本文介绍了ASP.net Core 1 - 未在Google Chrome中设置身份验证Cookie(适用于IE)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 我正在使用ASP.net Core 1,MVC 6。 我正在使用SignInManager和UserManager来验证来自另一个MVC应用程序的web api应用程序(MVC6 / C#)中的用户(实际上是从Jquery Ajax请求调用了web api Logon方法)。  在IE中,我调用了 Login 方法,成功后,它为我提供了一个带有ASP.net身份验证cookie的Set-Cookie响应。 &NBSP;然后,我可以看到后续请求附加了ASP.net身份验证cookie。  在chrome中,响应中返回了Set-Cookie指令,但后续请求没有附加cookie。 为什么会这样? 我能看到的唯一区别是,在Chrome中,有一个发布前的OPTIONS请求,但我已经在web api的startup.cs文件中处理了这个问题,基本上忽略了它。  IE 我的请求 登录 web api如下所示: 接受  * / * 接受编码  gzip,deflate 接受语言  en-IE Cache-Control  no-cache Connection  Keep-Alive Content-Length  246 Content-Type  application / X WWW的窗体-urlencoded;字符集= UTF-8 Cookie和NBSP; BeaeN4tYO5M = CfDJ8KMNkK4F2ylMlo1LFxNzxWLNDECVWfhxBYRQrw_MkNQBrVIwfO6FoMIMqg1PP-nZa8Dhp3IV1ZS1uXKpknUDYegiMlEvFaNG-wqUXErvQ5wkMMc_HBI88j-7bCbD2Q7P_B6fEQOQSTKHoL5sTcH0MoM DNT&NBSP; 1个 主机&NBSP;本地主机:44338 Referer  https:// localhost:44356 / 请求  POST / api / account /登录HTTP / 1.1 用户代理  Mozilla / 5.0(Windows NT 6.3; WOW64; Trident / 7.0; rv:11.0),如Gecko X-ACL-Key  ; 4A6F0007-95E7-4423-B786-6FBF981799FE 这样的回复: Key  Value 回复  HTTP /1.1 200 OK Cache-Control  no-cache Pragma  no-cache Content-Type  application / json;字符集= UTF-8 过期&NBSP; -1 服务器&NBSP;茶隼 的Set-Cookie&NBSP; oAuthInterop = CfDJ8Asqo6qO2cNHlXpsdNLsuoQWhLxXcnaNkAMTB-VvpkMRIz2AiM_7feoIM29gza_zZz97qaE6TKdqK8y1jDPjDDyiiMdOMiuCmCoV5X4IQ9xtHvpGgmFoxOSiYFVeVOBbHsLx4BccL647F9sJ07M55zvjMx_7wrt32omhONH64vmc12P3nepwZjNSIFYfom1U0Z4r4EX_0tZjKRH7FrdvO0PI2iY5SMaKhCcBw1QXpQHSUxL6Hm-Wr8Q46gFAYoa6YffJV0Rx80FvJHmr1LMAA6PAF0dU_DzNdRVHdXm14t_nbfl-6xb6o7WQN259moUhkT1ZQ9CZsYwWvn7VBmpjfIXNJvIu0FDnRaHnNMrj3uN77_cAMdO3OcyCuy- CAKJ9c-0PxKToStb9juGSNa9ClpVQPADzpUxFqxZU029AXBPavXQK2Ezvy7YT4FwCkL8TEf5AnB5hfOZ5YCBlqD30n2heMdHDbXRHpxeaQB4aoY_6uSpJ3cPazBDsbvGi4fV2-0g5NvoTGgJUXa5p4UntRmuiJ2tZHbMmEjXzf-GV6QtTFIhseKsS3n6TMX68yqQOhYOzxvHdJXPjYxvjmm6-vJw5w2FDgiEXoQJQ7qaSmGzRwOA_cE4VBV_RhzrZELmp3A; path = /;安全;仅Http X-SourceFiles&NBSP; = UTF-8乙QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XExvZ2lu = X供电-所谓NBSP;????ASP.NET 访问-Control-Allow-Methods  GET,PUT,POST,DELETE Access-Control-Allow-Headers  Content-Type,x-xsrf-token,X-ACL-Key 日期 星期五,2016年5月6日14:23:22 GMT 内容长度  16 后续测试网络API呼叫( IsLoggedIn ): 键 值 请求  ; GET / api / account / IsLoggedIn HTTP / 1.1 X-ACL-Key  4A6F0007-95E7-4423-B786-6FBF981799FE 接受  * / * Referer  https:// localhost:44356 / Accept-Language  en-IE 接受编码  gzip,deflate 用户代理  Mozilla / 5.0(Windows NT 6.3; WOW64; Tride NT / 7.0; rv:11.0)和Gecko一样 主机  localhost:44338 DNT  1 连接  Keep-Alive 缓存控制&NBSP;无缓存 Cookie和NBSP; BeaeN4tYO5M = CfDJ8KMNkK4F2ylMlo1LFxNzxWLNDECVWfhxBYRQrw_MkNQBrVIwfO6FoMIMqg1PP-nZa8Dhp3IV1ZS1uXKpknUDYegiMlEvFaNG-wqUXErvQ5wkMMc_HBI88j-7bCbD2Q7P_B6fEQOQSTKHoL5sTcH0MoM; oAuthInterop = CfDJ8Asqo6qO2cNHlXpsdNLsuoQWhLxXcnaNkAMTB-VvpkMRIz2AiM_7feoIM29gza_zZz97qaE6TKdqK8y1jDPjDDyiiMdOMiuCmCoV5X4IQ9xtHvpGgmFoxOSiYFVeVOBbHsLx4BccL647F9sJ07M55zvjMx_7wrt32omhONH64vmc12P3nepwZjNSIFYfom1U0Z4r4EX_0tZjKRH7FrdvO0PI2iY5SMaKhCcBw1QXpQHSUxL6Hm-Wr8Q46gFAYoa6YffJV0Rx80FvJHmr1LMAA6PAF0dU_DzNdRVHdXm14t_nbfl-6xb6o7WQN259moUhkT1ZQ9CZsYwWvn7VBmpjfIXNJvIu0FDnRaHnNMrj3uN77_cAMdO3OcyCuy-CAKJ9c-0PxKToStb9juGSNa9ClpVQPADzpUxFqxZU029AXBPavXQK2Ezvy7YT4FwCkL8TEf5AnB5hfOZ5YCBlqD30n2heMdHDbXRHpxeaQB4aoY_6uSpJ3cPazBDsbvGi4fV2-0g5NvoTGgJUXa5p4UntRmuiJ2tZHbMmEjXzf-GV6QtTFIhseKsS3n6TMX68yqQOhYOzxvHdJXPjYxvjmm6-vJw5w2FDgiEXoQJQ7qaSmGzRwOA_cE4VBV_RhzrZELmp3A Key  Value 回复  HTTP / 1.1 200 OK Content-Type  application / json;字符集= UTF-8 服务器&NBSP;茶隼 X-SourceFiles&NBSP;????= UTF-8乙QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XElzTG9nZ2VkSW4 = = X-支持ASP.NET&访问控制 - 允许 - 方法  GET,PUT,POST,DELETE 访问控制 - 允许 - 标题 内容类型, x-xsrf-token,X-ACL-Key 日期 星期五,2016年5月6日14:23:22 GMT 内容长度  68 CHROME 我的要求 登录  web api看起来像这样: POST / api / account /登录HTTP / 1.1 主持人:localhost:44338 连接:keep-alive 内容长度: 246 接受:* / * 来源:https:// localhost:44356 内容类型:application / x-www-form- urlencoded的; charset = UTF-8 用户代理:Mozilla / 5.0(Windows NT 6.3; WOW64)AppleWebKit / 537.36(KHTML,类似Gecko)Chrome / 50.0.2661.94 Safari / 537.36 X-ACL-Key:4A6F0007-95E7-4423-B786-6FBF981799FE Referer:https:// localhost:44356 / 接受编码:gzip,deflate 接受语言:en-GB,en-US; q = 0.8,en; q = 0.6 像这样的回复: HTTP / 1.1 200 OK 缓存控制:无缓存 Pragma:no-cache 内容类型:application / json; charset = utf-8 到期:-1 变化:原点 服务器:红隼 Set-Cookie :oAuthInterop = CfDJ8Asqo6qO2cNHlXpsdNLsuoRvlRjfUBWrkt3W3NzBJIoFYA6DcQivnfYmZV2O5xuiqpd75oRjZ-JeHBcjiOK0HoFJQ9f61RyJ2HDeuCNmQk0H-pA3Lzs5ft_F49dpQt0kFn3_-FzEh5-NScCbY4N6TiuYlWY4VSoKsdJJ91k7Z4LQO-0Wm3cZ6HfX0E6pLzGG4lWaZGuV-gOsVCRygR5nv_O_YpWwfaLsT_51aX6fNXVSotU6MECEkFdfWseqOGyYVj7KJrxY2mPwksE0XGACs12TnmfJzCABrzd06FnTPy3RuqJF2IWOobX6ZAHGMoAVFR07mhy9gMPyaHQ12RKmhBhZSXE-Yi3BHow2ER9d2Niligx7JjwYR7UfHFHWJdoYzewLRkZZGE5pw67O710hYyA2UCM2ODB9l9x-WDQ1A_3xjxu2Mrkp0lrF0V-h3y6V2gzEP9RyQAjDISEEZQqvb-GzfZrsRzzQcMn0TMhq5_LUKkX3AScSGRiarBzZ2O9Af3jzwTmN1BciJknJwMKRefq_zrXH7kymCD1kJM89aGkswqp2bycMQjlsjqg5k8EEhv8u1kLA7hA9NyE2ZaamB1PAWYz4NXi3Agccgw83nFi4bs6VE8ZLnyZFEwxdyEGyvQ; path = /;安全; httponly Access-Control-Allow-Origin:https:// localhost:44356 Access-Control-Allow-Credentials:true X -SourceFiles:= UTF-的8B QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XExvZ2lu = X供电,通过:???ASP.NET 访问控制允许的方法:GET,PUT ,POST,DELETE Access-Control-Allow-Headers:Content-Type,x-xsrf-token,X-ACL-Key 