Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/asp.net-mvc-3/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Authentication Cors集COOKIE头_Authentication_Cross Domain_Setcookie_Samesite - Fatal编程技术网
Fatal编程技术网

Authentication Cors集COOKIE头

authentication

Authentication Cors集COOKIE头,authentication,cross-domain,setcookie,samesite,Authentication,Cross Domain,Setcookie,Samesite,由Daniel W.回答 My mistake was that I was calling a HTTP server endpoint instead of it's HTTPS version. 其他问题都涉及到同一个主题,但这个问题在所有尝试之后都没有得到解决 我的问题: Set-Cookie: .AspNetCore.Cookies=SomeCookieHere; expires=Sun, 10 Sep 2022 14:12:52 GMT; path=/; secure; s

由Daniel W.回答

My mistake was that I was calling a HTTP server endpoint instead of it's HTTPS version.
其他问题都涉及到同一个主题,但这个问题在所有尝试之后都没有得到解决

我的问题:

    Set-Cookie: .AspNetCore.Cookies=SomeCookieHere; expires=Sun, 10 Sep 2022 14:12:52 GMT; path=/; secure; samesite=none; httponly

    $.post({
        xhrFields: {
            withCredentials: true
        },
        crossDomain: true,
        type: 'POST',
        url: 'http://localhost:8000/home/login', 
        data: {"userName":"userName","password":"password"},
        contentType: "application/x-www-form-urlencoded",
        dataType: "text/html",
        success: function(data) {}
    });

    authBuilder.AddCookie(options =>
    {
        options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.LoginPath = new PathString("/");
    })
我无法从第二个JS客户端登录:

  • https://localhost:4433 工作正常(SET-COOKIE头存在且COOKIE已设置)
  • https://localhost 不工作(存在SET-COOKIE标头,但未设置COOKIE)
登录端点:

    Set-Cookie: .AspNetCore.Cookies=SomeCookieHere; expires=Sun, 10 Sep 2022 14:12:52 GMT; path=/; secure; samesite=none; httponly

    $.post({
        xhrFields: {
            withCredentials: true
        },
        crossDomain: true,
        type: 'POST',
        url: 'http://localhost:8000/home/login', 
        data: {"userName":"userName","password":"password"},
        contentType: "application/x-www-form-urlencoded",
        dataType: "text/html",
        success: function(data) {}
    });

    authBuilder.AddCookie(options =>
    {
        options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.LoginPath = new PathString("/");
    })
http://localhost:8000/home/login

响应标题:

    Set-Cookie: .AspNetCore.Cookies=SomeCookieHere; expires=Sun, 10 Sep 2022 14:12:52 GMT; path=/; secure; samesite=none; httponly

    $.post({
        xhrFields: {
            withCredentials: true
        },
        crossDomain: true,
        type: 'POST',
        url: 'http://localhost:8000/home/login', 
        data: {"userName":"userName","password":"password"},
        contentType: "application/x-www-form-urlencoded",
        dataType: "text/html",
        success: function(data) {}
    });

    authBuilder.AddCookie(options =>
    {
        options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.LoginPath = new PathString("/");
    })
JavaScript:

    Set-Cookie: .AspNetCore.Cookies=SomeCookieHere; expires=Sun, 10 Sep 2022 14:12:52 GMT; path=/; secure; samesite=none; httponly

    $.post({
        xhrFields: {
            withCredentials: true
        },
        crossDomain: true,
        type: 'POST',
        url: 'http://localhost:8000/home/login', 
        data: {"userName":"userName","password":"password"},
        contentType: "application/x-www-form-urlencoded",
        dataType: "text/html",
        success: function(data) {}
    });

    authBuilder.AddCookie(options =>
    {
        options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.LoginPath = new PathString("/");
    })
C#:

    Set-Cookie: .AspNetCore.Cookies=SomeCookieHere; expires=Sun, 10 Sep 2022 14:12:52 GMT; path=/; secure; samesite=none; httponly

    $.post({
        xhrFields: {
            withCredentials: true
        },
        crossDomain: true,
        type: 'POST',
        url: 'http://localhost:8000/home/login', 
        data: {"userName":"userName","password":"password"},
        contentType: "application/x-www-form-urlencoded",
        dataType: "text/html",
        success: function(data) {}
    });

    authBuilder.AddCookie(options =>
    {
        options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.LoginPath = new PathString("/");
    })
无法在非安全上下文中设置安全cookie:

具有安全属性的cookie仅通过HTTPS协议通过加密请求发送到服务器,而不使用不安全的HTTP,因此中间人攻击者无法轻松访问。不安全的站点(URL中有http:)无法使用Secure属性设置cookie

在JS中,您有
http://localhost:8000/
。请解释问题中3个目标之间的差异。您从哪个站点执行ajax请求,从哪个站点发送cookie?Daniel,-服务器:-客户端1:是ASP Vue客户端,工作正常-客户端2:-简单的JS客户端,不工作如果关闭端口4433上的服务器并在端口443上重新启动它,它将工作。没有与我尝试根据HTTP服务器终结点验证HTTPS客户端相关的警告。但这解决了我的问题。使用HTTPS版本的端点是有效的。我在这件事上浪费了太多时间。@profimedica我不知道ASP,但你可以删除这个
options.Cookie.SecurePolicy=CookieSecurePolicy.Always在开发时,或者在本地安装证书并使用https。我已将开发证书和安全策略设置为“无”,如cookie所示:安全;samesite=无;httponly@profimedicacookie中的属性
secure
源自
options.cookie.SecurePolicy=CookieSecurePolicy.Always