我试图在.net core 2.2中的不同应用程序之间共享身份验证cookie。
下面的代码来自应用程序1(comportocertlogin.local)startup.cs:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"))
.SetApplicationName("SharedCookieApp");
//services.ConfigureApplicationCookie(options =>
//{
// options.Cookie.Name = ".AspNet.SharedCookie";
// options.Cookie.Domain = ".local";
//});
services.AddAuthentication(options =>
{
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(options =>
{
options.LoginPath = "/Login";
options.LogoutPath = "/Login";
options.Cookie.Name = ".AspNet.SharedCookie";
options.Cookie.Domain = ".local";
options.Cookie.Path = "/";
options.DataProtectionProvider =
DataProtectionProvider.Create(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"));
});
然后在应用程序1中,我有以下代码用于创建身份验证cookie和重定向到应用程序2
public async Task<IActionResult> OnPostAsync(int userId)
{
if (ModelState.IsValid)
{
//bool isValid = userId == 2; // TODO Validate the username and the password with your own logic
//if (!isValid)
//{
// ModelState.AddModelError("", "username or password is invalid");
// return Page();
//}
// Create the identity from the user info
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Name, userId.ToString()));
identity.AddClaim(new Claim("UserId", userId.ToString()));
// Authenticate using the identity
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { IsPersistent = false });
return Redirect("https://scomportoadmin.local/searchUserAccount");
}
return Page();
}
在应用程序2(scomportoadmin.local)startup.cs中,我有以下代码:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"))
.SetApplicationName("SharedCookieApp");
//services.ConfigureApplicationCookie(options =>
//{
// options.Cookie.Name = ".AspNet.SharedCookie";
// options.Cookie.Domain = ".local";
//});
services.AddAuthentication(options =>
{
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(options =>
{
options.LoginPath = "/login";
options.LogoutPath = "/login";
options.Cookie.Name = ".AspNet.SharedCookie";
options.Cookie.Domain = ".local";
options.Cookie.Path = "/";
options.DataProtectionProvider =
DataProtectionProvider.Create(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"));
});
services.AddMvc().AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizePage("/SearchUserAccount");
options.Conventions.AuthorizePage("/EditCreateUserAccount");
options.Conventions.AllowAnonymousToPage("/RegisterUserAccount");
}).
SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
有些东西丢失了,因为我无法访问应用程序2中的SearchUserAccount和EditCreateUserAccount页面。我在这里做错了什么?
在每个应用程序的.AddCookie
配置中,您将直接设置数据保护提供程序,而不使用共享应用程序名称。这甚至不是必需的,因为您已经在应用程序级别配置了共享数据保护提供程序,默认情况下将用于加密Cookie。
无论长短,只需删除你在两个应用程序上为cookie设置options.DataProtectionProvider
的行,你就应该好好去。