Asp.net core 在线发布应用程序时,将忽略Aspnet核心身份验证cookie
我需要我的应用程序设置一个cookie,这样用户就不能每次登录。我决定吃365天饼干。cookie似乎只在localhost中工作,而在我在线发布应用程序时不起作用。我已经用Chrome检查过了,cookie在这两种情况下都设置正确。cookie的名称为“.AspNetCore.Identity.Application”,在本地主机和在线服务器上都设置为一年后过期。即使会话结束或应用程序关闭,cookie仍然存在,但在localhost中,我仍然保持登录状态,而不是在线 这是我的启动代码:Asp.net core 在线发布应用程序时,将忽略Aspnet核心身份验证cookie,asp.net-core,authentication,cookies,Asp.net Core,Authentication,Cookies,我需要我的应用程序设置一个cookie,这样用户就不能每次登录。我决定吃365天饼干。cookie似乎只在localhost中工作,而在我在线发布应用程序时不起作用。我已经用Chrome检查过了,cookie在这两种情况下都设置正确。cookie的名称为“.AspNetCore.Identity.Application”,在本地主机和在线服务器上都设置为一年后过期。即使会话结束或应用程序关闭,cookie仍然存在,但在localhost中,我仍然保持登录状态,而不是在线 这是我的启动代码: pu
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddDbContext<ForumDbContext>(options =>
options.UseSqlServer(Configuration["ConnectionString"]));
services.AddIdentity<User, IdentityRole>(opts => {
opts.Password.RequireDigit = false;
opts.Password.RequiredLength = 7;
opts.Password.RequireLowercase = false;
opts.Password.RequireUppercase = false;
opts.Password.RequireNonAlphanumeric = false;
opts.SignIn.RequireConfirmedEmail = true;
}).AddDefaultTokenProviders().AddEntityFrameworkStores<ForumDbContext>();
services.ConfigureApplicationCookie(opts =>
{
opts.ExpireTimeSpan = TimeSpan.FromDays(365);
}) ;
services.AddAuthentication().AddCookie(options => {
options.LoginPath = "/account/login";
options.ExpireTimeSpan = TimeSpan.FromDays(365);
}) ;
services.AddSession(opt => opt.IdleTimeout = TimeSpan.FromMinutes(100));
services.AddSingleton<PathProvider>();
services.AddSingleton<BlackList>();
services.AddSingleton<HttpContextAccessor>(); //for the ISession
services.AddScoped<UserSession>(sp => UserSession.CreateInstanceByService(sp));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
var ci = new CultureInfo("it-IT");
ci.NumberFormat.NumberDecimalSeparator = ",";
ci.NumberFormat.CurrencyDecimalSeparator = ",";
ci.NumberFormat.CurrencySymbol = "€";
// Configure the Localization middleware
app.UseRequestLocalization(new RequestLocalizationOptions
{
DefaultRequestCulture = new RequestCulture(ci),
SupportedCultures = new List<CultureInfo>
{
ci
},
SupportedUICultures = new List<CultureInfo>
{
ci
}
});
app.UseSession();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
//Seeding the database
using (IServiceScope serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
{
var dbContext = serviceScope.ServiceProvider.GetService<ForumDbContext>();
var roleManager = serviceScope.ServiceProvider.GetService<RoleManager<IdentityRole>>();
var userManager = serviceScope.ServiceProvider.GetService<UserManager<User>>();
DbSeeder.Seed(Configuration, dbContext, roleManager, userManager);
}
}
}
看起来您并没有配置数据保护密钥存储,您通常需要在生产中为它们配置适当的持久化存储,以便现有cookie不会在新部署时失效,并被服务器场的所有服务器接受(如果在服务器场上运行)。文档:我正在共享主机上运行我的应用程序。但你的评论似乎与我无关。如果cookie存储在浏览器缓存中,如果重新生成了数据保护密钥(或每个实例都在内存中),现有cookie将不再被接受。我应该对代码进行哪些修改,以便在线接受cookie?我遇到了同样的问题,此答案帮助了我:
await signinManager.PasswordSignInAsync(user, loginModel.Password, true, false)