我已经在客户端使用jwt承载令牌创建了一个cookie。如果cookie的httpOnly = false,那么我可以像这样使用Asp.Net Core来访问它:
<html lang="en">
<head>
<meta charset="utf-8">
<title>PDL Web</title>
<link href="/assets/Images/favicon.ico" rel="shortcut icon" type="image/x-icon">
<base id="baseHref" href="/">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<app-root></app-root>
</body>
</html>
<script src="https://cdn.ckeditor.com/4.11.2/standard-all/ckeditor.js"></script>
但是,如果cookie的httpOnly设置为true,则Asp.Net Core会像cookie为null一样工作,并且不会读取令牌。我在做什么错了?
我正在使用通用Cookie在反应中创建Cookie,如下所示:
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider)
{
app.Use((context, next) =>
{
Console.WriteLine("Before checking cookie middleware");
string authenticationCookieName = "Authorization";
var cookie = context.Request.Cookies[authenticationCookieName];
if (cookie != null)
{
Console.WriteLine("GOING TO DESERIALIZE");
var token = JsonConvert.DeserializeObject<AccessToken>(cookie);
Console.WriteLine("Bearer "+token.token);
context.Request.Headers.Add("Authorization", "Bearer "+token.token);
}
Console.WriteLine("After checking cookie middleware");
// Call the next delegate/middleware in the pipeline
return next();
});
编辑:我已经记录了所有Request.Cookies.Keys,并且httponly cookie没有出现...有什么想法吗?
EDIT2:发现了问题。您不能在客户端上创建httponly cookie。