多重&asp.net Core Identity 中 SubDomain 的 cookie

本文介绍了多重&asp Core Identity 中 SubDomain 的 cookie的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个网页为同一个应用程序使用多个 URL:

I have a webpage which uses multiple URLS for the same application:

例如:*.MyWebPage.au*.YourWebPage.au

for example: *.MyWebPage.au *.YourWebPage.au

因此它将在多个 url 上使用子域.问题是我需要允许用户在他们登录的 url 的所有子域上进行身份验证.

So it will use subdomains on multiple urls. The problem is I need to allow for the user to be authenticated on all subdomains of the url which they have logged into.

例如，如果他们通过 www.mywebpage.au 登录，则需要为 *.mywebpage.au 设置 cookie，或者如果他们通过 www.yourwebpage.au 登录，则 cookie 应为 *.yourwebpage.au.

For example, if they login via www.mywebpage.au the cookie needs to be set for *.mywebpage.au or if they login via www.yourwebpage.au the cookie should be *.yourwebpage.au.

大多数允许 ASP.net 核心标识的子域的文档都指向 startup.cs(或 startup.auth.cs)文件并输入如下内容:`

Most of the documentation in allowing subdomains for ASP.NET core identity points to the startup.cs (or startup.auth.cs) file and entering something like this:`

app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = "mywebpage.au" });`

这对我不起作用，因为我不想要一个固定的域，我只想让所有用户都可以访问他们登录的 url 的所有子域.我显然可以在登录时通过请求获取他们的 url，但此时我需要动态设置 cookiedomain.

this will not work for me because I dont want a fixed domain, I just want to allow for all the users to have access to all the subdomains for the url they have signed in at. I can obviously get their url at the time of login via the request, but I need to dynamically set the cookiedomain at this point.

推荐答案

刚开始的时候没有意识到Identity和CookieAuthentication的区别.因为我使用的是身份

What I didnt realise when I started was the difference between Identity and CookieAuthentication. Since I was using Identity

app.UseIdentity();

app.UseCookieAuthentication 不是解决方案.

app.UseCookieAuthentication was not the solution.

我终于通过实现 ICookieManager 找到了我的解决方案.

I finally found my solution by implementing ICookieManager.

这是我的解决方案:

在 Startup.cs 中:

in Startup.cs:

services.AddIdentity<ApplicationUser, IdentityRole>(options => { options.Password.RequireDigit = false; options.Password.RequiredLength = 5; options.Password.RequireNonAlphanumeric = false; options.Password.RequireLowercase = false; options.Password.RequireUppercase = false; options.Cookies.ApplicationCookie.CookieManager = new CookieManager(); //Magic happens here }).AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders();

现在在我称为 CookieManager.cs 的类中:

now in a class I have called CookieManager.cs:

public class CookieManager : ICookieManager { #region Private Members private readonly ICookieManager ConcreteManager; #endregion #region Prvate Methods private string RemoveSubdomain(string host) { var splitHostname = host.Split('.'); //if not localhost if (splitHostname.Length > 1) { return string.Join(".", splitHostname.Skip(1)); } else { return host; } } #endregion #region Public Methods public CookieManager() { ConcreteManager = new ChunkingCookieManager(); } public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options) { options.Domain = RemoveSubdomain(context.Request.Host.Host); //Set the Cookie Domain using the request from host ConcreteManager.AppendResponseCookie(context, key, value, options); } public void DeleteCookie(HttpContext context, string key, CookieOptions options) { ConcreteManager.DeleteCookie(context, key, options); } public string GetRequestCookie(HttpContext context, string key) { return ConcreteManager.GetRequestCookie(context, key); } #endregion