Cookies ASP.NET标识Cookie跨.NET和Core上的子域
我有许多应用程序托管在主域和子域上: 网站A,ASP.NET(.NET Core 2.0),网址:www.example.com 网站B,ASP.NET MVC(4.7.NET Framework),网址:site.example.com 网站C,ASP.NETIdentity(.NET Core 2.0)位于account.example.com 网站D,ASP.NET Webform(4.7.NET Framework),位于file.example.com 我想在account.example.com上登录,验证后用户将重定向到其他网站。他们将由其他网站上的角色授权 我正在尝试在这些网站之间共享cookie,并且所有网站都托管在Azure Web App上 我正在使用ASP.NET标识(.NET Core 2.0)。我正在使用内置的cookie身份验证 如何在所有应用程序中使用数据保护并在它们之间共享cookie 对于数据保护,我的代码是:Cookies ASP.NET标识Cookie跨.NET和Core上的子域,cookies,asp.net-core,webforms,asp.net-identity,data-protection,Cookies,Asp.net Core,Webforms,Asp.net Identity,Data Protection,我有许多应用程序托管在主域和子域上: 网站A,ASP.NET(.NET Core 2.0),网址:www.example.com 网站B,ASP.NET MVC(4.7.NET Framework),网址:site.example.com 网站C,ASP.NETIdentity(.NET Core 2.0)位于account.example.com 网站D,ASP.NET Webform(4.7.NET Framework),位于file.example.com 我想在account.examp
services.AddDataProtection()
.SetApplicationName("example")
.PersistKeysToFileSystem(new DirectoryInfo(@"%HOME%\ASP.NET\DataProtection-Keys"))
.SetDefaultKeyLifetime(TimeSpan.FromDays(14));
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieDomain = ".example.com"
});
services.AddDataProtection()
.SetApplicationName("example")
.PersistKeysToFileSystem(new DirectoryInfo(@"%HOME%\ASP.NET\DataProtection-Keys"))
.SetDefaultKeyLifetime(TimeSpan.FromDays(14));
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieDomain = ".example.com"
});
关于.Net Core,如果您想在多个站点之间共享您的cookie,您可以尝试以下方法来初始化它,而不是使用CookieAuthentication:
services.AddAuthentication();
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
options.Cookie.Name = "CookieName";
//options.Cookie.Domain = ".localhost";
if (!CurrentEnvironment.IsDevelopment())
options.Cookie.Domain = CommonConfig.CookieDomain; // ".mydomain.com"
options.Cookie.HttpOnly = false;
options.Cookie.Expiration = TimeSpan.FromDays(5 * 30);
options.SlidingExpiration = true;
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/Logoff");
options.AccessDeniedPath = new PathString("/Account/Login");
var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(CommonConfig.PersistKeysStoreC));
options.DataProtectionProvider = protectionProvider;
// This adds claims data to the cookie...
options.Events.OnSignedIn = async (context) =>
{
System.Security.Claims.ClaimsIdentity identity = (System.Security.Claims.ClaimsIdentity)context.Principal.Identity;
UserManager<AppUser> userManager = context.HttpContext.RequestServices.GetService<UserManager<AppUser>>();
AppUser user = await userManager.GetUserAsync(context.Principal);
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, user.Id.ToString()));
//identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Email, user.Email.ToString()));
//identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, user.LastName));
//identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.GivenName, user.FirstName));
};
});
services.AddAuthentication();
services.configureApplicationOK(选项=>
{
//Cookie设置
options.Cookie.SameSite=Microsoft.AspNetCore.Http.SameSiteMode.Lax;
options.Cookie.Name=“CookieName”;
//options.Cookie.Domain=“.localhost”;
如果(!CurrentEnvironment.IsDevelopment())
options.Cookie.Domain=CommonConfig.CookieDomain;//“.mydomain.com”
options.Cookie.HttpOnly=false;
options.Cookie.Expiration=TimeSpan.FromDays(5*30);
options.SlidingExpiration=true;
options.Cookie.SecurePolicy=Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
options.LoginPath=新路径字符串(“/Account/Login”);
options.LogoutPath=新路径字符串(“/Account/Logoff”);
options.AccessDeniedPath=新路径字符串(“/Account/Login”);
var protectionProvider=DataProtectionProvider.Create(newdirectoryinfo(CommonConfig.persistkeystorec));
options.DataProtectionProvider=protectionProvider;
//这会将索赔数据添加到cookie。。。
options.Events.OnSignedIn=异步(上下文)=>
{
System.Security.Claims.ClaimsIdentity identity=(System.Security.Claims.ClaimsIdentity)context.Principal.identity;
UserManager UserManager=context.HttpContext.RequestServices.GetService();
AppUser=await userManager.GetUserAsync(context.Principal);
identity.AddClaim(新的System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier,user.Id.ToString());
//identity.AddClaim(新的System.Security.Claims.Claims(System.Security.Claims.Claims.ClaimTypes.Email,user.Email.ToString());
//identity.AddClaim(新系统.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name,user.LastName));
//identity.AddClaim(新系统.Security.Claims.Claim(System.Security.Claims.ClaimTypes.GivenName,user.FirstName));
};
});
当然,您需要为所有站点提供相同的ProtectionProvider路径。我从Microsoft文档中获得了解决方案 和此子域身份验证系统的示例代码 该示例演示了使用cookie身份验证的三个应用程序之间的cookie共享:
- ASP.NET Core 2.0 Razor Pages应用程序不使用ASP.NET Core标识
- 具有ASP.NET核心标识的ASP.NET核心2.0 MVC应用程序
- 具有ASP.NET标识的ASP.NET Framework 4.6.1 MVC应用程序
我在哪里可以在auzre应用程序上找到此密钥环文件?您必须在azure应用程序中手动创建密钥环文件夹。然后,身份应用程序将自动生成数据保护文件。然后,请参阅上面关于子域和主域身份验证的进一步说明。要创建KeyRIng文件夹,请打开Azure Web App-->转到高级工具,然后转到。它将重定向到另一个门户网站Kudu服务,即web应用程序的文件浏览器。在“调试控制台-->打开CMD-->导航到站点”菜单中的“文件”选项中,浏览并装箱KeyRing文件夹。