.NET Core 2.2共享Cookie登录时会导致Bad Request错误 [英] .NET Core 2.2 Shared Cookie causes Bad Request error when logging in

问题描述

我有2个在它们之间共享Cookie的应用程序。这是两个startup.cs中的配置：

I have 2 applications that share cookies between them. This is the configuration in both the startup.cs:

services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.Name = Environment.GetEnvironmentVariable(CONST.CookieName);
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
    options.Cookie.Path = Environment.GetEnvironmentVariable(CONST.CookiePath);
    options.Cookie.Domain = Environment.GetEnvironmentVariable(CONST.CookieDomain);
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(CONST.CookieExpiryTimeSpanInMinutes)));

    options.LoginPath = Environment.GetEnvironmentVariable(CONST.LoginPath);
    options.AccessDeniedPath = Environment.GetEnvironmentVariable(CONST.AccessDeniedPath);
    options.SlidingExpiration = true;
});

现在的问题是，如果我同时加载App A和App B，请登录App A，然后单击在应用B上登录时，出现错误请求错误。我尝试调试App B以检查为什么会出现此错误，然后我发现当我登录App A并尝试登录App B时，应用程序不知道我已经通过了身份验证。

The problem now is that if I load App A and App B together, login into App A then click login on App B, I get a Bad Request error. I tried to debug App B to check why it was getting this error and I discovered that when I am logged in to App A and try to login on App B, the Application doesn't know that I have already been authenticated.

if (User.Identity.IsAuthenticated)
{
    return LocalRedirect(returnUrl);
}

上面的行始终为false。

The line above is always false.

是否可以防止此问题？还是有办法检查cookie是否已设置？

Is there a way to prevent this issue? Or is there a way to check if a cookie has already been set?

编辑：

我已设置所有应用程序的数据保护密钥：

I have set the Data Protection Key for all the apps:

var ds = new DirectoryInfo("PathTOKey");
services.AddDataProtection()
    .PersistKeysToFileSystem(ds)
    .SetApplicationName("DPName");

编辑：

启动中的Cookie选项.cs

Cookie Options in Startup.cs

services.Configure<CookiePolicyOptions>(options =>
{
    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
    options.CheckConsentNeeded = context => false;
    options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure<IdentityOptions>(options =>
{
    options.Password.RequireDigit = false;
    options.Password.RequireLowercase = false;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireUppercase = true;
    options.Password.RequiredLength = 6;
    options.User.AllowedUserNameCharacters =
    "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
    options.User.RequireUniqueEmail = false;
    options.SignIn.RequireConfirmedEmail = false;
    options.SignIn.RequireConfirmedPhoneNumber = false;
    options.Lockout.AllowedForNewUsers = false;
});
var ds = new DirectoryInfo(Path.Combine(Environment.GetEnvironmentVariable(UCCASGlobals.CentralApplicationSettings), "KeyRing"));
services.AddDataProtection()
    .PersistKeysToFileSystem(ds)
    .SetApplicationName(Environment.GetEnvironmentVariable(UCCASGlobals.DataProtectionApplicationName));

services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.Name = Environment.GetEnvironmentVariable(UCCASGlobals.CookieName);
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
    options.Cookie.Path = Environment.GetEnvironmentVariable(UCCASGlobals.CookiePath);
    options.Cookie.Domain = Environment.GetEnvironmentVariable(UCCASGlobals.CookieDomain);
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(UCCASGlobals.CookieExpiryTimeSpanInMinutes)));

    options.LoginPath = Environment.GetEnvironmentVariable(UCCASGlobals.LoginPath);
    options.AccessDeniedPath = Environment.GetEnvironmentVariable(UCCASGlobals.AccessDeniedPath);
    options.SlidingExpiration = true;
});

推荐答案

请确保在以下两个方面均配置了数据保护两个应用程序中的应用程序和数据保护密钥以及应用程序名称必须相同。

Make sure that you have configured data protection in both of application and data protection keys and the app name must be the same in two Apps .

配置数据保护系统以将密钥持久保存到指定目录。此路径可能在本地计算机上，也可能指向UNC共享。

Configures the data protection system to persist keys to the specified directory. This path may be on the local machine or may point to a UNC share.

services.AddDataProtection()
         .PersistKeysToFileSystem(new DirectoryInfo(@"d:\Keys"))
         .SetApplicationName("SharedCookieApp");

services.ConfigureApplicationCookie(options => {
          options.Cookie.Name = ".AspNet.SharedCookie";
        });

您可以按请求中的cookie名称检查cookie值

You could check the cookies value by cookie name in the request

var cookie=Request.Cookies["Cookie Name"];

参考：
https://docs.microsoft.com/zh-CN/aspnet/core/security /data-protection/configuration/overview?view=aspnetcore-3.0

这篇关于.NET Core 2.2共享Cookie登录时会导致Bad Request错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！