Dee*_*101 10 c# asp.net authentication cookies owin
我们有一个自定义cookie身份验证提供程序,它将auth cookie设置为主机名,.domain.com而不是domain.com或my.domain.com.我们这样做,因此cookie可用于所有子域和域.它很简单,如下所示.
问题
在应用程序冷启动后的第一次尝试中,cookie STILL承载域my.domain.com(我们的登录已开启my.domain.com)DESPITE .domain.com在执行SubdomainCookieAuthentication下面的代码后将其设置为(使用断点检查).在后续登录尝试中,cookie主机名很好.
题
我该如何解决这个问题,即使在第一次尝试时也能正常工作?
码
自定义cookie身份验证
public class SubdomainCookieAuthentication : CookieAuthenticationProvider
{
public override void ResponseSignIn(CookieResponseSignInContext context)
{
// We need to add a "." in front of the domain name to
// allow the cookie to be used on all sub-domains too
var hostname = context.Request.Uri.Host;
// works for www.google.com => google.com
// will FAIL for www.google.co.uk (gives co.uk) but doesn't apply to us
var dotTrimmedHostname = Regex.Replace(hostname, @"^.*(\.\S+\.\S+)", "$1");
context.Options.CookieDomain = dotTrimmedHostname;
base.ResponseSignIn(context);
}
}
这在Owin启动类中初始化如下
类: Startup
文件: App_start\Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new SubdomainCookieAuthentication()
});
}
我遇到了同样的问题,第一次尝试使用 ResponseSignIn 方法时未设置 Cookie 域。我通过将 Owin 库更新到 3.x 并使用新的 CookieManager 设置域来解决这个问题。从这篇文章中找到了这个解决方案:
Owin 如何在 Application_EndRequest 阶段之后设置 Asp.Net 身份验证 cookie?
public class ChunkingCookieManagerWithSubdomains : ICookieManager
{
private readonly ChunkingCookieManager _chunkingCookieManager;
public ChunkingCookieManagerWithSubdomains()
{
_chunkingCookieManager = new ChunkingCookieManager();
}
public string GetRequestCookie(IOwinContext context, string key)
{
return _chunkingCookieManager.GetRequestCookie(context, key);
}
public void AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options)
{
options.Domain = context.Request.Uri.GetHostWithoutSubDomain();
_chunkingCookieManager.AppendResponseCookie(context, key, value, options);
}
public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
{
options.Domain = context.Request.Uri.GetHostWithoutSubDomain();
_chunkingCookieManager.DeleteCookie(context, key, options);
}
}
public static class UriExtensions
{
public static string GetHostWithoutSubDomain(this Uri url)
{
if (url.HostNameType == UriHostNameType.Dns)
{
string host = url.Host;
if (host.Split('.').Length > 2)
{
int lastIndex = host.LastIndexOf(".");
int index = host.LastIndexOf(".", lastIndex - 1);
return host.Substring(index + 1);
}
else
{
return host;
}
}
return null;
}
}
然后,在Startup.Auth.cs中注册它
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
...
CookieManager = new ChunkingCookieManagerWithSubdomains(),
...
}
);
| 归档时间: |
|
| 查看次数: |
3012 次 |
| 最近记录: |