我们正在使用dotnet core 2.2。我们已经使用负载均衡器在AWS上托管了应用程序。 应用程序的cookie通过使用证书的内置数据保护来保护。 我们当前面临的问题是:假设用户从UI击中登录按钮,第一个请求到达server1,server1创建了一个会话cookie(因为我们需要存储一些数据)。现在我停止了server1并击中了下一个按钮以登陆下一个屏幕。在这种情况下,我的应用程序中断了。 出现警告消息,例如“正在使用键{SessionId}访问过期的会话”。
Cookie加密:
services.AddDataProtection().SetApplicationName("federationapp").PersistKeysToAwsS3(CreateAmazonS3Client(configuration), new S3XmlRepositoryConfig(configuration["DataProtection:Location"]) { KeyPrefix = configuration["DataProtection:KeyPrefix"] })
.ProtectKeysWithCertificate(privateKeyCertificates.Where(x => x.CertificateType == CertificateTypeEnum.SIGNING && x.IsActive == true).FirstOrDefault().Certificate)
.UnprotectKeysWithAnyCertificate(privateKeyCertificates.Where(x => x.CertificateType == CertificateTypeEnum.SIGNING && x.IsActive == true).FirstOrDefault().Certificate);
在管道中添加会话:
services.AddSession(options =>
{
options.IdleTimeout =
TimeSpan.FromMinutes(
Convert.ToDouble(
systemParamsCollection[nameof(JwtTokenVerificationParameterModel.ValidFor)]));
options.Cookie.IsEssential = true;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
options.Cookie.Path = "/";
});
添加身份验证和cookie
services.AddAuthentication(action => { action.DefaultSignInScheme = Constants.AuthenticationSchemeTypes.Cookies; })
.AddCookie(options =>
{
options.Cookie.Name = ".netcorepersistent";
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
options.DataProtectionProvider = DataProtectionProvider.Create("federationapp");
options.DataProtectionProvider.CreateProtector("federationapp");
options.Cookie.Path = "/";
options.Cookie.IsEssential = true;
options.Validate();
options.ExpireTimeSpan =
TimeSpan.FromMinutes(
Convert.ToDouble(
systemParamsCollection[nameof(JwtTokenVerificationParameterModel.ValidFor)]));
options.LoginPath = Constants.SsoUrl + Constants.SamlProtocol + "/Auth/ReceiveSsoRequest";
options.Events = new CustomCookieAuthenticationEvents(
saml2RequestHelper, metadataLoader, relyingPartyService, ilogger, config);
})
会话字符串设置为:
this.HttpContext.Session.SetString(saml2LoginRequestBinding.Saml2AuthnRequest.Id.Value, Newtonsoft.Json.JsonConvert.SerializeObject(saml2LoginRequestBinding.RelyingParty));
任何帮助都会很棒!