日期:2016年5月6日星期五12:59:36 GMT 内容长度:16 后续测试网络API致电( IsLoggedIn ): GET / api / account / IsLoggedIn HTTP / 1.1 主持人:localhost:44338 连接:keep-alive 接受:* / * 来源:https:// localhost:44356 用户代理:Moz illa / 5.0(Windows NT 6.3; WOW64)AppleWebKit / 537.36(KHTML,与Gecko一样)Chrome / 50.0.2661.94 Safari / 537.36 X-ACL-Key:4A6F0007-95E7-4423-B786-6FBF981799FE Referer:https:// localhost:44356 / 接受编码:gzip,deflate,sdch 接受语言:en-GB,en-US; q = 0.8 ,en; q = 0.6 响应如下: HTTP / 1.1 401未经授权 内容长度:0 内容类型:text / plain;字符集= UTF-8 服务器:茶隼 X-SourceFiles:????= UTF-8乙QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XElzTG9nZ2VkSW4 = = X- Powered by:ASP.NET 访问控制 - 允许 - 方法:GET,PUT,POST,DELETE 访问控制 - 允许 - 标题:内容类型, x-xsrf-token,X-ACL-Key 日期:2016年5月6日星期五12:59:43 GMT 我的web api控制器代码如下所示: [授权] [EnableCors(" AllowAll")] [路由(&api / [controller]")] 公共类AccountController:Controller { private readonly UserManager< ApplicationUser> _userManager; private readonly SignInManager< ApplicationUser> _signInManager; public AccountController(UserManager< ApplicationUser> userManager,SignInManager< ApplicationUser> signInManager) { _userManager = userManager; _signInManager = signInManager; } [HttpPost(" login")] [AllowAnonymous] public async Task< IActionResult>登录(UserLogin模型) { if(ModelState.IsValid){ var result = await _signInManager.PasswordSignInAsync(model.Email,model.Password,model.RememberMe,lockoutOnFailure:false); if(result.Succeeded){返回Json(new {success = true}); } if(result.RequiresTwoFactor){返回Json(new {success = false,errType = 1}); } if(result.IsLockedOut){返回Json(new {success = false,errType = 2}); } else { ModelState.AddModelError(string.Empty," Invalid login attempt。"); 返回Json(new {success = false,errType = 3}); } } 返回Json(new {success = false,errType = 0}); } [HttpGet(" IsLoggedIn")] public IActionResult IsLoggedIn() { return Json(new { loggedon =(HttpContext.User.Identity.Name!= null&&& HttpContext.User.Identity.IsAuthenticated), isauthenticated = HttpContext.User.Identity.IsAuthenticated, username = HttpContext.User.Identity .Name }); } } 我的网络API的Startup.cs如下所示:  ; public class Startup { public static int SessionLength {get;私人集; } private string Connection; public Startup(IHostingEnvironment env) { //设置配置源。 var builder = new ConfigurationBuilder() .AddJsonFile(" appsettings.json") .AddEnvironmentVariables(); Configuration = builder.Build(); SessionLength = 30; } public IConfigurationRoot Configuration {get;组; } //运行时调用此方法。使用此方法将服务添加到容器。 public void ConfigureServices(IServiceCollection services) { //获取配置的连接字符串。 