c# - 如何在 asp.net 4.5 和 asp.net core 之间共享加密的 cookie?
问题描述
我们很少有 asp.net 4.5 应用程序共享由 web 配置机器密钥保护的身份验证 cookie (SSO) ,我不会更改它们。
ASP.NET 4.5 登录:
var auth = FederatedAuthentication.SessionAuthenticationModule;
auth.WriteSessionTokenToCookie(new System.IdentityModel.Tokens.SessionSecurityToken(cp));
现在我们即将在同一个域中实现新的 asp.net 核心应用程序,我们希望保留旧的 cookie 授权机制。Federatedauthentification 在 CORE 的运行时失败,是否有任何线索可以解密来自同一域的旧 cookie 并与 asp.net 和 asp.net core 共享新的?
ASP.NET 核心设置:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizePage("/Contact");
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
#region snippet1
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
#endregion
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
// Call UseAuthentication before calling UseMVC.
#region snippet2
app.UseAuthentication();
#endregion
app.UseMvc();
}
Asp.NET 核心 cookie 登录:
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.Email),
new Claim("FullName", user.FullName),
new Claim(ClaimTypes.Role, "Administrator"),
};
var claimsIdentity = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
//AllowRefresh = <bool>,
// Refreshing the authentication session should be allowed.
//ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10),
// The time at which the authentication ticket expires. A
// value set here overrides the ExpireTimeSpan option of
// CookieAuthenticationOptions set with AddCookie.
//IsPersistent = true,
// Whether the authentication session is persisted across
// multiple requests. Required when setting the
// ExpireTimeSpan option of CookieAuthenticationOptions
// set with AddCookie. Also required when setting
// ExpiresUtc.
//IssuedUtc = <DateTimeOffset>,
// The time at which the authentication ticket was issued.
//RedirectUri = <string>
// The full path or absolute URI to be used as an http
// redirect response value.
};
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
解决方案
推荐阅读
- authentication - 如何在 Keycloak 中限制 SAML 客户端的某些组的用户身份验证?
- delphi - 线程可以安全地创建 FMX.Graphics.TBitmap.Canvas 吗?
- python - 如何使用 Python3 中的对数属性确保一个数字是另一个数字的幂?
- sql-server - 如何根据具有不同 where 条件和按包含撇号的字段名称分组的日期表最大值获取结果?
- svn - .svnignore 在执行时被 Subversion 忽略:“svn copy”
- javascript - 延迟阅读php代码
- java - java温度转换程序不起作用
- html - chrome浏览器变窄时如何修复导航栏消失?
- scala - 为什么我启动火花流时 kafka 消费者代码会冻结?
- tensorflow - TensorFlow 删除图并释放资源