我正在使用 ASP.NET Core开发一个应用程序,并且正在使用自定义Cookie身份验证。我CookieAuthenticationOptions是:
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
LoginPath = new PathString("/login"),
AccessDeniedPath = new PathString("/unauthorized/"),
AutomaticAuthenticate = true,
AutomaticChallenge = true
});
cookie 创建得很好,我可以在运行应用程序的整个过程中在浏览器设置中看到它。这是我HomeController课:
public HomeController(IHostingEnvironment env,
IAntiforgery antiforgery,
IOptions<AppSettings> appSettings,
TerminalDbContext terminalContext,
ILoggerFactory loggerFactory,
IHttpContextAccessor _httpContextAccessor)
{
_env = env;
_antiforgery = antiforgery;
_appSettings = appSettings;
_terminalContext = terminalContext;
_logger = loggerFactory.CreateLogger<HomeController>();
_httpContext = _httpContextAccessor.HttpContext;
_logger.LogInformation("Cookie coming");
var cookies = _httpContext.Request.Cookies[".AspNetCore.Cookies"];
if (cookies != null)
{
_logger.LogInformation(cookies.Length.ToString());
_logger.LogInformation(cookies.ToString());
}
else
{
_logger.LogInformation("THE COOKIE IS NULL");
}
}
这就是我登录用户的方式:
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, loginInfo.Username),
new Claim("DbName", loginInfo.Terminal.SesamDbName),
};
var userIdentity = new ClaimsIdentity(claims, "password");
ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
await _httpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
我正在运行该应用程序并创建了多个HomeController实例,因为我有HttpGet返回视图所需的JsonResult的方法。
应用程序第一次尝试[Authorize](对于Index()方法(时,它会找到cookie并进行身份验证和授权。第二次尝试[Authorize](对于返回JsonResult的HttpGet方法(时,它找不到cookie,即使它在我的浏览器设置中。这是我得到的日志,用于说明这一点:
...
info: Server.Controllers.HomeController[0]
Cookie coming
info: Server.Controllers.HomeController[0]
347
info: Server.Controllers.HomeController[0]
CfDJ8GSLZENXaNpNrtmz2DAt9joqJ6CEHpCFbJdbNxbQYjjoQmd4naOI0L0krNMSQdVhqPRP9tJJMMIRayc5ILRQMcJQWNZ0T9Fjuk7Qxg65wPP7SR43UZxwy6vGQ7_qeSp44gYLLe4NGEalhXynZxmD-jywqL4VJZ5y4OwpsEKLx-VVT03xAlt54J_qQk_O4wjwLQiZBpAVTFKUWN4u7H8yd_rwMTIGBPu21t5n35To9bTQU5677xNxiEFap3ukuxO4p-OxVakXqShy2Xk_vYDAvv_XFV6jgNcy4ZiCRB8VUhXGcNr205h4X0-O7JHB8mYbc13aZLmrAwvG5DWTBd3_OCo
...
info: Server.Controllers.HomeController[0]
Cookie coming
info: Server.Controllers.HomeController[0]
THE COOKIE IS NULL
为什么会这样?我能做些什么呢?
该问题与后端无关。我在前端使用 React,问题是fetch()没有将 cookie 传递给后端以获取GET方法。我只需要将{ credentials: 'same-origin' }设置为fetch()即可将 cookie 与请求一起发送。感谢您的所有帮助。