所以我有两个使用Owin身份验证的MVC5 Web应用程序的解决方案。 当我通过Visual Studio 2015同时运行两个应用程序时,owin上下文是共享的(它不应该是!)
通过共享,我的意思是每当我向其中一个应用程序添加声明时,它也会添加到另一个应用程序中。这导致User.Identity.GetUserId()
返回UserId,我记录的应用程序最后一次,即使这两个应用程序彼此无关,并且彼此之间没有引用。
我使用默认的Owin设置:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
有人可以帮助我配置我的应用,以便他们不共享应用Cookie吗?
答案 0 :(得分:1)
更改CookieName in CookieAuthenticationOptions
确定用于保留标识的cookie名称。默认值为“.AspNet.Cookies”。如果更改AuthenticationType的名称,则应更改此值,尤其是在系统多次使用cookie身份验证中间件的情况下。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "AspNet.AppName"
}