.NET Core 2.2 Shared Cookie 在登录时导致 Bad Request 错误 [英] .NET Core 2.2 Shared Cookie causes Bad Request error when logging in
问题描述
我有 2 个应用程序在它们之间共享 cookie.这是startup.cs中的配置:
I have 2 applications that share cookies between them. This is the configuration in both the startup.cs:
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.Name = Environment.GetEnvironmentVariable(CONST.CookieName);
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.Path = Environment.GetEnvironmentVariable(CONST.CookiePath);
options.Cookie.Domain = Environment.GetEnvironmentVariable(CONST.CookieDomain);
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(CONST.CookieExpiryTimeSpanInMinutes)));
options.LoginPath = Environment.GetEnvironmentVariable(CONST.LoginPath);
options.AccessDeniedPath = Environment.GetEnvironmentVariable(CONST.AccessDeniedPath);
options.SlidingExpiration = true;
});
现在的问题是,如果我同时加载应用程序 A 和应用程序 B,登录应用程序 A 然后单击应用程序 B 上的登录,我会收到错误请求错误.我尝试调试 App B 以检查为什么会出现此错误,但我发现当我登录 App A 并尝试登录 App B 时,该应用程序不知道我已经通过身份验证.
The problem now is that if I load App A and App B together, login into App A then click login on App B, I get a Bad Request error. I tried to debug App B to check why it was getting this error and I discovered that when I am logged in to App A and try to login on App B, the Application doesn't know that I have already been authenticated.
if (User.Identity.IsAuthenticated)
{
return LocalRedirect(returnUrl);
}
上面的行总是错误的.
有没有办法防止这个问题?或者有没有办法检查cookie是否已经设置?
Is there a way to prevent this issue? Or is there a way to check if a cookie has already been set?
我已经为所有应用设置了数据保护密钥:
I have set the Data Protection Key for all the apps:
var ds = new DirectoryInfo("PathTOKey");
services.AddDataProtection()
.PersistKeysToFileSystem(ds)
.SetApplicationName("DPName");
Startup.cs 中的 Cookie 选项
Cookie Options in Startup.cs
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 6;
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = false;
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
options.Lockout.AllowedForNewUsers = false;
});
var ds = new DirectoryInfo(Path.Combine(Environment.GetEnvironmentVariable(UCCASGlobals.CentralApplicationSettings), "KeyRing"));
services.AddDataProtection()
.PersistKeysToFileSystem(ds)
.SetApplicationName(Environment.GetEnvironmentVariable(UCCASGlobals.DataProtectionApplicationName));
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.Name = Environment.GetEnvironmentVariable(UCCASGlobals.CookieName);
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.Path = Environment.GetEnvironmentVariable(UCCASGlobals.CookiePath);
options.Cookie.Domain = Environment.GetEnvironmentVariable(UCCASGlobals.CookieDomain);
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(UCCASGlobals.CookieExpiryTimeSpanInMinutes)));
options.LoginPath = Environment.GetEnvironmentVariable(UCCASGlobals.LoginPath);
options.AccessDeniedPath = Environment.GetEnvironmentVariable(UCCASGlobals.AccessDeniedPath);
options.SlidingExpiration = true;
});
推荐答案
确保您在应用程序和数据保护密钥中都配置了数据保护,并且两个应用程序中的应用程序名称必须相同.
Make sure that you have configured data protection in both of application and data protection keys and the app name must be the same in two Apps .
配置数据保护系统以将密钥保存到指定目录.此路径可能位于本地计算机上,也可能指向 UNC 共享.
Configures the data protection system to persist keys to the specified directory. This path may be on the local machine or may point to a UNC share.
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(@"d:Keys"))
.SetApplicationName("SharedCookieApp");
services.ConfigureApplicationCookie(options => {
options.Cookie.Name = ".AspNet.SharedCookie";
});
您可以通过请求中的 cookie 名称检查 cookie 值
You could check the cookies value by cookie name in the request
var cookie=Request.Cookies["Cookie Name"];
这篇关于.NET Core 2.2 Shared Cookie 在登录时导致 Bad Request 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!