身份服务器 SameSite=None 无法登录
Identity Server SameSite=None cannot login
我正在开发一个使用 IdentityServer 4 和 .Net 5 的应用程序我基于 'with React.js' 和个人身份验证模板创建了项目。
当我 运行 在本地应用程序时一切正常,如果我 运行 它通过 docker 但是,当我尝试登录时静默失败并将我重定向回登录屏幕
我唯一的猜测是当 login/redirect 发生
时我看到这些消息时,身份验证 cookie 被搞砸了
warn: Microsoft.AspNetCore.Http.ResponseCookies[1]
The cookie 'Identity.External' has set 'SameSite=None' and must also set 'Secure'.
warn: Microsoft.AspNetCore.Http.ResponseCookies[1]
The cookie 'idsrv.session' has set 'SameSite=None' and must also set 'Secure'.
warn: Microsoft.AspNetCore.Http.ResponseCookies[1]
The cookie '.AspNetCore.Identity.Application' has set 'SameSite=None' and must also set 'Secure'.
我试图将 cookies SecurePolicy
更改为 CookieSecurePolicy.Always
services.AddAuthentication()
.AddIdentityServerJwt()
.AddCookie(options =>
{
options.CookieManager = new ChunkingCookieManager();
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
但是没有任何影响,知道为什么会出现这个问题吗?
谢谢
尝试像Scoruba's Identity Server中那样使用它。
对我来说效果很好。
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.Secure = CookieSecurePolicy.SameAsRequest;
options.OnAppendCookie = cookieContext =>
AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext =>
AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
});
public static class AuthenticationHelpers
{
public static void CheckSameSite(HttpContext httpContext, CookieOptions options)
{
if (options.SameSite != SameSiteMode.None)
return;
string userAgent = httpContext.Request.Headers["User-Agent"].ToString();
if (httpContext.Request.IsHttps && !AuthenticationHelpers.DisallowsSameSiteNone(userAgent))
return;
options.SameSite = SameSiteMode.Unspecified;
}
public static bool DisallowsSameSiteNone(string userAgent) => userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12") || userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && userAgent.Contains("Version/") && userAgent.Contains("Safari") || userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6");
}
我正在开发一个使用 IdentityServer 4 和 .Net 5 的应用程序我基于 'with React.js' 和个人身份验证模板创建了项目。
当我 运行 在本地应用程序时一切正常,如果我 运行 它通过 docker 但是,当我尝试登录时静默失败并将我重定向回登录屏幕
我唯一的猜测是当 login/redirect 发生
时我看到这些消息时,身份验证 cookie 被搞砸了warn: Microsoft.AspNetCore.Http.ResponseCookies[1]
The cookie 'Identity.External' has set 'SameSite=None' and must also set 'Secure'.
warn: Microsoft.AspNetCore.Http.ResponseCookies[1]
The cookie 'idsrv.session' has set 'SameSite=None' and must also set 'Secure'.
warn: Microsoft.AspNetCore.Http.ResponseCookies[1]
The cookie '.AspNetCore.Identity.Application' has set 'SameSite=None' and must also set 'Secure'.
我试图将 cookies SecurePolicy
更改为 CookieSecurePolicy.Always
services.AddAuthentication()
.AddIdentityServerJwt()
.AddCookie(options =>
{
options.CookieManager = new ChunkingCookieManager();
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
但是没有任何影响,知道为什么会出现这个问题吗?
谢谢
尝试像Scoruba's Identity Server中那样使用它。
对我来说效果很好。
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.Secure = CookieSecurePolicy.SameAsRequest;
options.OnAppendCookie = cookieContext =>
AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext =>
AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
});
public static class AuthenticationHelpers
{
public static void CheckSameSite(HttpContext httpContext, CookieOptions options)
{
if (options.SameSite != SameSiteMode.None)
return;
string userAgent = httpContext.Request.Headers["User-Agent"].ToString();
if (httpContext.Request.IsHttps && !AuthenticationHelpers.DisallowsSameSiteNone(userAgent))
return;
options.SameSite = SameSiteMode.Unspecified;
}
public static bool DisallowsSameSiteNone(string userAgent) => userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12") || userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && userAgent.Contains("Version/") && userAgent.Contains("Safari") || userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6");
}