Owin CookieDomain IIS7和SSL(Owin CookieDomain IIS7 and SSL)

编程入门行业动态更新时间:2024-10-27 16:37:33

我在设置应用程序之间的SSO时遇到问题，在创建Cookie的应用程序中，我有：

app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), // LogoutPath = new PathString("/Account/Logout"), // ExpireTimeSpan = TimeSpan.FromDays(1), CookieName = "mycookie", CookieDomain = ".mydomain.com", });

当在本地测试时，我会得到我期望的结果

Cookie =名称：mycookie，域名：.mydomain.com

但是，当我去我们的测试环境时，我会得到

Cookie =名称：mycookie，域名：oauth.mydomain.com

由于cookie具有域的根，所以它不适用于其他应用程序。我已经做了我能想到的所有事情，但它似乎并不想使用配置中指定的域。

更新：在使用SSL时从IIS7环境托管时出现这是一个问题。当不在IIS7中使用SSL或者在使用IIS8部署到我们的UAT环境时，它会按预期工作。

使用SSL时，它也不能正确重定向。我认为这个问题也是相关的。

当我点击http://site.domain.com时，我被重定向到

http://auth.domain.com/account/login?returnUrl=site.domain.com

如预期的那样，但是如果启用SSL，我将重定向到

https：// site.domain.com /account/login?returnurl=site.domain.com

I am having a problem with setting up SSO between our apps, In the application that creates the cookie I have:

When testing this locally I get the result I expect

Cookie = Name: mycookie, Domain: .mydomain.com

However when I go to our test environment I get

Cookie = Name: mycookie, Domain: oauth.mydomain.com

Since the cookie has the root of the domain it does not work in the other applications. I have done everything I can think of but it just does not seem to want to use the domain specified in the configuration.

Update: It appears this is a problem when hosting from an IIS7 environment when using SSL. When not using SSL in IIS7 or when deployed to our UAT enviroment with IIS8 it works as expected.

When using SSL it is also not redirecting correctly. I think this problem is also related.

When I hit http://site.domain.com I am redirected to