在开发人员中运行时未在Google Chrome中设置ASP.net核心身份验证Cookie [英] ASP.net core auth cookie not being set in Google Chrome when running in dev
问题描述
我的解决方案中有三个应用程序,所有应用程序都内置在asp.net核心1 MVC 6中.
I have three applications in my solution, all built in asp.net core 1 MVC 6.
- 应用程序1是用于验证用户身份的MVC应用程序.
- 应用程序2是Angular SPA应用程序,是解决方案中的主要应用程序.
- 应用程序3是MVC Web api应用程序.
在应用程序3中,我具有通常的asp.net核心SignInManager和UserManager代码(与启动新的MVC 6模板时默认情况下获得的代码相同-唯一的不同是,它存在于我的Web api中).并且登录/注销/注册等是通过我的AccountController中的Web api方法公开的.这使我可以锁定Web api,以便仅处理经过身份验证的请求(使用[Authorize]属性).
In app 3, I have the usual asp.net core SignInManager and UserManager code (the same code as you get by default when you start a new MVC 6 template - only different is, it exists in my web api here). And the login/logout/register etc is exposed via web api methods in my AccountController. This allows me to lock down the web api, so only authenticated requests get processed (using the [Authorize] attribute).
当我在AccountController中调用"Login"方法时,如果登录成功-它会返回一个具有以下名称的Set-Cookie指令:.AspNet.Microsoft.AspNet.Identity.Application"(用于身份验证) )
When I call the "Login" method in my AccountController, if login is successful - it returns a Set-Cookie directive with the following name: ".AspNet.Microsoft.AspNet.Identity.Application" (this is used for authentication)
然后,登录应用程序将用户从App1转发到App2.然后,对Web api(App3)的所有后续请求都将经过身份验证并允许执行.注意:通过后续请求-特别是在App2中,我的意思是通过角度调用从Web服务中请求数据.
The login app then forwards the user from App1 to App2. All subsequent requests to the web api (App3) are then Authenticated and allowed to be executed. NOTE: By subsequent requests - specifically I mean, within App2, angular calling to ask for data from the web service.
所有这些都可以正常工作-很好,它在IE中可以正常工作.这让我想到了一个问题,为什么这在Chrome中不起作用?我看到chrome中的Web api Login登录响应返回了"Set-Cookie"指令,但后续请求没有附加此Cookie.
All of this works fine - well, it works in IE fine. Which brings my to my question, why would this not be working in Chrome? I see the "Set-Cookie" directive coming back from the response of the web api Login in chrome, but subsequent requests do not have this cookie attached.
我在做什么错了?
注意: 我从登录方法获得的Http响应如下所示:
NOTE: My Http Response from the login method looks like this:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Kestrel
Set-Cookie: .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8FWIuvXs-TxKoIYE8259iAY52B_VZDPTTvYwZ-WAo8hhPCdLhmUfxNZD1wjxEt0sqqnZl6NomwHPNTNFkBxsq4cw_WkQYklnj_dK79wodIguLdPXAbKu6UbS6HKRBxFxjOKVAfIdyxZJ6xA2CtnR9nJC_CSg7v1vFSzgDEiSBso8D3aDNjzFk8
7oIJodC7WLVxWUqdUpjaGRCXqHTYjTwgL9DCihnajAlB921_oEPinUwIPP8g_ugCQmqbFq6kgQ-GwPTifBKRlbtwNsDwbetynl1gIqzELyjgEUAKgtpD9SX7FSjl1grxoGRjbPiXJe-k1SSdnUIHR7wYPkFpiis_c_P1pGkmSyeiDG-lf0xftTlXlnC3BWMbgXeWZn_hsDzbW_Tek3qiq_NB-T0IMGaJgjRnr5DARNcOACWbzwGvHFjsn7n0u7-UZOfzgQJ76d3ra-hjra
-aNcHLgbfDef3TK6z_CKt2iIlnTkyEJXC-3OSGnfWDRvofvQ216UApEPiKoJxiCjWSvGAQCzvf9P1TtKuwAQVxfWz8pL077E-Wfc-4ybtrT6Ivz2VbdFng5Ze5IQ5YWfYYTpDhLSHGKnpFgxVf96f7JwoXlgRq0gs7yEWdWFZs6d18pw-El5sLJr7g; path=/; secure; httponly
Access-Control-Allow-Origin: *
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XExvZ2lu?=
X-Powered-By: ASP.NET
Date: Wed, 04 May 2016 10:39:57 GMT
Content-Length: 16
推荐答案
我也遇到了这个问题.
虽然我在VS中的localhost环境运行良好,并且我的用户可以登录,但在chrome的已发布环境中却无法正常工作.
While my localhost environment in VS worked fine and my user could be logged in this didn't worked in the published environment for chrome.
这开始于我在生产前环境中尝试通过使用配置的绑定在https上修改IIS在IIS中尝试一些自签名证书的内容时.然后,我返回到http.
This began when I was trying some self-signed-certificate stuff in IIS on my pre-production-environment by turining on https with configured bindings. And after that I went back to http.
您可以在Chrome中尝试以下操作:打开开发者工具的转到标签应用程序,然后在左侧窗格中选择清除存储空间.即使使用量显示使用了0个字节,在右图下单击清除站点数据.无论如何都要做.
What you could try in Chrome is this: Open the developer-tools goto tab Application and in the left pane choose Clear storage. Under the diagram on the right click Clear site data even if the usage shows 0 Bytes used. Do it anyway.
最后,我又恢复了具有登录功能的应用程序.
Finally I got my application with login features back.
希望这也会对某人有所帮助.
Hope that this will help someone, too.
这篇关于在开发人员中运行时未在Google Chrome中设置ASP.net核心身份验证Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