Connection = Configuration [" Data:DefaultConnection:ConnectionString"]; var userStore = new CustomUserStore(); var roleStore = new CustomRoleStore(); var userPrincipalFactory = new CustomUserPrincipalFactory(); services.AddInstance< IUserStore< ApplicationUser>>(userStore); services.AddInstance< IRoleStore< ApplicationRole>>(roleStore); services.AddInstance< IUserClaimsPrincipalFactory< ApplicationUser>>(userPrincipalFactory); services.AddIdentity< ApplicationUser,ApplicationRole>(options => { options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents(){ OnRedirectToAccessDenied = ctx => { if(ctx.Response.StatusCode ==(int)HttpStatusCode.Unauthorized || ctx.Response.StatusCode ==(int)HttpStatusCode.Forbidden){ return Task.FromResult< object> ;(null); } ctx.Response.Redirect(ctx.RedirectUri); 返回Task.FromResult< object>(null); }, OnRedirectToLogin = ctx => { if(ctx.Response.StatusCode ==(int)HttpStatusCode.Unauthorized || ctx.Response.StatusCode ==(int)HttpStatusCode.Forbidden){返回Task.FromResult<对象>(空); } ctx.Response.Redirect(ctx.RedirectUri); 返回Task.FromResult< object>(null); } }; //options.Cookies.ApplicationCookie.CookieHttpOnly = false; options.Cookies.ApplicationCookieAuthenticationScheme =" ApplicationCookie" ;; options.Cookies.ApplicationCookie.AuthenticationScheme =" ApplicationCookie" ;; options.Cookies.ApplicationCookie.CookieName =" oAuthInterop" ;; options.Cookies.ApplicationCookie.AutomaticChallenge = true; options.Cookies.ApplicationCookie.AutomaticAuthenticate = true; options.Cookies.ApplicationCookie.DataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(" d:\\development\\artefacts")), configure => { configure.SetApplicationName(" TestAuthApp"); //configure.ProtectKeysWithCertificate("thumbprint"); }); options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromMinutes(SessionLength); })。AddDefaultTokenProviders(); //添加框架服务。 services.AddMvc(); //添加跨站点呼叫。 // TODO:实现更好的安全性而不是允许一切通过。 services.AddCors(options => options.AddPolicy(" AllowAll",p => p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader()。AllowCredentials() )); } //运行时调用此方法。使用此方法配置HTTP请求管道。 public void配置(IApplicationBuilder app,IHostingEnvironment env,ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection(" Logging")); loggerFactory.AddDebug(); app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear()); app.UseStaticFiles(); app.UseIdentity(); app.UseMvc(); } } 解决方案 请在ASP.NET论坛中发布与ASP.NET相关的问题(http: //forums.asp.net)。 Hi,I'm using ASP.net Core 1, MVC 6.  I am using SignInManager and UserManager, to authenticate a user in a web api application (MVC6 / C#) from another MVC application (the web api Logon method is actually called from a Jquery Ajax request). In IE, I call the Login method and when successful, it gives me a Set-Cookie response with an ASP.net auth cookie.  