ASP.NET5,MVC 6 Cookies不在站点之间共享 [英] ASP.NET5, MVC 6 Cookies not being shared across sites
问题描述
我有一个ASP.NET5/MVC6网站和一个相应的OData服务,都托管在Azure上.
I have an ASP.NET5/MVC6 website and a corresponding OData Service both hosted on azure.
作为一个实验,我试图在网站(xxxportal.azurewebsites.net)上设置cookie,并在OData服务(xxxservice.azurewebsites.net)中访问该cookie.
As an experiment I am attempting to set a cookie on the website (xxxportal.azurewebsites.net) and access the cookie in the OData Service (xxxservice.azurewebsites.net).
我正在使用以下代码在AccountController中设置cookie.
I am setting the cookie in the AccountController with the following code.
Response
.Cookies
.Append(
"MyCookie",
"MyCookieValue",
new Microsoft.AspNet.Http.CookieOptions
{
Domain = "azurewebsites.net",
Path="/",
HttpOnly = true,
Expires = DateTime.MaxValue
});
运行Fiddler时,我可以看到cookie已设置.
When I run Fiddler I can see that the cookie is set.
HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Expires: -1
Location: /
Server: Microsoft-IIS/8.0
Set-Cookie: .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8B0ErUB73iFHtoSI2Xl7xKIM6bTPDudGXYwJ--ia_gE416t-asXaZS2_hg8C4OF1NqMLy39hehNKwRvJKpuYP44h_Cb5sLN3fMV2iVoIkHa7O9JNPXVI8EmZXhx3xQNUNnSo5zMWoIuZjXUJG4WoWYUFqPmUVbjaaAQgT6nCxSPi34kwBBLRXQbHwZxGVJgpTDDHFKSthzYCk8wYcBwh-Izjc7zja8mXuEtVDXyBWGWtFFkJSae2DltVWShWfPG7Z_jtD7909aLh0eGzpZQY7pDxftYgfoLZPwnbDZVvrx65RGhFk6A8N3jv3CMdIJDtxjO8m367fnsNJzve2IDn7npDf1OOvFCM9MIWfZ67Ns8w4vV3eIgGO6kAs_gop3mDphFH8ZRW8RwKhBiHhOoA76IVzgkeZWvZXvQeJDbUvTGfyMjgHQVnzWQJnvg5Gvz6JGNrpM8Yv7JxYrXVFrbtM6k7Aw83Cf9_JQAYBCSz6URYCKX3O_FApNCrhGsNtp4RkMdBa-uFnuQZ4ZgnRMMGuavMJLQ7zLz_KzPjBS3H3iyaYUaWVvXx5QgWWwHoWlIV0Yb_Ba_hxCVmoOSMQMXkkqSTHOxs2WZC5EcRF7zJprUVxR3FAR8c4_AhG3r9t5hAtwEE5l6T2oxOhgqe7Xkn1rY; path=/; httponly
Set-Cookie: MyCookie=MyCookieValue; expires=Fri, 31 Dec 9999 23:59:59 GMT; domain=azurewebsites.net; path=/; httponly
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2016 04:34:48 GMT
但是,对ODataService的请求未发送cookie. (我也看不到它在随后的请求中发送到同一站点.)
But on the request to the ODataService the cookie is not being sent. (I also don't see it sent on the subsequent requests to the same site.)
GET http://xxxservice.azurewebsites.net/Patients HTTP/1.1
Host: xxxservice.azurewebsites.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
Origin: http://xxxportal.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Referer: http://xxxportal.azurewebsites.net/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
我在做什么错了?
其他信息 我主要是从Chrome浏览器进行测试,但与IE11似乎相同. 我可以在Chrome浏览器中看到Cookie.
Additional Information I'm mostly testing from Chrome but seems to be the same from IE11. I can see the cookies in Chrome.
推荐答案
最初认为@Frédéric有正确的答案,但我无法使其与专用服务器一起使用.
Initially thought @Frédéric had the correct answer but I was unable to get it to work with dedicated servers.
最终,我碰到了这篇帖子带有凭据的跨域JQuery ajax调用. @Emily接受的答案指出服务器必须发送以下标头.
Eventually I came across this post Cross domain JQuery ajax call with credentials. The accepted answer by @Emily pointed out that the server must send the following Headers.
Access-Control-Allow-Origin: http://www.mywebsite.com
Access-Control-Allow-Credentials: true
另一个重要的方面是,如果您包含Allow-Credentials标头,则Allow-Origin 不能为"*".
Another important piece is that if you include the Allow-Credentials header then the Allow-Origin cannot be "*".
这篇关于ASP.NET5,MVC 6 Cookies不在站点之间共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
