Asp.Net Core 2 with Google Auth&子域名

时间:2017-10-03 13:00:44

标签: azure-web-sites asp.net-core-2.0 asp.net-core-identity

我在Azure上有3个Web应用程序。

  • Webapp1 www.mydomain.com
  • Webapp2是 admin.mydomain.com
  • Webapp3是 user.mydomain.com

当我登录WebApp1时,我希望登录所有其他子域。

我想使用社交提供程序对我的用户进行身份验证,并使用asp.net Identity进行授权。

阅读文档&这里的问题就是我在Startup.cs中的内容

public void ConfigureServices(IServiceCollection services)
{
    /*
     * Some code
     */

    // Creating a blob storage account to share keys for all applications
    var storageAccount = CloudStorageAccount.Parse(configuration.GetConnectionString("IdentityStr"));
    CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
    CloudBlobContainer container = blobClient.GetContainerReference("identity");
    AsyncContext.Run(() => container.CreateIfNotExistsAsync());

    services.AddDataProtection()
            .SetApplicationName("MYAPP")
            .PersistKeysToAzureBlobStorage(container, "keys.xml");

    /* 
     * BEGIN DISGUSTING: I recreate the data protection provider here
     * because I need the instance of it below for the Cookie options
     */
    var serviceCollection = new ServiceCollection();
    serviceCollection.AddDataProtection()
            .SetApplicationName("MYAPP")
            .PersistKeysToAzureBlobStorage(container, "keys.xml");
    var service2 = serviceCollection.BuildServiceProvider();
    var dataProtector = service2.GetRequiredService<IDataProtectionProvider>();
    /*
     * END DISGUSTING
     */

    services.AddDbContext<AuthDbContext>(options =>
            options.UseSqlServer(connectionString));

    services.AddIdentity<AuthUser, AuthRole>()
            .AddEntityFrameworkStores<AuthDbContext>()
            .AddDefaultTokenProviders();

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddCookie(o =>
            {
                o.LoginPath = "/account/login";
                o.LogoutPath = "/account/logout";
                o.Cookie.Domain = "mydomain.com";
                o.DataProtectionProvider = dataProtector;
                o.TicketDataFormat = new TicketDataFormat(dataProtector.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Cookies", "v2"));
            })
            .AddGoogle(o =>
            {
                o.ClientId = configuration["Authentication:Google:ClientId"];
                o.ClientSecret = configuration["Authentication:Google:ClientSecret"];
            });

    /*
     * Some code
     */
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    /*
     * Some code
     */

    app.UseAuthentication();

    /*
     * Some code
     */
}

Cookie在Webapp1上正常运行,但附加的域名不是o.Cookie.Domain中定义的域名,而是www.mydomain.om

以下是Chrome曲奇饼干的视图 cookies

小提琴家的观点: enter image description here 我可能错过了一些东西......

1 个答案:

答案 0 :(得分:1)

身份Cookie没有域名集。您不需要再次添加Cookie,因为Identity已经添加了Cookie,您需要配置该实例,而不是您正在创建的新实例

所以尝试使用ConfigureApplicationCookie 

services.AddIdentity<AuthUser, AuthRole>()
        .AddEntityFrameworkStores<AuthDbContext>()
        .AddDefaultTokenProviders();

services.AddAuthentication()
        .AddGoogle(o =>
        {
            // Google options.
        });

services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
});
相关问题
最新问题