authentication - 切换到生产环境和 Https 时的 Asp Net Core Identity 问题
问题描述
一切都在开发本地机器上运行良好(像往常一样!)但是由于我发布了一个支持 HTTPS 的生产版本(=Environment Production),我遇到了以下问题。
然后,如果我想访问某个功能,应用程序会要求我使用默认的 Asp Net Core Identity 登录页面再次登录。奇怪的是我已经登录了,如页面右上角所示:
确实不一致:有时我可以立即登录有时我必须使用默认的“身份”登录页面进行第二步登录(这就像一个魔术,因为我的项目中没有这样的页面! )当我注销时,我得到一个nullreferenceobject
-httpcontext
也许这就是线索。
这让我觉得httpcontext
设置不正确。下面是我来自 startup.cs 的身份验证配置:
#region Cookie options
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = _environment.IsDevelopment()
? CookieSecurePolicy.None : CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
});
services.ConfigureApplicationCookie(options =>
{
options.AccessDeniedPath = "/Account/AccessDenied";
options.Cookie.Name = "AuthCookie";
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.LogoutPath = "/Account/Logout";
options.LoginPath = "/Account/Login";
// ReturnUrlParameter requires
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
options.SlidingExpiration = true;
options.Cookie.SecurePolicy = _environment.IsDevelopment()
? CookieSecurePolicy.None : CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.IsEssential = true;
});
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(60);
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
});
#endregion
//This registers the various databases, either as in-memory or via SQL Server (see appsetting.json for connection strings)
var databaseSettings = new DatabaseSettings();
_configuration.GetSection("DatabaseSettings").Bind(databaseSettings);
services.RegisterDatabases(databaseSettings);
#region Identity Services
//https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-3.1
services.AddDefaultIdentity<ItemUser>(options =>
options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ExtraAuthorizeDbContext>()
.AddDefaultTokenProviders()
.AddClaimsPrincipalFactory<CustomClaimsPrincipalFactory>();
// Register the Identity services.
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireDigit = true;
options.Password.RequireUppercase = true;
options.Password.RequiredUniqueChars = 0;
options.Password.RequireLowercase = true;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(10);
options.Lockout.MaxFailedAccessAttempts = 3;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+?!&$€%";
options.User.RequireUniqueEmail = true;
// Default SignIn settings.
options.SignIn.RequireConfirmedEmail = true;
options.SignIn.RequireConfirmedPhoneNumber = false;
});
services.AddScoped<IPasswordHasher<ItemUser>, IpsumPasswordHasher>();
#region Page Authorization
services.AddMvc() //to avoid adding Authorize attribute to all pages model
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/");
//Manage folder need to be logged in
options.Conventions.AuthorizeFolder("/Account/Manage");
//Reset password doesn't need to logged in
options.Conventions.AllowAnonymousToPage("/Account/ResetPassword");
//Ask for checking email to validate email address
options.Conventions.AllowAnonymousToPage("/Account/CheckEmail");
//Message when Email has been confirmed
options.Conventions.AllowAnonymousToPage("/Account/ConfirmEmail");
//Authenticated on external login, ask for creating a backup account in the app
options.Conventions.AllowAnonymousToPage("/Account/ExternalLogin");
//Input Email to get a reset password email
options.Conventions.AllowAnonymousToPage("/Account/ForgotPassword");
//Ask for checking email to reset password
options.Conventions.AllowAnonymousToPage("/Account/ForgotPasswordConfirmation");
//User Profile
options.Conventions.AllowAnonymousToPage("/Account/Index");
//Notification that account is lock out
options.Conventions.AllowAnonymousToPage("/Account/Lockout");
//Login screen
options.Conventions.AllowAnonymousToPage("/Account/Login");
//Login when 2FA is enabled = seconde step after standard login
options.Conventions.AllowAnonymousToPage("/Account/LoginWith2fa");
//Login with recovery code = use recovery code if 2FA code not received
options.Conventions.AllowAnonymousToPage("/Account/LoginWithRecoveryCode");
//Notification log out successful
options.Conventions.AllowAnonymousToPage("/Account/Logout");
//Register as a new user
options.Conventions.AllowAnonymousToPage("/Account/Register");
options.Conventions.AllowAnonymousToPage("/Account/ResetPasswordConfirmation");
options.Conventions.AllowAnonymousToPage("/stripewebhook");
});
#endregion
我不知道在哪里检查以解决此问题。感谢您的帮助。
解决方案
推荐阅读
- c# - 如何从其文件夹外部执行 .exe
- performance - Jmeter 地址已在使用中,运行 600/秒的用户并发负载测试时出错
- powerbi - 基于切片器选择的输出使用 SWITCH 和 SELECTEDVALUE 的 DAX
- javascript - 鼠标靠近时改变背景
- css - 实现对齐
- ruby-on-rails - 如何从 API 将数据保存在“has_many trough”关系中?
- bash - 在 bash 函数中使用 grep 和 cut
- javascript - 按另一个对象排序对象(字符串)
- c# - C#,将字符串转换为 Newtonsoft.Json.Linq.JToken
- drupal - 在自定义 Drupal 菜单中操作 HTML