我有一个ASP.NET Core MVC应用程序,该应用程序还托管一个API.该网站使用身份默认设置,因此在您登录cookie时进行了设置.该API已配置为使用JWT承载身份验证.
I have an ASP.NET Core MVC application that also hosts an API. The site uses Identity defaults so when you log in a cookie is set. The API has been configured to use JWT Bearer authentication.
我还有一个单独的ASP.Net Core MVC应用程序,该应用程序承载一个Javascript SPA,该Java SPA作为身份验证服务器和API与该其他站点进行通信.
I also have a separate ASP.Net Core MVC app that hosts a Javascript SPA that communicates to this other site as the authentication server and the API.
在我的开发机上,这些项目使用不同的端口,并且当我登录到主API站点时,将设置cookie,并且可以看到cookie路径设置为根"/".这是所需的行为,因为我希望Javascript SPA知道我已通过身份验证并登录.
On my dev machine these projects use different ports and when the I log in to the main API site a cookie is set and I can see that the cookie path is set to root " / ". This is the desired behaviour since I want the Javascript SPA to know that I am authenticated and logged in.
当我将其部署到我们的IIS服务器时,我为每个应用程序提供了一条虚拟路径,如下所示:
When I deploy this to our IIS server, I give each app a virtual path like so:
网站1:/SPA网站2:/API
Site 1: /SPA Site 2: /API
将其部署到IIS时,我注意到cookie路径设置为"/API".
When I deploy this to IIS, I notice that the cookie Path is set to "/API".
这不是理想的行为,因为SPA应用程序认为我未通过身份验证.
This is not the desired behaviour as the SPA app thinks I am not authenticated.
我希望能够覆盖它,并将cookie路径明确设置为根"/".
I want to be able to override this and set the cookie path explicitly to root "/".
如何在仍然允许JWT Bearer身份验证的同时设置cookie路径?
How do I set the the cookie path while still allowing for JWT Bearer authentication?
推荐答案您应该能够在 ConfigureServices 中配置cookie路径,例如:
You should be able to configure the cookie path in ConfigureServices like:
services.ConfigureApplicationCookie(options => { options.Cookie.Path = "/"; });请参见 docs.microsoft/zh-cn/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1&tabs=aspnetcore2x#cookie-settings
更多推荐
如何为ASP.NET Core Identity cookie设置路径
发布评论