多个用户具有相同的浏览器ASP身份 [英] Multiple users same browser asp identity

问题描述

我们有一个具有两种用户类型的应用程序.其中一个是管理员，另一个是客户端.我们正在使用AspNet身份对用户进行身份验证并发布Cookie. 但是，在某些情况下，管理员和用户共享同一浏览器.当客户端登录时，cookie被覆盖，当返回到管理员页面时，我们将丢失身份验证.反之亦然(客户端首先登录，然后是admin). 有没有办法在同一浏览器上同时支持多个经过身份验证的用户? 你好. 路易斯.

We have an application which has two user types. One of them is an administrator and the other one is a client. We are using AspNet identity to authenticate the user and issue a cookie. However, there is a scenario where the administrator and the user share the same browser. When the client logs in, the cookie gets overridden and when coming back to the administrator pages we lose authentication. The same happens the other way around (client is logged in first, then admin). Is there a way to support multiple authenticated users at the same time on the same browser? Greetings. Luis.

推荐答案

否，浏览器不了解任何用户.您设置了cookie，浏览器将这些cookie发送回去.然后，应用程序接收并检查这些cookie，以在下一个请求中找出当前用户；

No, the browser has no understanding of any users. You set cookies and the browser sends back those cookies. The application then receives and checks those cookies to figure out the current user on the next request;

浏览器没有办法知道它应该发送回什么cookie，除了读取这些cookie外，服务器也没有办法知道正确的用户是什么.为什么要让2种不同的用户类型共享相同的确切浏览器窗口?这破坏了整个安全模型.

There's no way for the browser to know what cookies it should send back and there's no way for your server to know what the right user is other than reading those cookies. Why do you want 2 different user types sharing the same exact browser window anyway? That defeats the entire security model.

如果两个人必须共享同一台设备，那么当今大多数浏览器都支持私有窗口或单独的配置文件"，因此您可以拥有完全独立的首选项和会话，而无需共享任何数据.这是Chrome的个人资料功能的链接: https://support.google.com/chrome/answer/2364824

If 2 people must share the same device, then most browsers today support private windows or separate 'profiles' so you can have completely separate preferences and sessions without sharing any data. Here's a link to Chrome's profiles feature: https://support.google.com/chrome/answer/2364824

这篇关于多个用户具有相同的浏览器ASP身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！