从外部URL重定向回到ASP.NET MVC中的“操作方法"后,无法保留cookie [英] Unable to persist cookies after redirecting from External URL back to Action Method in ASP.NET MVC
问题描述
因此,作为我网站中付款过程的一部分,我必须访问ExternalURL来验证某些字段,并且由于完成验证,我将通过一些响应变量将POST返回到我的操作方法.我面临的问题是,即使我尝试了以下步骤,cookie也无法持久存在.
So as part of the payment process in my site, I have to visit an ExternalURL to validate certain fields and as a result of the Validation completion, I will be getting a POST back to my Action Method with some response variables. The problem that I am facing is that the cookies fail to persist even though I have tried out the following Steps.
- 已经为Cookie松散地明确分配了SameSite标志.
- 已经对Web.config进行了一些更改,我将在下面进行介绍.
我修改过的Web.config的一部分.
Part of the Web.config that I modified.
<system.web>
<authentication mode="None">
<forms cookieSameSite="Lax" requireSSL="false" />
</authentication>
<compilation debug="true" targetFramework="4.7.2" />
<httpRuntime targetFramework="4.7.2" executionTimeout="500" />
<!-- Added this line for restoring Cookie values after the redirect to an external URI. -->
<httpCookies requireSSL="true" />
<sessionState cookieSameSite="None" cookieless="false" timeout="360" />
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483647" />
</webServices>
<scriptResourceHandler enableCaching="false" enableCompression="false" />
</scripting>
</system.web.extensions>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
<!--<rewrite>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=lax" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=lax" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>-->
</system.webServer>
调用外部URL的方法具有这段代码.
The method from where we call the External URL has this piece of code.
HttpCookie ckpaymentTRID = new HttpCookie("PaResTransactionID");
ckpaymentTRID.Value = resultPaymentObj.TransactionID.ToString();
ckpaymentTRID.SameSite = System.Web.SameSiteMode.Lax;
ckpaymentTRID.Secure = true;
HttpContext.Response.Cookies.Add(ckpaymentTRID);
我从外部URL接收POST的方法包括
The method where I receive the POST from the External URL consists of this
var SomeCookiee = HttpContext.Request.Cookies["PaResTransactionID"];
此外,我在此处浏览了这篇文章并了解.NET Framework更新前后的更改.
Also, I have browsed through this article here and am aware of the changes pre and post the .NET framework update.
提前感谢您的帮助!
推荐答案
打开所有web.config设置更改都是无关紧要的,因为其余更改实际上足以进行剪切.实际上,这是我如何解决此问题的提示:
Turns all the web.config setting changes were inconsequential as the remaining were actually enough to make the cut. Here is actually how I got a hint about how to solve this issue :
当我从应用程序重定向到Google Chrome中的External-URL ......时,在开发工具下,您可以看到已传递的cookie.;由于您的cookie不是安全 cookie,因此chrome默认将 SameSite 设置从无更改为松散,因此您的cookie根本不会在整个请求中持久存在." ...然后,它提示我更改Web应用程序设置,使其在VS2019中以https://localhost而不是http://localhost的身份运行.完成该操作后,我不再需要显式的 HttpCookie 或 sessionState 设置,而实际上不需要将它们设置在web.config和Cookie值中尽管进行了外部域重定向,但仍保持不变.
As I was being redirected from my application to the External-URL.....in Google Chrome, under dev tools you get to see the cookies that have been passed... I was always getting a warning saying that "since your cookie is not a secure cookie, chrome by default changes the SameSite setting from None to Lax and so your cookie doesn't persist throughout the request at all.".....which then prompted me to change the web application settings to run as https://localhost rather than http://localhost in VS2019. Once I did that, I saw that I no more needed the explicit HttpCookie or sessionState settings to be modified or in fact placed at all in the web.config and the Cookie value persisted in spite of the External Domain Re-Direction.
这篇关于从外部URL重定向回到ASP.NET MVC中的“操作方法"后,无法保留cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
