ASP.NET身份的cookie和子域 [英] ASP.NET Identity cookie and subdomains

问题描述

我想分享一下我在跨子域ASP.NET身份的cookie。目前只是在本地。

I'm trying to share my ASP.NET Identity cookie across subdomains. Currently just locally.

• sub1.domain.local


• sub2.domain.local

我在同一台机器键在这两个网站，但SUB1​​创建的cookie不验证对SUB2，反之亦然。由此产生的cookie域始终是.domain.local（这应该是正确的？）

I have the same machine key on both sites, but a cookie created on sub1 does not validate on sub2 and vice versa. The resulting cookie domain is always ".domain.local" (which should be correct??)

这是我在启动类设置：

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/login"),
            CookieDomain = ".domain.local",
        });

我试过在本地主机刚：siteport为每个站点，但结果相同（饼干领域的空白，为解决本地主机）

I've tried on just localhost:siteport for each site, but same result (cookie domain blank, resolving to "localhost")

我不能为我的生活弄清楚我在做什么错。也许有人可以点我在正确的方向？谢谢

I can't for the life of me figure out what I'm doing wrong. Maybe someone can point me in the right direction? Thanks

更新

好了，我已经想通了该cookie实际上是子域之间共享，但它仅考虑在创建cookie的子域名有效。需要找到一种方法来知道为什么验证在另一个网站上失败。

Okay, so I've figured out that the cookie is in fact shared between the subdomains, but it's only considered valid on the subdomain that created the cookie. Need to find a way to know why the authentication fails on the other site..

推荐答案

很多headscratching后，我注意到，在各种身份软件包版本号我差。我更新从的NuGet的各种包，而你不知道。有效！

After a lot of headscratching I noticed i difference in version numbers in various Identity packages. I updated the various packages from Nuget, and wouldn't you know. It worked!

我担心的是，它只能从次要版本（例如从Microsoft.Owin.Security.Cookies到3.0.0.0 3.0.1.0）更新。我不希望他们有留样，在未来不对齐..

What worries me is that it only updated from minor versions (e.g. Microsoft.Owin.Security.Cookies from 3.0.0.0 to 3.0.1.0). I don't hope they have to stay aligned like that in the future..

这篇关于ASP.NET身份的cookie和子域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！