What is the correct way to share the login cookie with an asp.net core application?
使用asp.net核心应用程序共享登录cookie的正确方法是什么?
I've got a single application running behind multiple subdomains i.e :
我有一个应用程序在多个子域后面运行,即:
- site1.mydomain.com
- site1.mydomain.com
- site2.mydomain.com
- site2.mydomain.com
and I can't get the authentication to persist across both.
我无法让身份验证在两者之间持续存在。
I have the startup.cs configured in the following manner and this allows me to authenticate via google :
我有以下方式配置的startup.cs,这允许我通过谷歌进行身份验证:
app.UseIdentity();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
LoginPath = new PathString("/account/login"),
AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
CookieDomain = ".mydomain.com",
CookieName = "AuthenticationCookie"
});
app.UseGoogleAuthentication(options =>
{
options.ClientId = "xxx";
options.ClientSecret = "xxx";
});
I also believe I correctly setup the data protection services because I currently have the site running in multiple docker containers and the application can successfully load balance.
我也相信我正确设置了数据保护服务,因为我目前在多个docker容器中运行该站点,并且应用程序可以成功地进行负载平衡。
What is confusing me is when I inspect the cookies set by the authentication process it always has the site1.mydomain.com logged against the authentication cookie and not .mydomain.
令我困惑的是,当我检查由身份验证过程设置的cookie时,它始终将site1.mydomain.com记录在身份验证cookie而不是.mydomain中。
It's like the cookiedomain is being ignored during the authentication process.
这就像在身份验证过程中被忽略了cookiedomain。
Any pointers would be gratefully received.
任何指针都会感激不尽。
1 个解决方案
#1
1
You might want to have a look at Identity Server for handling this type of scenario.
您可能希望查看Identity Server以处理此类方案。
https://github.com/IdentityServer/IdentityServer4
https://github.com/IdentityServer/IdentityServer4
It's a single sign-on framework based on oidc and oauth2. You could either host it in one of your existing sites, or create a third site that will act as the authentication service for your other sites.
它是基于oidc和oauth2的单点登录框架。您可以在其中一个现有站点中托管它,也可以创建第三个站点作为其他站点的身份验证服务。
#1
1
You might want to have a look at Identity Server for handling this type of scenario.
您可能希望查看Identity Server以处理此类方案。
https://github.com/IdentityServer/IdentityServer4
https://github.com/IdentityServer/IdentityServer4
It's a single sign-on framework based on oidc and oauth2. You could either host it in one of your existing sites, or create a third site that will act as the authentication service for your other sites.
它是基于oidc和oauth2的单点登录框架。您可以在其中一个现有站点中托管它,也可以创建第三个站点作为其他站点的身份验证服务。