ASP.NET身份的cookie和子域 [英] ASP.NET Identity cookie and subdomains
问题描述
我想分享一下我在跨子域ASP.NET身份的cookie。目前只是在本地。
I'm trying to share my ASP.NET Identity cookie across subdomains. Currently just locally.
- sub1.domain.local
- sub2.domain.local
我在同一台机器键在这两个网站,但SUB1创建的cookie不验证对SUB2,反之亦然。由此产生的cookie域始终是.domain.local(这应该是正确的?)
I have the same machine key on both sites, but a cookie created on sub1 does not validate on sub2 and vice versa. The resulting cookie domain is always ".domain.local" (which should be correct??)
这是我在启动类设置:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/login"),
CookieDomain = ".domain.local",
});
我试过在本地主机刚:siteport为每个站点,但结果相同(饼干领域的空白,为解决本地主机)
I've tried on just localhost:siteport for each site, but same result (cookie domain blank, resolving to "localhost")
我不能为我的生活弄清楚我在做什么错。也许有人可以点我在正确的方向?谢谢
I can't for the life of me figure out what I'm doing wrong. Maybe someone can point me in the right direction? Thanks
更新
好了,我已经想通了该cookie实际上是子域之间共享,但它仅考虑在创建cookie的子域名有效。需要找到一种方法来知道为什么验证在另一个网站上失败。
Okay, so I've figured out that the cookie is in fact shared between the subdomains, but it's only considered valid on the subdomain that created the cookie. Need to find a way to know why the authentication fails on the other site..
推荐答案
很多headscratching后,我注意到,在各种身份软件包版本号我差。我更新从的NuGet的各种包,而你不知道。有效!
After a lot of headscratching I noticed i difference in version numbers in various Identity packages. I updated the various packages from Nuget, and wouldn't you know. It worked!
我担心的是,它只能从次要版本(例如从Microsoft.Owin.Security.Cookies到3.0.0.0 3.0.1.0)更新。我不希望他们有留样,在未来不对齐..
What worries me is that it only updated from minor versions (e.g. Microsoft.Owin.Security.Cookies from 3.0.0.0 to 3.0.1.0). I don't hope they have to stay aligned like that in the future..
这篇关于ASP.NET身份的cookie和子域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!