Asp.Net 核心 2 Google 子域上的身份验证和 Cookie 身份验证
Asp.Net Core 2 with Google Auth & Cookie auth on subdomains
我在 Azure 上有 3 个 Web 应用程序。
- Webapp1 是 www.mydomain.com
- Webapp2 是 admin.mydomain.com
- Webapp3 是 user.mydomain.com
当我登录 WebApp1 时,我想登录所有其他子域。
我想使用社交提供商来验证我的用户,并使用 asp.net 身份进行授权。
在阅读文档和 SO 问题后,这里是我的 Startup.cs
public void ConfigureServices(IServiceCollection services)
{
/*
* Some code
*/
// Creating a blob storage account to share keys for all applications
var storageAccount = CloudStorageAccount.Parse(configuration.GetConnectionString("IdentityStr"));
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("identity");
AsyncContext.Run(() => container.CreateIfNotExistsAsync());
services.AddDataProtection()
.SetApplicationName("MYAPP")
.PersistKeysToAzureBlobStorage(container, "keys.xml");
/*
* BEGIN DISGUSTING: I recreate the data protection provider here
* because I need the instance of it below for the Cookie options
*/
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection()
.SetApplicationName("MYAPP")
.PersistKeysToAzureBlobStorage(container, "keys.xml");
var service2 = serviceCollection.BuildServiceProvider();
var dataProtector = service2.GetRequiredService<IDataProtectionProvider>();
/*
* END DISGUSTING
*/
services.AddDbContext<AuthDbContext>(options =>
options.UseSqlServer(connectionString));
services.AddIdentity<AuthUser, AuthRole>()
.AddEntityFrameworkStores<AuthDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o =>
{
o.LoginPath = "/account/login";
o.LogoutPath = "/account/logout";
o.Cookie.Domain = "mydomain.com";
o.DataProtectionProvider = dataProtector;
o.TicketDataFormat = new TicketDataFormat(dataProtector.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Cookies", "v2"));
})
.AddGoogle(o =>
{
o.ClientId = configuration["Authentication:Google:ClientId"];
o.ClientSecret = configuration["Authentication:Google:ClientSecret"];
});
/*
* Some code
*/
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
/*
* Some code
*/
app.UseAuthentication();
/*
* Some code
*/
}
Cookie 在 Webapp1 上运行良好,但附加的域与 o.Cookie.Domain 中定义的域不同,而是 www.mydomain.om
这是 chrome 的 cookie 视图
以及提琴手的观点:
我可能错过了什么...
身份 cookie 没有设置域。你不需要第二次添加 Cookie,因为 Identity 已经添加了它,你需要配置那个实例,而不是你正在创建的新实例
所以尝试使用 ConfigureApplicationCookie
services.AddIdentity<AuthUser, AuthRole>()
.AddEntityFrameworkStores<AuthDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddGoogle(o =>
{
// Google options.
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
});
我在 Azure 上有 3 个 Web 应用程序。
- Webapp1 是 www.mydomain.com
- Webapp2 是 admin.mydomain.com
- Webapp3 是 user.mydomain.com
当我登录 WebApp1 时,我想登录所有其他子域。
我想使用社交提供商来验证我的用户,并使用 asp.net 身份进行授权。
在阅读文档和 SO 问题后,这里是我的 Startup.cs
public void ConfigureServices(IServiceCollection services)
{
/*
* Some code
*/
// Creating a blob storage account to share keys for all applications
var storageAccount = CloudStorageAccount.Parse(configuration.GetConnectionString("IdentityStr"));
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("identity");
AsyncContext.Run(() => container.CreateIfNotExistsAsync());
services.AddDataProtection()
.SetApplicationName("MYAPP")
.PersistKeysToAzureBlobStorage(container, "keys.xml");
/*
* BEGIN DISGUSTING: I recreate the data protection provider here
* because I need the instance of it below for the Cookie options
*/
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection()
.SetApplicationName("MYAPP")
.PersistKeysToAzureBlobStorage(container, "keys.xml");
var service2 = serviceCollection.BuildServiceProvider();
var dataProtector = service2.GetRequiredService<IDataProtectionProvider>();
/*
* END DISGUSTING
*/
services.AddDbContext<AuthDbContext>(options =>
options.UseSqlServer(connectionString));
services.AddIdentity<AuthUser, AuthRole>()
.AddEntityFrameworkStores<AuthDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o =>
{
o.LoginPath = "/account/login";
o.LogoutPath = "/account/logout";
o.Cookie.Domain = "mydomain.com";
o.DataProtectionProvider = dataProtector;
o.TicketDataFormat = new TicketDataFormat(dataProtector.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", "Cookies", "v2"));
})
.AddGoogle(o =>
{
o.ClientId = configuration["Authentication:Google:ClientId"];
o.ClientSecret = configuration["Authentication:Google:ClientSecret"];
});
/*
* Some code
*/
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
/*
* Some code
*/
app.UseAuthentication();
/*
* Some code
*/
}
Cookie 在 Webapp1 上运行良好,但附加的域与 o.Cookie.Domain 中定义的域不同,而是 www.mydomain.om
这是 chrome 的 cookie 视图
以及提琴手的观点:
身份 cookie 没有设置域。你不需要第二次添加 Cookie,因为 Identity 已经添加了它,你需要配置那个实例,而不是你正在创建的新实例
所以尝试使用 ConfigureApplicationCookie
services.AddIdentity<AuthUser, AuthRole>()
.AddEntityFrameworkStores<AuthDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddGoogle(o =>
{
// Google options.
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
});