在Asp.Net Core 1(MVC6)和MVC 5应用程序之间共享身份验证cookie [英] Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications
问题描述
我有一些共享相同身份验证Cookie的MVC 5应用程序.我正在使用ASP.NET Identity创建cookie.
I have a few MVC 5 applications that share the same authentication cookie. I'm using ASP.NET Identity to create the cookie.
我检查用户是否使用Owin的帮助器方法进行了身份验证,如下所示:
I checking if the user is authenticated using Owin's helper method, like so:
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
ExpireTimeSpan = TimeSpan.FromMinutes(expirationTimeInMinutes),
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider()
});
在使用此cookie的所有应用程序中,我在web.config文件中具有以下配置:
And in all applications using this cookie, I have the following config in the web.config file:
<machineKey validationKey="..." decryptionKey="..." validation="SHA1" />
据我了解,此配置允许应用程序解密相同的cookie.
As I understand, this configuration allows the applications to decrypt the same cookie.
在MVC6应用程序中,我将其设置为使用如下cookie:
In the MVC6 application I'm setting it up to use the cookies like this:
app.UseCookieAuthentication(options =>
{
//options.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
options.LoginPath = new PathString("/Account/login");
//options.Provider = new CookieAuthenticationProvider()
});
好的,这是我的问题,配置已经不同,因为我不知道指定提供程序还是身份验证类型.
OK, here's my problem the configuration is already different, as I don't know to specify the provider nor the authentication type.
之后,我必须配置解密密钥,但是据我了解,MVC 6没有web.config文件.那我该怎么做到呢?
After, I'd have to config the decryption key, but as I understand MVC 6 doesn't have a web.config file. So how can I achieved this?
推荐答案
免责声明:此答案仅适用于RC2,应于5月中旬发布.它可能与RC1一起使用,但需要更多工作.
Disclaimer: this answer is applicable to RC2 only, which should be released mid-May. It may work with RC1, but would require more work.
您可以使用新的Microsoft.Owin.Security.Interop
包使OWIN/Katana cookie中间件使用新的序列化格式和ASP.NET Core使用的新数据保护堆栈(反之则困难得多,而且绝对不会推荐):
You can use the new Microsoft.Owin.Security.Interop
package to make the OWIN/Katana cookies middleware use the new serialization format and the new data protection stack used by ASP.NET Core (the other way around would be much harder, and definitely not recommended):
OWIN/Katana应用:
public class Startup
{
public void Configuration(IAppBuilder app)
{
// Create a new data protection provider with a unique app
// name shared by both your OWIN/Katana and ASP.NET Core apps:
var provider = DataProtectionProvider.Create("your app name");
// Create a protector compatible with the ASP.NET Core cookies middleware.
// Replace the second argument ("Cookies") by the authentication scheme
// used by your ASP.NET Core cookies middleware if necessary.
var protector = provider.CreateProtector(
"Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
"Cookies", "v2");
// Set TicketDataFormat to force the OWIN/Katana cookies middleware
// to use the new serialization format used by ASP.NET Core:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(protector))
});
}
}
ASP.NET Core应用:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection(options =>
{
// Force the ASP.NET Core data protection stack to use
// the name shared with your OWIN/Katana app.
options.ApplicationDiscriminator = "your app name";
});
}
}
如果仅将其用于cookie中间件,则应该能够删除web.config
中的machineKey
节点,因为OWIN/Katana cookie中间件现在将使用新的数据保护堆栈,而不会不能依靠机器密钥,而是依靠机器上持久存在的钥匙圈(默认情况下,在注册表或特殊文件夹中).
You should be able to remove the machineKey
node in your web.config
if you're only using it for the cookies middleware, as the OWIN/Katana cookies middleware will now use the new data protection stack, that doesn't rely on machine keys but on a key ring persisted on the machine (by default, in either the registry or in a special folder).
如果您的应用程序部署在不同的计算机上,则建议同步整个计算机上的钥匙圈.您可以阅读其他SO帖子以获取更多信息.
If your apps are deployed on different machines, I'd recommend synchronizing the key rings across your machines. You can read this other SO post for more information.
这篇关于在Asp.Net Core 1(MVC6)和MVC 5应用程序之间共享身份验证cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!