I can then see subsequent requests have the ASP.net auth cookie attached. In chrome, the Set-Cookie directive is returned in the response, but subsequent requests do not have the cookie attached.Why is this happening?  The only difference I can see is that in Chrome, there is a pre-flight OPTIONS request being sent, but I have handled that in the startup.cs file in the web api and am essentially ignoring it. IEMy request to Login web api looks like this:Accept */*Accept-Encoding gzip, deflateAccept-Language en-IECache-Control no-cacheConnection Keep-AliveContent-Length 246Content-Type application/x-www-form-urlencoded; charset=UTF-8Cookie BeaeN4tYO5M=CfDJ8KMNkK4F2ylMlo1LFxNzxWLNDECVWfhxBYRQrw_MkNQBrVIwfO6FoMIMqg1PP-nZa8Dhp3IV1ZS1uXKpknUDYegiMlEvFaNG-wqUXErvQ5wkMMc_HBI88j-7bCbD2Q7P_B6fEQOQSTKHoL5sTcH0MoMDNT 1Host localhost:44338Referer https://localhost:44356/Request POST /api/account/Login HTTP/1.1User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like GeckoX-ACL-Key 4A6F0007-95E7-4423-B786-6FBF981799FEResponse like this:Key ValueResponse HTTP/1.1 200 OKCache-Control no-cachePragma no-cacheContent-Type application/json; charset=utf-8Expires -1Server KestrelSet-Cookie oAuthInterop=CfDJ8Asqo6qO2cNHlXpsdNLsuoQWhLxXcnaNkAMTB-VvpkMRIz2AiM_7feoIM29gza_zZz97qaE6TKdqK8y1jDPjDDyiiMdOMiuCmCoV5X4IQ9xtHvpGgmFoxOSiYFVeVOBbHsLx4BccL647F9sJ07M55zvjMx_7wrt32omhONH64vmc12P3nepwZjNSIFYfom1U0Z4r4EX_0tZjKRH7FrdvO0PI2iY5SMaKhCcBw1QXpQHSUxL6Hm-Wr8Q46gFAYoa6YffJV0Rx80FvJHmr1LMAA6PAF0dU_DzNdRVHdXm14t_nbfl-6xb6o7WQN259moUhkT1ZQ9CZsYwWvn7VBmpjfIXNJvIu0FDnRaHnNMrj3uN77_cAMdO3OcyCuy-CAKJ9c-0PxKToStb9juGSNa9ClpVQPADzpUxFqxZU029AXBPavXQK2Ezvy7YT4FwCkL8TEf5AnB5hfOZ5YCBlqD30n2heMdHDbXRHpxeaQB4aoY_6uSpJ3cPazBDsbvGi4fV2-0g5NvoTGgJUXa5p4UntRmuiJ2tZHbMmEjXzf-GV6QtTFIhseKsS3n6TMX68yqQOhYOzxvHdJXPjYxvjmm6-vJw5w2FDgiEXoQJQ7qaSmGzRwOA_cE4VBV_RhzrZELmp3A; path=/; secure; httponlyX-SourceFiles =?UTF-8?B?QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XExvZ2lu?=X-Powered-By ASP.NETAccess-Control-Allow-Methods GET,PUT,POST,DELETEAccess-Control-Allow-Headers Content-Type,x-xsrf-token,X-ACL-KeyDate Fri, 06 May 2016 14:23:22 GMTContent-Length 16Subsequent test web api call (IsLoggedIn):Key ValueRequest GET /api/account/IsLoggedIn HTTP/1.1X-ACL-Key 4A6F0007-95E7-4423-B786-6FBF981799FEAccept */*Referer https://localhost:44356/Accept-Language en-IEAccept-Encoding gzip, deflateUser-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like GeckoHost localhost:44338DNT 1Connection Keep-AliveCache-Control no-cacheCookie