C# 跨子域的 ASP.NET 身份 Cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19166599/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ASP.NET Identity Cookie across subdomains
提问by orourkedd
For forms authentication I used this in web.config (note the domain attribute):
对于表单身份验证,我在 web.config 中使用了它(注意域属性):
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" name=".ASPXAUTH" protection="Validation" path="/" domain=".myserver.dev" />
</authentication>
How is a single sign-on across subdomains configured for the new ASP.NET Identity Framework in Mvc 5?
如何在 Mvc 5 中为新的 ASP.NET Identity Framework 配置跨子域的单点登录?
More Info:
更多信息:
I am creating a multitenant application. Each client will be on a subdomain:
我正在创建一个多租户应用程序。每个客户端都将位于一个子域中:
client1.myapp.com
client1.myapp.com
client2.myapp.com
client2.myapp.com
I want a user to be able to sign on to client1.myapp.comand then go to client2.myapp.comand still be signed in. This was easy with forms authentication. I'm trying to figure out how to do it with the new Identity Framework.
我希望用户能够登录client1.myapp.com,然后转到client2.myapp.com并仍然登录。使用表单身份验证很容易。我试图弄清楚如何使用新的身份框架来做到这一点。
EDIT
编辑
Here is the code that eventually worked for me:
这是最终对我有用的代码:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
LoginPath = "/Account/Login",
CookieDomain = ".myapp.com"
});
采纳答案by Hao Kung
In Startup.Auth.cs, you will see something like:
在 Startup.Auth.cs 中,您将看到如下内容:
for RC:
RC:
app.UseSignInCookies();
This was removed in RTM and replaced with the explicit configuration of the cookie auth:
这在 RTM 中被删除并替换为 cookie auth 的显式配置:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
The CookieAuthenticationOptions class has a CookieDomain property which is what you are looking for I believe.
CookieAuthenticationOptions 类有一个 CookieDomain 属性,我相信这正是您正在寻找的。
回答by christiangobo
You need to set up in web.config the same machineKey for ALL websites/applications.
您需要在 web.config 中为所有网站/应用程序设置相同的 machineKey。
All websites MUST HAVE at least this configuration.
所有网站必须至少有这个配置。
http://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.85).aspx
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" name=".ASPXAUTH" protection="Validation" path="/" domain=".myserver.dev" />
</authentication>
<machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" decryption="Auto"/>
</system.web>
This is an example
这是一个例子
回答by BrandorK
This was driving me crazy until I learned that Identity 2.0 still depends on the machine key to encrypt the Authentication cookie. So if you want two instances of the same application on different sub-domains then you need to set the same machine key for each application.
这让我很抓狂,直到我了解到 Identity 2.0 仍然依赖机器密钥来加密身份验证 cookie。因此,如果您希望在不同的子域上有相同应用程序的两个实例,那么您需要为每个应用程序设置相同的机器密钥。
So in summary:
所以总结一下:
- CookieDomain = ".myapp.com"
Set identical machine keys in each application's web config
<system.web> <machineKey decryptionKey="EEEB09D446CCFE71B82631D37DEDCC917B8CB01EC315" validationKey="60E4EFE8DD26C4BF8CDAEDCA10716C85820839A207C56C8140DB7E32BE04630AD631EDF25C748D0F539918283C5858AF456DBE208320CFFA69244B4E589" /> </system.web>
- CookieDomain = ".myapp.com"
在每个应用程序的 Web 配置中设置相同的机器密钥
<system.web> <machineKey decryptionKey="EEEB09D446CCFE71B82631D37DEDCC917B8CB01EC315" validationKey="60E4EFE8DD26C4BF8CDAEDCA10716C85820839A207C56C8140DB7E32BE04630AD631EDF25C748D0F539918283C5858AF456DBE208320CFFA69244B4E589" /> </system.web>
This answer led me to setting the values: Does ASP.NET Identity 2 use machinekey to hash the password?
这个答案让我设置了这些值: Does ASP.NET Identity 2 use machinekey to hash the password?
回答by JDandChips
In the Startup.Auth.cs file, add the CookieDomainparameter with your domain:
在 Startup.Auth.cs 文件中,CookieDomain使用您的域添加参数:
var cookieAuthenticationOptions = new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieDomain = ".mydomain.com"
};
Then for all websites you need to set a unique machine key. The easiest way to generate a new one is using IIS:
然后对于所有网站,您需要设置唯一的机器密钥。生成新的最简单的方法是使用 IIS:
Find the "Machine Key" option on your site:
在您的网站上找到“机器密钥”选项:
Click the "Generate Keys" button to get your keys.
单击“生成密钥”按钮以获取您的密钥。
Finally, the above process will add the following to your web.configand you need to ensure that this is copied into each of your sites.
最后,上述过程会将以下内容添加到您的web.config,您需要确保将其复制到您的每个站点中。
<machineKey
validationKey="DAD9E2B0F9..."
decryptionKey="ADD1C39C02..."
validation="SHA1"
decryption="AES"
/>
