Asp.Net Owin授权请求可以在隐身模式下工作，但不能在“正常”模式下工作。铬 [英] Asp.Net Owin authorized request works in Incognito mode but not "normal" Chrome

问题描述

我有一个Asp.Net应用程序，无论是正常模式还是隐身模式，我都可以在Chrome中正常登录。但是，当我执行API请求时，仅在隐身模式下获得了授权。

I have an Asp.Net application that I can log into without a problem in Chrome, both in normal mode and Incognito. When I however do an API request it is only authorized in Incognito mode.

然后，我尝试执行清空缓存并重新加载，重启Chrome，清除cookie，甚至重新启动计算机等，但无济于事。我在考虑是否可以使用某些插件，但是我尝试禁用Ad-blocker和所有其他插件，但仍然得到相同的结果。在隐身模式下，一切正常。

I then tried to do "Empty cache and hard reload", rebooted Chrome, cleared cookies, even restarted the computer etc but nothing works. I'm thinking if it could be some plugin but I tried disabling Ad-blocker and all the other plugins but I still get the same result. In Incognito everything works fine.

本地存储和会话存储为空，Localhost唯一的cookie是 .AspNet.ApplicationCookie

Local storage and session storage is empty and the only cookie present for Localhost is .AspNet.ApplicationCookie in both non-incognito and incognito.

然后我检查了去往服务器的请求，这是来自非隐身的：

I then checked the request going to the server, this is from non-incognito:

GET /api/prospects/active HTTP/1.1
Host: localhost:3807
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: ASP.NET_SessionId=ib450fjia5vizwpzxlnfuogd; XSRF-TOKEN=3hd4ZvxqpDU6sjttd22sjnxcrzCkptKajk3ml2maaf6oc8axj8N2P1QH6UzwPNeiKS4DhPYIhDVHzzwTaBb0-RF4ECjLZvPCUXqDEfrmaoIZ5rFOb2vubYL-PT4OGmyH0; XSRF-V=Zmq1iNyMWiHYOuEIYiKBGlEyW7pe1unHxGQN5K3zvn-30oHbX37JgMJTrlJMg0yCtLjfC2JJOiNOV9cO-ox6WIJgQR04cXZffeXzGfTF63E1; .AspNet.ApplicationCookie=RmjkiPr76LDahSXu-vOctxQY_TE0FT8nB-1ytaJ49_p3IYIntIO4fqu_CMuFalVYU9yls9FmGT8kC4L_Zb6fl12plkLfSlCuzVDkvwgi0QABCQ8oK9AgrN5wLx5Lk-OKMZ9LaxIpiDKuLuYFXX9F2LBE5524oEhk8fdUT-k8izwR5pJiBtPFV2PJ4U7ph77gNQRQNd3LMEKX2hYLIO4TjrfteVRClrAJYyVkP4uV9k_fWoHx-Lpx5aJiHIgM2naYqdyi9FmRYFOQRY1dScFhnz-PYYtfP_qkorjzjPLKDHfDQ06wzpuraB2J68bymbB4DG_d_Kr35d97O9WlGgLJo2qQV2HObQlGZ0qU3Dgmrib_ImmmFGcI3fwYWHV9WNV1kjUZ5DS9lIiZsAhqA8_eZbSKILmFw7L7vhMGNVKU6ptOeAyFqqRImY29nw2Fw5Rnrt3cy_Tw-pe229Ztvc7JRwfEF6bs7YqGWJTvGb1c3uE; UMB_UPDCHK=1; _ga=GA1.1.1065814793.1466085326; 3264e9011c=pe_data=|id=0b42d0758724f0295d9384687bcd6b0a; .AspNet.ApplicationCookie=Ol7PeRdke7-95-rLIAQY174l4UAly08mog8da0b7IHfAyHkcZTauLc7ZuGuynO5CTkuVokTuxrsPAwhUgeR9Ex9QpdcFeZV7COICBxBXSQADsbSCs1qf0daOG7LOId_ATup-pOiJcG1tr9JZ4biMdrPrsPE3Z3UITwWesD3UCovmmPMN7tk1cHKQ7XQO3M8tLRE_VWJX79R3aakNolFx2zKnUu15rsGSACcZzfANAGpZR59Ld0vr9378sSkIXrHOJWVgZyOloWlelQfKy1g5X5NZn2rIuBkS1gJrYAKf_4lR46BH8dR8pYbKAVYZb07xLAaiLBz7SkwMrc7nXIONIxnlKTKHBe43FSwu5mmAa5uRltd4Z7E4D_9J96OJd-hyFMA3n-F8SGL6diX6zxtSTjZfXmQmd-PJkzgg7FkuhPpb5nbCEMH6uI_JcU-ZZNbz4cAIbk0maLvLpUQKvkMz-txxNzgABgBUl753LaaHR0o