BeaeN4tYO5M=CfDJ8KMNkK4F2ylMlo1LFxNzxWLNDECVWfhxBYRQrw_MkNQBrVIwfO6FoMIMqg1PP-nZa8Dhp3IV1ZS1uXKpknUDYegiMlEvFaNG-wqUXErvQ5wkMMc_HBI88j-7bCbD2Q7P_B6fEQOQSTKHoL5sTcH0MoM; oAuthInterop=CfDJ8Asqo6qO2cNHlXpsdNLsuoQWhLxXcnaNkAMTB-VvpkMRIz2AiM_7feoIM29gza_zZz97qaE6TKdqK8y1jDPjDDyiiMdOMiuCmCoV5X4IQ9xtHvpGgmFoxOSiYFVeVOBbHsLx4BccL647F9sJ07M55zvjMx_7wrt32omhONH64vmc12P3nepwZjNSIFYfom1U0Z4r4EX_0tZjKRH7FrdvO0PI2iY5SMaKhCcBw1QXpQHSUxL6Hm-Wr8Q46gFAYoa6YffJV0Rx80FvJHmr1LMAA6PAF0dU_DzNdRVHdXm14t_nbfl-6xb6o7WQN259moUhkT1ZQ9CZsYwWvn7VBmpjfIXNJvIu0FDnRaHnNMrj3uN77_cAMdO3OcyCuy-CAKJ9c-0PxKToStb9juGSNa9ClpVQPADzpUxFqxZU029AXBPavXQK2Ezvy7YT4FwCkL8TEf5AnB5hfOZ5YCBlqD30n2heMdHDbXRHpxeaQB4aoY_6uSpJ3cPazBDsbvGi4fV2-0g5NvoTGgJUXa5p4UntRmuiJ2tZHbMmEjXzf-GV6QtTFIhseKsS3n6TMX68yqQOhYOzxvHdJXPjYxvjmm6-vJw5w2FDgiEXoQJQ7qaSmGzRwOA_cE4VBV_RhzrZELmp3AResponse like this:Key ValueResponse HTTP/1.1 200 OKContent-Type application/json; charset=utf-8Server KestrelX-SourceFiles =?UTF-8?B?QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XElzTG9nZ2VkSW4=?=X-Powered-By ASP.NETAccess-Control-Allow-Methods GET,PUT,POST,DELETEAccess-Control-Allow-Headers Content-Type,x-xsrf-token,X-ACL-KeyDate Fri, 06 May 2016 14:23:22 GMTContent-Length 68CHROMEMy request to Login web api looks like this:POST /api/account/Login HTTP/1.1Host: localhost:44338Connection: keep-aliveContent-Length: 246Accept: */*Origin: https://localhost:44356Content-Type: application/x-www-form-urlencoded; charset=UTF-8User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36X-ACL-Key: 4A6F0007-95E7-4423-B786-6FBF981799FEReferer: https://localhost:44356/Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.8,en;q=0.6Response like this:HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/json; charset=utf-8Expires: -1Vary: OriginServer: KestrelSet-Cookie: oAuthInterop=CfDJ8Asqo6qO2cNHlXpsdNLsuoRvlRjfUBWrkt3W3NzBJIoFYA6DcQivnfYmZV2O5xuiqpd75oRjZ-JeHBcjiOK0HoFJQ9f61RyJ2HDeuCNmQk0H-pA3Lzs5ft_F49dpQt0kFn3_-FzEh5-NScCbY4N6TiuYlWY4VSoKsdJJ91k7Z4LQO-0Wm3cZ6HfX0E6pLzGG4lWaZGuV-gOsVCRygR5nv_O_YpWwfaLsT_51aX6fNXVSotU6MECEkFdfWseqOGyYVj7KJrxY2mPwksE0XGACs12TnmfJzCABrzd06FnTPy3RuqJF2IWOobX6ZAHGMoAVFR07mhy9gMPyaHQ12RKmhBhZSXE-Yi3BHow2ER9d2Niligx7JjwYR7UfHFHWJdoYzewLRkZZGE5pw67O710hYyA2UCM2ODB9l9x-WDQ1A_3xjxu2Mrkp0lrF0V-h3y6V2gzEP9RyQAjDISEEZQqvb-GzfZrsRzzQcMn0TMhq5_LUKkX3AScSGRiarBzZ2O9Af3jzwTmN1BciJknJwMKRefq_zrXH7kymCD1kJM89aGkswqp2bycMQjlsjqg5k8EEhv8u1kLA7hA9NyE2ZaamB1PAWYz4NXi3Agccgw83nFi4bs6VE8ZLnyZFEwxdyEGyvQ; path=/; secure; httponlyAccess-Control-Allow-Origin: https://localhost:44356Access-Control-Allow-Credentials: trueX-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XExvZ2lu?