我们有两个运行共享 cookie 身份验证的 .NET 应用程序.一个是 ASP.NET Core RC1 应用,另一个是经典的 .NET 4.5.1 应用.
We have two .NET-apps running shared cookie authentication. One is an ASP.NET Core RC1 app, and the other is a classic .NET 4.5.1 app.
目前这是在 Startup.cs 的 Configuration 方法中使用过时的 Microsoft.Owin.Security.Cookies.Interop 设置的:
This is currently set up using the outdated Microsoft.Owin.Security.Cookies.Interop in the Configuration method of Startup.cs:
这很好用,但不支持 RC2 的方法.
This works fine, but is no supported method for RC2.
我们如何才能使用 RC2 的共享 cookie 身份验证?
How can we get going with shared cookie authentication for RC2?
结合https://github.com/GrabYourPitchforks/aspnet5-samples/tree/dev/CookieSharing 和 在 Asp.Net Core 1 (MVC6) 和 MVC 5 应用程序之间共享身份验证 cookie 我想出了一个可行的解决方案.我不知道这是否是正确"的方法,但它有效,所以就这样吧:
Combining https://github.com/GrabYourPitchforks/aspnet5-samples/tree/dev/CookieSharing and Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications I was able to come up with a working solution. I have no idea if this is the "correct" way to to it, but it works, so here it goes:
在两个应用程序中使用 nuget-package Microsoft.Owin.Security.Interop 1.0.0-rc2-final.
使用 DataProtectionProvider 创建一个 TicketDataFormat,指定加密密钥在磁盘上的相同位置以及相同的用途.
Create a TicketDataFormat using DataProtectionProvider specifying the same location on disk for the encryption keys, as well as the same purpose.
在两个应用程序中以自己的方式配置 cookie 身份验证.指定相同的CookieName和TicketDataFormat:
Configure cookie authentication the owin way in both of the applications. Specify the same CookieName and TicketDataFormat:
.NET 4.5.1,在Startup.cs的Configure方法中:
.NET 4.5.1, in the Configure method of Startup.cs:
var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";
var dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = dataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector));
app.SetDefaultSignInAsAuthenticationType(authenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = authenticationType,
CookieName = cookieName,
TicketDataFormat = ticketDataFormat
});
.NET CORE RC2 在Startup.cs的Configure方法中:
.NET CORE RC2 in the Configure method of Startup.cs:
var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";
var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketFormat = new TicketDataFormat(dataProtector);
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
CookieName = options.CookieName,
CookieDomain = options.CookieDomain,
TicketDataFormat = ticketFormat
});
这篇关于ASP.NET Core RC2 和 .NET 4.5.1 应用程序之间的共享 cookie 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!