多重&asp.net Core Identity 中 SubDomain 的 cookie [英] Multiple & SubDomain's cookie in asp.net Core Identity
问题描述
我有一个网页为同一个应用程序使用多个 URL:
I have a webpage which uses multiple URLS for the same application:
例如:*.MyWebPage.com.au*.YourWebPage.com.au
for example: *.MyWebPage.com.au *.YourWebPage.com.au
因此它将在多个 url 上使用子域.问题是我需要允许用户在他们登录的 url 的所有子域上进行身份验证.
So it will use subdomains on multiple urls. The problem is I need to allow for the user to be authenticated on all subdomains of the url which they have logged into.
例如,如果他们通过 www.mywebpage.com.au 登录,则需要为 *.mywebpage.com.au 设置 cookie,或者如果他们通过 www.yourwebpage.com.au 登录,则 cookie 应为 *.yourwebpage.com.au.
For example, if they login via www.mywebpage.com.au the cookie needs to be set for *.mywebpage.com.au or if they login via www.yourwebpage.com.au the cookie should be *.yourwebpage.com.au.
大多数允许 ASP.NET 核心标识的子域的文档都指向 startup.cs(或 startup.auth.cs)文件并输入如下内容:`
Most of the documentation in allowing subdomains for ASP.NET core identity points to the startup.cs (or startup.auth.cs) file and entering something like this:`
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieDomain = "mywebpage.com.au"
});`
这对我不起作用,因为我不想要一个固定的域,我只想让所有用户都可以访问他们登录的 url 的所有子域.我显然可以在登录时通过请求获取他们的 url,但此时我需要动态设置 cookiedomain.
this will not work for me because I dont want a fixed domain, I just want to allow for all the users to have access to all the subdomains for the url they have signed in at. I can obviously get their url at the time of login via the request, but I need to dynamically set the cookiedomain at this point.
推荐答案
刚开始的时候没有意识到Identity和CookieAuthentication的区别.因为我使用的是身份
What I didnt realise when I started was the difference between Identity and CookieAuthentication. Since I was using Identity
app.UseIdentity();
app.UseCookieAuthentication 不是解决方案.
app.UseCookieAuthentication was not the solution.
我终于通过实现 ICookieManager 找到了我的解决方案.
I finally found my solution by implementing ICookieManager.
这是我的解决方案:
在 Startup.cs 中:
in Startup.cs:
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredLength = 5;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here
}).AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
现在在我称为 CookieManager.cs 的类中:
now in a class I have called CookieManager.cs:
public class CookieManager : ICookieManager
{
#region Private Members
private readonly ICookieManager ConcreteManager;
#endregion
#region Prvate Methods
private string RemoveSubdomain(string host)
{
var splitHostname = host.Split('.');
//if not localhost
if (splitHostname.Length > 1)
{
return string.Join(".", splitHostname.Skip(1));
}
else
{
return host;
}
}
#endregion
#region Public Methods
public CookieManager()
{
ConcreteManager = new ChunkingCookieManager();
}
public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
{
options.Domain = RemoveSubdomain(context.Request.Host.Host); //Set the Cookie Domain using the request from host
ConcreteManager.AppendResponseCookie(context, key, value, options);
}
public void DeleteCookie(HttpContext context, string key, CookieOptions options)
{
ConcreteManager.DeleteCookie(context, key, options);
}
public string GetRequestCookie(HttpContext context, string key)
{
return ConcreteManager.GetRequestCookie(context, key);
}
#endregion
这篇关于多重&asp.net Core Identity 中 SubDomain 的 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!