结果：

Result:

隐身请求：

GET /api/prospects/active HTTP/1.1
Host: localhost:3807
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: .AspNet.ApplicationCookie=PxTseFnL3UPqv438ySa4f0Cb9mb-0ByyjjMDjTSCD9tSCmN4X0xYgIyMVVriHj1UJ8aogNe_ztHcEfr8pkE4xsMx2miVZ1Z50BGxBwY7sIz22fFQzDmC3-ASPMzYE6k9IFECpdqFfBLkb4rcSx_kd-flUb9hVLGa0zDC-qpypIEZJaYg2j50OfX9g9h0Ko4XXx9DJcDTE4qkPPmD52oMn2qLGSdSOFfLyi4tNE66vsh38Bi4DIxSB2wSHEBlWsE9LyZpwC8IN6C1B6R4XDuJaliWMZJCmoWLCr5X-YPWo-PQcrCiK_iCSp5ndJJJBsY65L2MiVDueShMTi4UeFwzk24kTUES_zhS0JSXEPrOyXGWV_1OAIAGkRObkN7YvD78jSairV547nfcPFzGTt6VPrUq6FkXGINV0AHa_5Vo03Ygjg3o6PgCB8kDrijYy_tAeA2rnmkCUsb8ZD6W-veCoujGKpHOTkuA1Ock1cczxTg

您可以看到，即使Chrome开发者工具->应用程序仅显示一个cookie，非隐身请求也包含多个cookie。

As you can see the non-incognito request has several more cookies even though the Chrome Developer Tools -> Application shows only one cookie.

是什么原因造成的？

登录控制器：

private IAuthenticationManager AuthenticationManager => HttpContext.GetOwinContext().Authentication;

[HttpPost]
[Route("Login")]
public ActionResult Login(AuthenticationViewModel viewModel)
{
    if (!ModelState.IsValid)
    {
        return View(viewModel);
    }

    User user = authenticationGateway.Authenticate(viewModel.Username, viewModel.Password);

    if (user == null)
    {
        logRepository.LogInformation("Login failed", $"Login attempt for user {viewModel.Username} from IP {Request.UserHostAddress} failed.", Guid.NewGuid());
        TempData["loginError"] = "Wrong username or password.";

        return View(viewModel);
    }

    var claims = new List<Claim>
    {
        new Claim(ClaimTypes.Name, user.Name, ClaimValueTypes.String),
        new Claim(ClaimTypes.NameIdentifier, user.Id.ToString(), ClaimValueTypes.Integer),
        new Claim(ClaimTypes.Email, user.Email ?? string.Empty, ClaimValueTypes.Email),
        new Claim(ClaimTypes.Role, user.Role.ToString(), ClaimValueTypes.String),
        new Claim(ClaimTypes.OtherPhone, user.Phone ?? string.Empty, ClaimValueTypes.String),
        new Claim(CustomClaimTypes.SalesId, user.UgId.ToString(), ClaimValueTypes.Integer)
    };

    var claimsIdentity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
    AuthenticationManager.SignIn(claimsIdentity);

    logRepository.LogInformation("Login success", $"Login attempt for user {viewModel.Username} from IP {Request.UserHostAddress} succeeded.", Guid.NewGuid());

    return RedirectToAction("Index", "Home");
}

[HttpGet]
[Authorize]
[Route("Logout")]
public ActionResult Logout()
{
    logRepository.LogInformation("Logout", $"Logged out user {User.Identity.Name}. Logout initiated from IP {Request.UserHostAddress}.", Guid.NewGuid());

    AuthenticationManager.SignOut();

    return RedirectToAction("Login");
}

Startup.Auth：

Startup.Auth:

public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Login"),
            LogoutPath = new PathString("/Logout"),
            SlidingExpiration = true
        });
    }
}

推荐答案

I试图删除Cookie，但没有帮助。
因此，我尝试从Chore开发人员控制台中清除所有站点数据。它显示了特定的端口，但对于端口号
的所有本地Web应用程序均有所帮助。

I have tried to remove the cookies but it didn't help. So I have tried to clear all the site data from the Chore Developer Console. It shows the specific port but helped for all the local web apps regarding of the port number

这篇关于Asp.Net Owin授权请求可以在隐身模式下工作，但不能在“正常”模式下工作。铬的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！