Asp.net core 多个&;子域';asp.net核心标识中的cookie
我有一个网页,在同一个应用程序中使用多个URL:Asp.net core 多个&;子域';asp.net核心标识中的cookie,asp.net-core,asp.net-core-mvc,asp.net-identity,Asp.net Core,Asp.net Core Mvc,Asp.net Identity,我有一个网页,在同一个应用程序中使用多个URL: app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = "mywebpage.com.au" });` 例如: *.MyWebPage.com.au *.YourWebPage.com.au app.UseCookieAuthentication(new Cooki
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
例如:
*.MyWebPage.com.au
*.YourWebPage.com.au
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
因此,它将在多个URL上使用子域。问题是我需要允许用户在其登录的url的所有子域上进行身份验证
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
例如,如果他们通过www.mywebpage.com.au登录,则需要将cookie设置为*.mywebpage.com.au;如果他们通过www.yourwebpage.com.au登录,则cookie应设置为*.yourwebpage.com.au
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
允许ASP.NET核心标识子域的大多数文档指向startup.cs(或startup.auth.cs)文件,并输入如下内容:`
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
这对我不起作用,因为我不想要一个固定的域,我只想让所有用户都可以访问他们登录的url的所有子域。显然,我可以通过请求在登录时获取他们的url,但此时我需要动态设置cookiedomain 有多少个主域?如果没有太多,可以添加几个CookieAuthenticationOptions。像这样:
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "mywebpage.com.au",
CookieDomain = "mywebpage.com.au",
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "yourwebpage.com.au",
CookieDomain = "yourwebpage.com.au",
});
如果主域太多,则需要编写自己的cookie提供程序 我开始时没有意识到身份和身份验证之间的区别。
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
因为我用的是身份
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
app.UseIdentity();
app.useCookie身份验证不是解决方案
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
我最终通过实现ICookieManager找到了解决方案
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
以下是我的解决方案:
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
在Startup.cs中:
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
}).AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
除了@michael的解决方案外:
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
:ICookie
是ICookie接口
之上的一个抽象层,用于保护httpcookie对象
数据
:ICookie管理器
是Cookie管理器
之上的抽象层。这在ICookie接口
通用支持方面扩展了Cookie行为,
。这是由Func
类实现的<代码>ICookie接口是此类的从属项DefaultCookieManager
:CookieManager的用法
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = "mywebpage.com.au" });`
- 在启动配置服务中添加
CookieManager
- 访问CookieManager API
- 源代码可以在git上找到
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
options.Domain= RemoveSubdomain(context.Request.Host.Host);
以前
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
ConcreteManager.DeleteCookie(context, key, options);
在
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
DeleteCoockie(..{..}
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
注销时别忘了给CookieManager.DeleteCoockie打电话
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
另外,如果你需要能够同时登录subdomain.example.com和example.com,你需要修改AppendResponseCookie(..{..}),否则你只能在这里得到TLD(.com/.ru等我不是绝对肯定;但是,对于这种情况,我几乎可以肯定的是,您必须从中派生或创建自己的cookie中间件。使用SaasKit允许多租户ASP.NET核心管道的想法对于任何实现htis的人来说都可能是一个可行的解决方案,您还需要处理deletecookie事件,添加选项。Domain=RemoveSubdomain(context.Request.Host.Host)
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`