在Service Fabric上托管的Asp.net Core 2应用程序,虚拟机规模集中包含1个节点类型的5个虚拟机。
在本地所有工作都很完美,但是当应用程序处于活动状态时,登录后,在浏览页面时(需要进行身份验证)再次请求登录,多次丢失身份验证会话 。它会在4或5次登录后停止一段时间。 还记得我的特色"不起作用,会议持续10分钟。
我认为这与托管在多台计算机上的应用程序有关,就像任何一台机器都需要它自己的登录一样。
我做了几个小时的研究,更改cookie设置,使用SameSiteMode.None和Sliding expiration但是无法弄明白,我怀疑服务器场中的所有计算机必须具有相同的机器密钥才能解密身份验证曲奇饼。 我是否必须设置一个机器密钥才能使其正常工作?我该怎么做?
这是我在启动时的配置代码:
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = false;
options.Password.RequiredUniqueChars = 4;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 15;
options.Lockout.AllowedForNewUsers = true;
options.SignIn.RequireConfirmedEmail = true;
options.SignIn.RequireConfirmedPhoneNumber = false;
// User settings
options.User.RequireUniqueEmail = true;
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.Name = "LoginCookie";
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromHours(12);
options.LoginPath = "/Console/Account/Login";
options.LogoutPath = "/Console/Account/Logout";
options.AccessDeniedPath = "/Console/Account/AccessDenied";
options.SlidingExpiration = true;
});
答案 0 :(得分:0)
我的类比问题ASP.NET Core 2 mvc with identity.app托管在共享主机上。用户意外丢失了身份。在当地它的工作非常好。这是我的初创公司:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<GanDrorIdentityDb>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), b => b.MigrationsAssembly("GanDror")));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<GanDrorIdentityDb>()
.AddDefaultTokenProviders();
services.Configure<SMPTConfig>(Configuration.GetSection("SMTPConfigSection"));
// Configure Identity
services.Configure<IdentityOptions>(identityOptions =>
{
// Password settings
identityOptions.Password.RequireDigit = true;
identityOptions.Password.RequiredLength = 6;
identityOptions.Password.RequireNonAlphanumeric = false;
identityOptions.Password.RequireUppercase = false;
identityOptions.Password.RequireLowercase = false;
// // Lockout settings
identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
identityOptions.Lockout.MaxFailedAccessAttempts = 10;
// User settings
identityOptions.User.RequireUniqueEmail = true;
});
// Cookie settings
services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.Strict;
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromDays(100);
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/LogOut");
.options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
});
//var environment = services.BuildServiceProvider().GetRequiredService<IHostingEnvironment>();
//services.AddDataProtection()
// .SetApplicationName($"my-app-{environment.EnvironmentName}")
// .PersistKeysToFileSystem(new System.IO.DirectoryInfo($@"{environment.ContentRootPath}\keys"));
// services.AddDataProtection();
services.AddMvc();
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
// Add application services.
services.AddScoped<IRepository<User>, UserRepository>();
services.AddScoped<IRepository<Photo>, PhotoRepository>();
services.AddScoped<IRepository<GanActivity>, ActivityRepository>();
services.AddScoped<IRepository<CategoryActivity>, CategoryRepository>();
services.AddSingleton<IEmailSender, EmailSender>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env,IServiceProvider serviceProvider, ILoggerFactory loggerFactory)// RoleManager<ApplicationRole> roleManager, UserManager<ApplicationUser> userManager)
{
// loggerFactory.AddConsole(Configuration.GetSection("Logging"));
//loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
var options = new RewriteOptions()
.AddRedirectToHttps();
app.UseRewriter(options);
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
//app.UseMvc(routes =>
//{
// routes.MapRoute(
// name: "default",
// template: "{controller=Home}/{action=Index}/{id?}");
//});
CreateRoles(serviceProvider).Wait();
}
答案 1 :(得分:0)
在Azure负载均衡器配置中:
确保在客户端规则(ssl和非ssl)中设置“客户端IP和协议”会话持久性
答案 2 :(得分:0)
我建议您看一下ServiceFabric env和本地env之间的不同设置。
我遇到了类似的问题,我花了几个小时来理解。最后,它是一个ValidIssuer属性,是从设置文件(Settings.xml为默认值,ApplicationManifest.xml仅在ServiceFabric env上加载)中设置的。 Settings.xml中的默认值正确,但是ApplicationManifest.xml值错误,因此验证失败,并且HttpContext.User设置为未经身份验证的匿名WindowsPrincipal。