.ExpireTimeSpan = TimeSpan.FromMinutes(10080);

            });

note: I added app.UseAuthentication() to configure method

Chris Pratt :

And? Of course they can. There's no authentication/authorization policies for viewing those pages, so anyone can get to them, logged in or not. If you want to stop this, just add a check at the start of the action like:

if (User.Identity.IsAuthenticated())
    return RedirectToAction("Account");

If you like, you could create also create that as a request filter attribute and apply it to these actions that way. Either way, it's something you must explicitly disallow.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

how can I prevent user to go to login page after successful authentication?

Spring Security redirect to Login Page after successful authentication by giving access denied exception

How to redirect a user to any page they try to access after authentication (conditional redirect)?

access user google sheets after firebase authentication

Prevent user to access certain page if not login ionic

Prevent user to access login page if has logged in

How unauthorize access redirect user to login page

redirecting the user to the same page after login

After signup redirect user to login page

redirect user to a a page after he login

In Django, after login redirect the user to the previous page

How to access elements of page after login selenium?

Is there any way to change username field label in user authentication login page?

Access ExpireTimeSpan property of Owin Cookie Authentication to notify user of login expiry

Azure AD Authentication Return To Previous Page With Parameter After Login

Login and password script with each user having a custom page after login

Firebase Authentication: get user latest data after login

SAML authentication for HUE revoking admin access AFTER first login

Spring Security login issue when trying to access a url after authentication

Login User with Firebase Authentication

User login authentication

MAUI | Trying to access user information after user login

Rails 6, allow user to go to expected page after authentication

How to redirect the user back to the same page after authentication?

How to fetch user access token after authentication in Microsoft Teams Bot?

Laravel Passport: Unable to access user data and redirected to login page

How to prevent user to access login page in django when already logged in?

How to not give user access to the login page when they are already logged in?

Restrict access to login page if the user is already signin in React with JWT

TOP Ranking

  1. 1

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  2. 2

    pump.io port in URL

  3. 3

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  4. 4

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  5. 5

    How to use HttpClient with ANY ssl cert, no matter how "bad" it is

  6. 6

    Modbus Python Schneider PM5300

  7. 7

    What is the exact difference between “ use_all_dns_ips” and "resolve_canonical_bootstrap_servers_only” in client.dns.lookup options?

  8. 8

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  9. 9

    BigQuery - concatenate ignoring NULL

  10. 10

    split column by delimiter and deleting expanded column

  11. 11

    Unable to use switch toggle for dark mode in material-ui

  12. 12

    Soundcloud API Authentication | NodeWebkit, redirect uri and local file system

  13. 13

    Apache rewrite or susbstitute rule for bugzilla HTTP 301 redirect

  14. 14

    Is there an option for a Simulink Scope to display the layout in single column?

  15. 15

    UWP access denied

  16. 16

    Center buttons and brand in Bootstrap

  17. 17

    express js can't redirect user

  18. 18

    Make a B+ Tree concurrent thread safe

  19. 19

    Printing Int array and String array in one

  20. 20

    Google Chrome Translate Page Does Not Work

  21. 21

    Elasticsearch - How to match number range in string

HotTag

Archive