首页 文章

跨.net和Core上的子域的ASP.NET Identity Cookie

提问于
浏览
3

I have many application which is hosted on main domain and sub domains:

网站A,ASP.NET(.Net Core 2.0),网址为www.example.com

网站B,site.example.com上的ASP.NET Webform(4.7 .net Framework)

account.example.com上的网站C,ASP.NET身份(.Net Core 2.0)

网站D,file.example.com上的ASP.NET Webform(4.7 .net Framework)

我想在 account.example.com 上登录使用,经过身份验证的用户将重定向到其他网站 . 他们将通过其他网站上的角色进行授权 .

我正在尝试在这些网站之间共享cookie,并且所有网站都在 Azure Web App 上托管 .

我正在使用 ASP.NET Identity (.Net Core 2.0) . 我正在使用内置的cookie身份验证 .

如何在所有应用程序中使用Data Protection并在其中共享cookie .

对于数据保护,我的代码是:

services.AddDataProtection()
            .SetApplicationName("example")
            .PersistKeysToFileSystem(new DirectoryInfo(@"%HOME%\ASP.NET\DataProtection-Keys"))
            .SetDefaultKeyLifetime(TimeSpan.FromDays(14));

对于Cookie身份验证,我的代码是:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            CookieDomain = ".example.com"
        });
cookies asp.net-core webforms asp.net-identity data-protection

1 回答

  • 0

    关于.Net Core,如果你想在几个站点之间共享你的cookie,你可以尝试以下来初始化它而不是UseCookieAuthentication:

    services.AddAuthentication();
services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
    options.Cookie.Name = "CookieName";

    //options.Cookie.Domain = ".localhost";
    if (!CurrentEnvironment.IsDevelopment())
        options.Cookie.Domain = CommonConfig.CookieDomain; // ".mydomain.com"

    options.Cookie.HttpOnly = false;

    options.Cookie.Expiration = TimeSpan.FromDays(5 * 30);
    options.SlidingExpiration = true;
    options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;

    options.LoginPath = new PathString("/Account/Login"); 
    options.LogoutPath = new PathString("/Account/Logoff"); 
    options.AccessDeniedPath = new PathString("/Account/Login"); 


    var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(CommonConfig.PersistKeysStoreC));
    options.DataProtectionProvider = protectionProvider;

    // This adds claims data to the cookie...
    options.Events.OnSignedIn = async (context) =>
        {   
            System.Security.Claims.ClaimsIdentity identity = (System.Security.Claims.ClaimsIdentity)context.Principal.Identity;

            UserManager<AppUser> userManager = context.HttpContext.RequestServices.GetService<UserManager<AppUser>>();
            AppUser user = await userManager.GetUserAsync(context.Principal);
            identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, user.Id.ToString()));
            //identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Email, user.Email.ToString()));
            //identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, user.LastName));
            //identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.GivenName, user.FirstName));
        };
});

    当然,您需要为所有站点提供相同的ProtectionProvider路径 .

    回复于

相关问题