我有这个asp.net MVC应用程序,我使用带有UseCookieAuthentication的cookie身份验证,但是当在同一浏览器上从测试和生产环境访问应用程序时,我能够在没有被要求输入密码和用户名的情况下进入第二个环境,我已经通过身份验证了。他们使用不同的数据库,因此两者的用户名和密码不同
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
{
AuthenticationType = Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieHttpOnly = true,
//SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(20),
Provider = new Microsoft.Owin.Security.Cookies.CookieAuthenticationProvider(),
AuthenticationMode = AuthenticationMode.Active,
CookieSecure = Microsoft.Owin.Security.Cookies.CookieSecureOption.SameAsRequest
});
我如何能够根据域请求凭据 - 如果未记录此域的用户请求凭据
答案 0 :(得分:0)
try to add cookie domain property.
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
{
CookieDomain="domain.com",
AuthenticationType = Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieHttpOnly = true,
//SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(20),
Provider = new Microsoft.Owin.Security.Cookies.CookieAuthenticationProvider(),
AuthenticationMode = AuthenticationMode.Active,
CookieSecure = Microsoft.Owin.Security.Cookies.CookieSecureOption.SameAsRequest
});
并检查会发生什么。