在站点之间共享身份验证cookie

时间:2019-02-19 19:04:23

标签: .net authentication cookies asp.net-core-2.2

我正在尝试在.net core 2.2中的不同应用程序之间共享身份验证cookie。

下面的代码来自应用程序1(comportocertlogin.local)startup.cs:

// This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });


        services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"))
            .SetApplicationName("SharedCookieApp");

        //services.ConfigureApplicationCookie(options =>
        //{
        //    options.Cookie.Name = ".AspNet.SharedCookie";
        //    options.Cookie.Domain = ".local";
        //});

        services.AddAuthentication(options =>
        {
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        }).AddCookie(options =>
        {
            options.LoginPath = "/Login";
            options.LogoutPath = "/Login";
            options.Cookie.Name = ".AspNet.SharedCookie";
            options.Cookie.Domain = ".local";
            options.Cookie.Path = "/";
            options.DataProtectionProvider =
                DataProtectionProvider.Create(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"));
        });

然后在应用程序1中,我具有下面的代码,用于创建身份验证cookie和重定向到应用程序2 

public async Task<IActionResult> OnPostAsync(int userId)
    {
        if (ModelState.IsValid)
        {
            //bool isValid = userId == 2; // TODO Validate the username and the password with your own logic

            //if (!isValid)
            //{
            //    ModelState.AddModelError("", "username or password is invalid");
            //    return Page();
            //}

            // Create the identity from the user info
            var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId.ToString()));
            identity.AddClaim(new Claim(ClaimTypes.Name, userId.ToString()));
            identity.AddClaim(new Claim("UserId", userId.ToString()));

            // Authenticate using the identity
            var principal = new ClaimsPrincipal(identity);
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { IsPersistent = false });

            return Redirect("https://scomportoadmin.local/searchUserAccount");
        }

        return Page();
    }

在应用程序2(scomportoadmin.local)startup.cs中,我具有以下代码:

        public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });



        services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"))
            .SetApplicationName("SharedCookieApp");

        //services.ConfigureApplicationCookie(options =>
        //{
        //    options.Cookie.Name = ".AspNet.SharedCookie";
        //    options.Cookie.Domain = ".local";
        //});

        services.AddAuthentication(options =>
        {
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        }).AddCookie(options =>
        {
            options.LoginPath = "/login";
            options.LogoutPath = "/login";
            options.Cookie.Name = ".AspNet.SharedCookie";
            options.Cookie.Domain = ".local";
            options.Cookie.Path = "/";
            options.DataProtectionProvider =
                DataProtectionProvider.Create(new DirectoryInfo(@"C:\SVN\RS.3C\trunk\SourceCode\ComportoAdmin\ComportoAdmin.CertificateLogin"));

        });
   services.AddMvc().AddRazorPagesOptions(options =>
        {
            options.Conventions.AuthorizePage("/SearchUserAccount");
            options.Conventions.AuthorizePage("/EditCreateUserAccount");
            options.Conventions.AllowAnonymousToPage("/RegisterUserAccount");
        }).
        SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

缺少某些内容,因为我无法访问应用程序2中的页面SearchUserAccount和EditCreateUserAccount。

1 个答案:

答案 0 :(得分:0)

在每个应用程序的.AddCookie配置中,您将直接设置一个没有共享应用程序名称的数据保护提供程序。甚至没有必要,因为您已经在应用程序级别配置了共享数据保护提供程序,该提供程序默认情况下将用于加密cookie。

长短不一,只需删除您在两个应用程序中为Cookie设置options.DataProtectionProvider的行,就可以了。

相关问题
最新问题