Owin cookie身份验证set-cookie未在浏览器中保存

时间:2013-09-11 11:32:04

标签: cookies asp.net-web-api owin katana

我正在此堆栈上构建自托管Web服务器: OWIN 南希 Web Api 2

我正在使用Katana的Microsoft.Owin.Security.Cookies进行类似形式的身份验证。我得到了Set-Cookie标头作为回应,但cookie没有保存,也没有被包含在下一个请求中。所以有什么问题?我做错了什么?

Owin启动:

app.UseCookieAuthentication(new CookieAuthenticationOptions()
        {
            AuthenticationMode = AuthenticationMode.Active,
            AuthenticationType = "GM",
            CookieHttpOnly = true,
            CookieSecure = CookieSecureOption.SameAsRequest,
            CookiePath = "/",
            CookieName = CookieAuthenticationDefaults.CookiePrefix + "GM",
            CookieDomain = "localhost",
        });

控制器代码:

var context = Request.GetOwinContext();
context.Authentication.SignIn(new AuthenticationProperties()
    {
        IsPersistent = true
    },
    new ClaimsIdentity(new[] {new Claim(ClaimsIdentity.DefaultNameClaimType, user.Login)}, "GM"));
context.Response.Headers.Add("Location", new []{ "/" });
return Request.CreateResponse(HttpStatusCode.Found);

响应标头:

Cache-Control:no-cache
Content-Length:0
Date:Wed, 11 Sep 2013 11:11:23 GMT
Expires:-1
Location:/
Pragma:no-cache
Server:Microsoft-HTTPAPI/2.0
Set-Cookie:.AspNet.GM=AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAABui2rBibE0yPXB0-v3C06gAAAAACAAAAAAAQZgAAAAEAACAAAAC1mQV3jGo_WAhMQ-hzsmzgkdbdCclWIAX-msbE0_12zQAAAAAOgAAAAAIAACAAAABuQjBg3EJIka151hvBgtlPGfQ2O_cwNI2VVh86dchTDXAAAAD21O9DnNk4yLU9eddVfY3bT9P1CEudNeLvwohkSTAQBP2onuIQfgl9F99Je5waPddckh2llD2kjftSMQPhzgE9vKm-_wE42hXhc9FIgfxpD5AdaeGatwpEcwDfGJJdpQnObX1pbjEFIXLVJxGm5qMUQAAAAC8AiFTaXmzrfRy4-jR6zqMmSKddzddmiBLGClAckWOy6W2YWdf50N2zhIj_MwN8-zi-B0tlv87pzAt-6RDZYZs; domain=localhost; path=/; expires=Wed, 25-Sep-2013 11:11:24 GMT; HttpOnly

2 个答案:

答案 0 :(得分:9)

我解决了这个问题。这是因为'domain = localhost'。似乎'localhost'不是域参数的有效值。

答案 1 :(得分:0)

您可能会将类似的问题包含在:Safari doesn't set Cookie but IE / FF does

尝试将HttpStatusCode设置为HttpStatusCode.Ok

某些浏览器只接受来自特定响应代码的Cookie(例如200,302)。