为了避免将Jwt存储在浏览器中,我将jwt存储在配置为的Cookie中:
`
HttpOnly = true,
SameSite = SameSiteMode.Strict,
IsEssential = true
`
然后我将拦截器作为请求管道的一部分运行,并检查传入的请求是否带有cookie(如果确实有),然后剥离cookie并将"Authorization"标头添加到带有内容的请求中是jwt本身的cookie。
这些cookie配置在我正在开发的本地计算机上运行良好。但是,一旦我将应用程序部署到Azure。 Web API不再发布这些cookie。
在我的Asp.Net Core网络api Startup.cs文件中,我在ConfigureServices方法中具有以下内容:
`
services.ConfigureApplicationCookie(options =>
{
options.Events.OnRedirectToAccessDenied = ReplaceRedirector(HttpStatusCode.Forbidden, options.Events.OnRedirectToAccessDenied);
options.Events.OnRedirectToLogin = ReplaceRedirector(HttpStatusCode.Unauthorized, options.Events.OnRedirectToLogin);
options.SlidingExpiration = true;
});
`
`
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(configureOptions =>
{
configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
configureOptions.TokenValidationParameters = tokenValidationParameters;
configureOptions.SaveToken = true;
// In case of having an expired token
configureOptions.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add(TokenOptionsStrings.ExpiredToken, "true");
}
return Task.CompletedTask;
}
};
});
`
然后在我的Configure.cs文件中:
`
app.UseMiddleware<JwtBearerMiddleware>()
.UseCors("AllowAll")
.UseAuthentication()
.SeedDatabase()
.UseHttpsRedirection()
.UseMvc();
`
然后我在成功注册后最终发布了cookie:
`
response.Cookies.Append(cookieName, token.access_token, _cookieOptions);
`
_cookieOptions与上面提到的相同。
您知道为什么在部署到Azure时可能不会发布我的cookie吗?