本文介绍了ASP.NET Core RC2和.NET 4.5.1应用程序之间的共享cookie身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们有两个运行共享Cookie身份验证的.NET应用程序.一个是ASP.NET Core RC1应用程序,另一个是经典的.NET 4.5.1应用程序.

We have two .NET-apps running shared cookie authentication. One is an ASP.NET Core RC1 app, and the other is a classic .NET 4.5.1 app.

当前是使用Startup.cs的Configuration方法中过时的Microsoft.Owin.Security.Cookies.Interop设置的:

This is currently set up using the outdated Microsoft.Owin.Security.Cookies.Interop in the Configuration method of Startup.cs:

这可以正常工作,但不支持RC2.

This works fine, but is no supported method for RC2.

我们如何进行RC2的共享cookie身份验证?

How can we get going with shared cookie authentication for RC2?

推荐答案

组合 https://github.com/GrabYourPitchforks/aspnet5-samples/tree/dev/CookieSharing 和我能够提出一个可行的解决方案.我不知道这是否是解决问题的正确"方法,但是它可以正常工作,所以在这里:

Combining https://github.com/GrabYourPitchforks/aspnet5-samples/tree/dev/CookieSharing and Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications I was able to come up with a working solution. I have no idea if this is the "correct" way to to it, but it works, so here it goes:

  1. 在两个应用程序中都使用nuget软件包Microsoft.Owin.Security.Interop 1.0.0-rc2-final.

使用DataProtectionProvider创建一个TicketDataFormat,为磁盘上的加密密钥指定相同的位置,并具有相同的用途.

Create a TicketDataFormat using DataProtectionProvider specifying the same location on disk for the encryption keys, as well as the same purpose.

在两个应用程序中以独有方式配置cookie身份验证.指定相同的CookieName和TicketDataFormat:

Configure cookie authentication the owin way in both of the applications. Specify the same CookieName and TicketDataFormat:

.NET 4.5.1,在Startup.cs的Configure方法中:

.NET 4.5.1, in the Configure method of Startup.cs:

var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";

var dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = dataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector));

app.SetDefaultSignInAsAuthenticationType(authenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = authenticationType,
            CookieName = cookieName,
            TicketDataFormat = ticketDataFormat
        });

的Configure方法中的

.NET CORE RC2:

.NET CORE RC2 in the Configure method of Startup.cs:

var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";

var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketFormat = new TicketDataFormat(dataProtector);


app.UseCookieAuthentication(
                new CookieAuthenticationOptions
                {
                    CookieName = options.CookieName,
                    CookieDomain = options.CookieDomain,
                    TicketDataFormat = ticketFormat
                });

这篇关于ASP.NET Core RC2和.NET 4.5.1应用程序之间的共享cookie身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-31 10:22