在Asp.Net Core 1(MVC6)和MVC 5应用程序之间共享身份验证cookie [英] Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications

问题描述

我有一些共享相同身份验证Cookie的MVC 5应用程序.我正在使用ASP.NET Identity创建cookie.

I have a few MVC 5 applications that share the same authentication cookie. I'm using ASP.NET Identity to create the cookie.

我检查用户是否使用Owin的帮助器方法进行了身份验证，如下所示:

I checking if the user is authenticated using Owin's helper method, like so:

app.UseCookieAuthentication(
    new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        ExpireTimeSpan = TimeSpan.FromMinutes(expirationTimeInMinutes),
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider()
    });

在使用此cookie的所有应用程序中，我在web.config文件中具有以下配置:

And in all applications using this cookie, I have the following config in the web.config file:

<machineKey validationKey="..." decryptionKey="..." validation="SHA1" />

据我了解，此配置允许应用程序解密相同的cookie.

As I understand, this configuration allows the applications to decrypt the same cookie.

在MVC6应用程序中，我将其设置为使用如下cookie:

In the MVC6 application I'm setting it up to use the cookies like this:

app.UseCookieAuthentication(options =>
  {
    //options.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
    options.LoginPath = new PathString("/Account/login");
    //options.Provider = new CookieAuthenticationProvider()
  });

好的，这是我的问题，配置已经不同，因为我不知道指定提供程序还是身份验证类型.

OK, here's my problem the configuration is already different, as I don't know to specify the provider nor the authentication type.

之后，我必须配置解密密钥，但是据我了解，MVC 6没有web.config文件.那我该怎么做到呢?

After, I'd have to config the decryption key, but as I understand MVC 6 doesn't have a web.config file. So how can I achieved this?

推荐答案

免责声明:此答案仅适用于RC2，应于5月中旬发布.它可能与RC1一起使用，但需要更多工作.

Disclaimer: this answer is applicable to RC2 only, which should be released mid-May. It may work with RC1, but would require more work.

您可以使用新的Microsoft.Owin.Security.Interop包使OWIN/Katana cookie中间件使用新的序列化格式和ASP.NET Core使用的新数据保护堆栈(反之则困难得多，而且绝对不会推荐):

You can use the new Microsoft.Owin.Security.Interop package to make the OWIN/Katana cookies middleware use the new serialization format and the new data protection stack used by ASP.NET Core (the other way around would be much harder, and definitely not recommended):

OWIN/Katana应用:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        // Create a new data protection provider with a unique app
        // name shared by both your OWIN/Katana and ASP.NET Core apps:
        var provider = DataProtectionProvider.Create("your app name");

        // Create a protector compatible with the ASP.NET Core cookies middleware.
        // Replace the second argument ("Cookies") by the authentication scheme
        // used by your ASP.NET Core cookies middleware if necessary.
        var protector = provider.CreateProtector(
            "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
            "Cookies", "v2");

        // Set TicketDataFormat to force the OWIN/Katana cookies middleware
        // to use the new serialization format used by ASP.NET Core:
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(protector))
        });
    }
}

---

ASP.NET Core应用:

public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDataProtection(options =>
        {
            // Force the ASP.NET Core data protection stack to use
            // the name shared with your OWIN/Katana app.
            options.ApplicationDiscriminator = "your app name";
        });
    }
}

如果仅将其用于cookie中间件，则应该能够删除web.config中的machineKey节点，因为OWIN/Katana cookie中间件现在将使用新的数据保护堆栈，而不会不能依靠机器密钥，而是依靠机器上持久存在的钥匙圈(默认情况下，在注册表或特殊文件夹中).

You should be able to remove the machineKey node in your web.config if you're only using it for the cookies middleware, as the OWIN/Katana cookies middleware will now use the new data protection stack, that doesn't rely on machine keys but on a key ring persisted on the machine (by default, in either the registry or in a special folder).

如果您的应用程序部署在不同的计算机上，则建议同步整个计算机上的钥匙圈.您可以阅读其他SO帖子以获取更多信息.

If your apps are deployed on different machines, I'd recommend synchronizing the key rings across your machines. You can read this other SO post for more information.

这篇关于在Asp.Net Core 1(MVC6)和MVC 5应用程序之间共享身份验证cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！