多重& asp.net核心身份中SubDomain的cookie [英] Multiple & SubDomain's cookie in asp.net Core Identity

问题描述

我有一个网页，该网页针对同一个应用程序使用多个URL:

I have a webpage which uses multiple URLS for the same application:

例如: * .MyWebPage.com.au * .YourWebPage.com.au

for example: *.MyWebPage.com.au *.YourWebPage.com.au

因此它将在多个URL上使用子域.问题是我需要允许用户在他们登录的URL的所有子域上进行身份验证.

So it will use subdomains on multiple urls. The problem is I need to allow for the user to be authenticated on all subdomains of the url which they have logged into.

例如，如果他们通过www.mywebpage.com.au登录，则需要为* .mywebpage.com.au设置cookie，或者如果他们通过www.yourwebpage.com.au登录，则cookie应为* .yourwebpage. .com.au.

For example, if they login via www.mywebpage.com.au the cookie needs to be set for *.mywebpage.com.au or if they login via www.yourwebpage.com.au the cookie should be *.yourwebpage.com.au.

有关允许ASP.NET核心标识的子域的大多数文档都指向startup.cs(或startup.auth.cs)文件，并输入如下内容:

Most of the documentation in allowing subdomains for ASP.NET core identity points to the startup.cs (or startup.auth.cs) file and entering something like this:`

app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                CookieDomain = "mywebpage.com.au"
            });`

这对我不起作用，因为我不需要固定的域，我只想允许所有用户访问其登录网址的所有子域.很明显，我可以通过请求在登录时获取其url，但是此时我需要动态设置cookiedomain.

this will not work for me because I dont want a fixed domain, I just want to allow for all the users to have access to all the subdomains for the url they have signed in at. I can obviously get their url at the time of login via the request, but I need to dynamically set the cookiedomain at this point.

推荐答案

我刚开始时没有意识到的是Identity和CookieAuthentication之间的区别. 由于我使用的是身份

What I didnt realise when I started was the difference between Identity and CookieAuthentication. Since I was using Identity

        app.UseIdentity();

app.UseCookieAuthentication不是解决方案.

app.UseCookieAuthentication was not the solution.

我终于通过实现ICookieManager找到了解决方案.

I finally found my solution by implementing ICookieManager.

这是我的解决方案:

在Startup.cs中:

in Startup.cs:

    services.AddIdentity<ApplicationUser, IdentityRole>(options =>
        {
            options.Password.RequireDigit = false;
            options.Password.RequiredLength = 5;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireLowercase = false;
            options.Password.RequireUppercase = false;
            options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
        }).AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

现在在一个类中，我将其称为CookieManager.cs:

now in a class I have called CookieManager.cs:

public class CookieManager : ICookieManager
{
    #region Private Members

    private readonly ICookieManager ConcreteManager;

    #endregion

    #region Prvate Methods

    private string RemoveSubdomain(string host)
    {
        var splitHostname = host.Split('.');
        //if not localhost
        if (splitHostname.Length > 1)
        {
            return string.Join(".", splitHostname.Skip(1));
        }
        else
        {
            return host;
        }
    }

    #endregion

    #region Public Methods

    public CookieManager()
    {
        ConcreteManager = new ChunkingCookieManager();
    }

    public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
    {

        options.Domain = RemoveSubdomain(context.Request.Host.Host);  //Set the Cookie Domain using the request from host
        ConcreteManager.AppendResponseCookie(context, key, value, options);
    }

    public void DeleteCookie(HttpContext context, string key, CookieOptions options)
    {
        ConcreteManager.DeleteCookie(context, key, options);
    }

    public string GetRequestCookie(HttpContext context, string key)
    {
        return ConcreteManager.GetRequestCookie(context, key);
    }

    #endregion

这篇关于多重& asp.net核心身份中SubDomain的cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！