.NET Core 2.2 Shared Cookie 在登录时导致 Bad Request 错误 [英] .NET Core 2.2 Shared Cookie causes Bad Request error when logging in

问题描述

我有 2 个应用程序在它们之间共享 cookie.这是startup.cs中的配置:

I have 2 applications that share cookies between them. This is the configuration in both the startup.cs:

services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.Name = Environment.GetEnvironmentVariable(CONST.CookieName);
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
    options.Cookie.Path = Environment.GetEnvironmentVariable(CONST.CookiePath);
    options.Cookie.Domain = Environment.GetEnvironmentVariable(CONST.CookieDomain);
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(CONST.CookieExpiryTimeSpanInMinutes)));

    options.LoginPath = Environment.GetEnvironmentVariable(CONST.LoginPath);
    options.AccessDeniedPath = Environment.GetEnvironmentVariable(CONST.AccessDeniedPath);
    options.SlidingExpiration = true;
});

现在的问题是，如果我同时加载应用程序 A 和应用程序 B，登录应用程序 A 然后单击应用程序 B 上的登录，我会收到错误请求错误.我尝试调试 App B 以检查为什么会出现此错误，但我发现当我登录 App A 并尝试登录 App B 时，该应用程序不知道我已经通过身份验证.

The problem now is that if I load App A and App B together, login into App A then click login on App B, I get a Bad Request error. I tried to debug App B to check why it was getting this error and I discovered that when I am logged in to App A and try to login on App B, the Application doesn't know that I have already been authenticated.

if (User.Identity.IsAuthenticated)
{
    return LocalRedirect(returnUrl);
}

上面的行总是错误的.

有没有办法防止这个问题?或者有没有办法检查cookie是否已经设置?

Is there a way to prevent this issue? Or is there a way to check if a cookie has already been set?

我已经为所有应用设置了数据保护密钥:

I have set the Data Protection Key for all the apps:

var ds = new DirectoryInfo("PathTOKey");
services.AddDataProtection()
    .PersistKeysToFileSystem(ds)
    .SetApplicationName("DPName");

Startup.cs 中的 Cookie 选项

Cookie Options in Startup.cs

services.Configure<CookiePolicyOptions>(options =>
{
    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
    options.CheckConsentNeeded = context => false;
    options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure<IdentityOptions>(options =>
{
    options.Password.RequireDigit = false;
    options.Password.RequireLowercase = false;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireUppercase = true;
    options.Password.RequiredLength = 6;
    options.User.AllowedUserNameCharacters =
    "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
    options.User.RequireUniqueEmail = false;
    options.SignIn.RequireConfirmedEmail = false;
    options.SignIn.RequireConfirmedPhoneNumber = false;
    options.Lockout.AllowedForNewUsers = false;
});
var ds = new DirectoryInfo(Path.Combine(Environment.GetEnvironmentVariable(UCCASGlobals.CentralApplicationSettings), "KeyRing"));
services.AddDataProtection()
    .PersistKeysToFileSystem(ds)
    .SetApplicationName(Environment.GetEnvironmentVariable(UCCASGlobals.DataProtectionApplicationName));

services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.Name = Environment.GetEnvironmentVariable(UCCASGlobals.CookieName);
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
    options.Cookie.Path = Environment.GetEnvironmentVariable(UCCASGlobals.CookiePath);
    options.Cookie.Domain = Environment.GetEnvironmentVariable(UCCASGlobals.CookieDomain);
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(UCCASGlobals.CookieExpiryTimeSpanInMinutes)));

    options.LoginPath = Environment.GetEnvironmentVariable(UCCASGlobals.LoginPath);
    options.AccessDeniedPath = Environment.GetEnvironmentVariable(UCCASGlobals.AccessDeniedPath);
    options.SlidingExpiration = true;
});

推荐答案

确保您在应用程序和数据保护密钥中都配置了数据保护，并且两个应用程序中的应用程序名称必须相同.

Make sure that you have configured data protection in both of application and data protection keys and the app name must be the same in two Apps .

配置数据保护系统以将密钥保存到指定目录.此路径可能位于本地计算机上，也可能指向 UNC 共享.

Configures the data protection system to persist keys to the specified directory. This path may be on the local machine or may point to a UNC share.

services.AddDataProtection()
         .PersistKeysToFileSystem(new DirectoryInfo(@"d:Keys"))
         .SetApplicationName("SharedCookieApp");

services.ConfigureApplicationCookie(options => {
          options.Cookie.Name = ".AspNet.SharedCookie";
        });

您可以通过请求中的 cookie 名称检查 cookie 值

You could check the cookies value by cookie name in the request

var cookie=Request.Cookies["Cookie Name"];

参考:https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-3.0

这篇关于.NET Core 2.2 Shared Cookie 在登录时导致 Bad Request 错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！