在站点之间共享身份验证cookie

问题描述 投票:0回答:1

我试图在.net core 2.2中的不同应用程序之间共享身份验证cookie。

下面的代码来自应用程序1(comportocertlogin.local)startup.cs:

// This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });


        services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"))
            .SetApplicationName("SharedCookieApp");

        //services.ConfigureApplicationCookie(options =>
        //{
        //    options.Cookie.Name = ".AspNet.SharedCookie";
        //    options.Cookie.Domain = ".local";
        //});

        services.AddAuthentication(options =>
        {
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        }).AddCookie(options =>
        {
            options.LoginPath = "/Login";
            options.LogoutPath = "/Login";
            options.Cookie.Name = ".AspNet.SharedCookie";
            options.Cookie.Domain = ".local";
            options.Cookie.Path = "/";
            options.DataProtectionProvider =
                DataProtectionProvider.Create(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"));
        });

然后在应用程序1中,我有以下代码用于创建身份验证cookie和重定向到应用程序2

public async Task<IActionResult> OnPostAsync(int userId)
    {
        if (ModelState.IsValid)
        {
            //bool isValid = userId == 2; // TODO Validate the username and the password with your own logic

            //if (!isValid)
            //{
            //    ModelState.AddModelError("", "username or password is invalid");
            //    return Page();
            //}

            // Create the identity from the user info
            var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId.ToString()));
            identity.AddClaim(new Claim(ClaimTypes.Name, userId.ToString()));
            identity.AddClaim(new Claim("UserId", userId.ToString()));

            // Authenticate using the identity
            var principal = new ClaimsPrincipal(identity);
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { IsPersistent = false });

            return Redirect("https://scomportoadmin.local/searchUserAccount");
        }

        return Page();
    }

在应用程序2(scomportoadmin.local)startup.cs中,我有以下代码:

        public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });



        services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"))
            .SetApplicationName("SharedCookieApp");

        //services.ConfigureApplicationCookie(options =>
        //{
        //    options.Cookie.Name = ".AspNet.SharedCookie";
        //    options.Cookie.Domain = ".local";
        //});

        services.AddAuthentication(options =>
        {
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        }).AddCookie(options =>
        {
            options.LoginPath = "/login";
            options.LogoutPath = "/login";
            options.Cookie.Name = ".AspNet.SharedCookie";
            options.Cookie.Domain = ".local";
            options.Cookie.Path = "/";
            options.DataProtectionProvider =
                DataProtectionProvider.Create(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"));

        });
   services.AddMvc().AddRazorPagesOptions(options =>
        {
            options.Conventions.AuthorizePage("/SearchUserAccount");
            options.Conventions.AuthorizePage("/EditCreateUserAccount");
            options.Conventions.AllowAnonymousToPage("/RegisterUserAccount");
        }).
        SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

有些东西丢失了,因为我无法访问应用程序2中的SearchUserAccount和EditCreateUserAccount页面。我在这里做错了什么?

.net authentication cookies asp.net-core-2.2
1个回答
0
投票

在每个应用程序的.AddCookie配置中,您将直接设置数据保护提供程序,而不使用共享应用程序名称。这甚至不是必需的,因为您已经在应用程序级别配置了共享数据保护提供程序,默认情况下将用于加密Cookie。

无论长短,只需删除你在两个应用程序上为cookie设置options.DataProtectionProvider的行,你就应该好好去。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.