=X-Powered-By: ASP.NETAccess-Control-Allow-Methods: GET,PUT,POST,DELETEAccess-Control-Allow-Headers: Content-Type,x-xsrf-token,X-ACL-KeyDate: Fri, 06 May 2016 12:59:36 GMTContent-Length: 16Subsequent test web api call (IsLoggedIn):GET /api/account/IsLoggedIn HTTP/1.1Host: localhost:44338Connection: keep-aliveAccept: */*Origin: https://localhost:44356User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36X-ACL-Key: 4A6F0007-95E7-4423-B786-6FBF981799FEReferer: https://localhost:44356/Accept-Encoding: gzip, deflate, sdchAccept-Language: en-GB,en-US;q=0.8,en;q=0.6Response like this:HTTP/1.1 401 UnauthorizedContent-Length: 0Content-Type: text/plain; charset=utf-8Server: KestrelX-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcUm9iZXJ0XERlc2t0b3BcSEJFIE1hbmFnZXJcTUFJTlxCbHVlem9uZSBXZWJBcGlcc3JjXEJ6LkFwcGxpY2F0aW9uXEJ6LkFwcGxpY2F0aW9uLkFwaVx3d3dyb290XGFwaVxhY2NvdW50XElzTG9nZ2VkSW4=?=X-Powered-By: ASP.NETAccess-Control-Allow-Methods: GET,PUT,POST,DELETEAccess-Control-Allow-Headers: Content-Type,x-xsrf-token,X-ACL-KeyDate: Fri, 06 May 2016 12:59:43 GMTMy web api controller code looks like this:[Authorize][EnableCors("AllowAll")][Route("api/[controller]")]public class AccountController : Controller{private readonly UserManager<ApplicationUser> _userManager;private readonly SignInManager<ApplicationUser> _signInManager;public AccountController(UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager){_userManager = userManager;_signInManager = signInManager;}[HttpPost("login")][AllowAnonymous]public async Task<IActionResult> Login(UserLogin model){if (ModelState.IsValid) {var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);if (result.Succeeded) {return Json(new { success = true });}if (result.RequiresTwoFactor) {return Json(new { success = false, errType = 1 });}if (result.IsLockedOut) {return Json(new { success = false, errType = 2 });} else {ModelState.AddModelError(string.Empty, "Invalid login attempt.");return Json(new { success = false, errType = 3 });}}return Json(new { success = false, errType = 0 });}[HttpGet("IsLoggedIn")]public IActionResult IsLoggedIn(){return Json(new {loggedon = (HttpContext.User.Identity.Name != null && HttpContext.User.Identity.IsAuthenticated),isauthenticated = HttpContext.User.Identity.IsAuthenticated,username = HttpContext.User.Identity.Name});}}Startup.cs for my web api looks like this:  public class Startup { public static int SessionLength { get; private set; } private string Connection; public Startup(IHostingEnvironment env) { // Set up configuration sources. var builder = new ConfigurationBuilder() .AddJsonFile("appsettings.json") .AddEnvironmentVariables(); Configuration = builder.Build(); SessionLength = 30; } public IConfigurationRoot Configuration { get; set; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // Get the configured connection string. Connection = Configuration["Data:DefaultConnection:ConnectionString"]; var userStore = new CustomUserStore(); var roleStore = new CustomRoleStore(); var userPrincipalFactory = new CustomUserPrincipalFactory(); services.AddInstance<IUserStore<ApplicationUser>>(userStore); services.AddInstance<IRoleStore<ApplicationRole>>(roleStore); services.AddInstance<IUserClaimsPrincipalFactory<ApplicationUser>>(userPrincipalFactory); services.AddIdentity<ApplicationUser, ApplicationRole>(options => { options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents() { OnRedirectToAccessDenied = ctx => { if (ctx.Response.StatusCode == (int)HttpStatusCode.Unauthorized || ctx.Response.StatusCode == (int)HttpStatusCode.Forbidden) { return Task.FromResult<object>(null); } ctx.Response.Redirect(ctx.RedirectUri); return Task.FromResult<object>(null); }, OnRedirectToLogin = ctx => { if (ctx.Response.StatusCode == (int)HttpStatusCode.Unauthorized || ctx.Response.StatusCode == (int)HttpStatusCode.Forbidden) { return Task.FromResult<object>(null); } ctx.Response.Redirect(ctx.RedirectUri); return Task.FromResult<object>(null); } }; //options.Cookies.ApplicationCookie.CookieHttpOnly = false; options.Cookies.ApplicationCookieAuthenticationScheme = "ApplicationCookie"; options.Cookies.ApplicationCookie.AuthenticationScheme = "ApplicationCookie"; options.Cookies.ApplicationCookie.CookieName = "oAuthInterop"; options.Cookies.ApplicationCookie.AutomaticChallenge = true; options.Cookies.ApplicationCookie.AutomaticAuthenticate = true; options.Cookies.ApplicationCookie.DataProtectionProvider = new DataProtectionProvider(new DirectoryInfo("d:\\development\\artefacts"), configure => { configure.SetApplicationName("TestAuthApp"); //configure.ProtectKeysWithCertificate("thumbprint"); }); options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromMinutes(SessionLength); }).AddDefaultTokenProviders(); // Add framework services. services.AddMvc(); // Add cross site calls. //TODO: implement with better security instead of allowing everything through. services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader().AllowCredentials())); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear()); app.UseStaticFiles(); app.UseIdentity(); app.UseMvc(); }} 解决方案 Please post questions related to ASP.NET in the ASP.NET forums (http://forums.asp.net) . 这篇关于ASP.net Core 1 - 未在Google Chrome中设置身份验证Cookie(适用于IE)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!
10-29 01:04