英文:
Google Chrome Browser Block ".AspNetCore.Identity.Application" Cookie In Deployment Only
问题
在将ASP.NET Core MVC 6部署到IIS服务器后,用户在提交真实登录时未重定向到控制器并未经身份验证。当我在开发者工具中跟踪Cookie时,.AspNetCore.Identity.Application 上有一个感叹号,当悬停在上面时,会显示消息(此Cookie已被阻止,因为它具有“Secure”属性并且连接不安全)。
我尝试过的方法:
- 更改Cookie配置
- 将
LocalRedirect(returnUrl)更改为RedirectionToAction("Index", "Home") - 在
Areas.Identity.Pages.Account中的LoginModel上添加[AllowAnonymous]属性 - 从
program.cs中删除Use.HttpsRedirection();
英文:
After deploy asp.net core mvc 6 to iis server the user in case submit a true login not redirected to the controller and not authenticated, when I tracked the cookie in developer tools there is a ! mark on .AspNetCore.Identity.Application and when hover on it there is a message show (This cookie was blocked because it had the "Secure" attribute and the connection was not secure).
What I tried Before
- Changing the cookie configuration
- Exchange return
LocalRedirect(returnUrl)To returnRedirectionToAction("Index","Home") - Add
[AllowAnonymous]attribute onLoginModelinAreas.Identity.Pages.Account - Remove
Use.HttpsRedirection();from program.cs
答案1
得分: 1
因为服务器上托管了许多应用程序,所以浏览器阻止了 cookie,因为其他应用程序具有相同的 cookie 名称 .AspNetCore.Identity.Application。所以问题可以通过更改 cookie 名称来简单解决:
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
});
builder.Services.ConfigureApplicationCookie(options => options.Cookie.Name = "AppNameForExample");
英文:
Because there are many apps host in the server so the browser blocked the cookie cause the other apps have the same cookie name which .AspNetCore.Identity.Application. So simply the issue can be solved by changing the name of the cookie:
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
});
builder.Services.ConfigureApplicationCookie(options => options.Cookie.Name = "AppNameForExample");
答案2
得分: 0
你的cookies已配置为要求使用HTTPS连接。当你尝试在非安全连接上设置它们时,它们将被拒绝。你可以尝试以下步骤:
- 获取有效的SSL证书:你需要一个被你的目标浏览器信任的证书。检查你的web.config文件设置:
<httpCookies requireSSL="true" />
-
配置IIS以使用HTTPS:这涉及将SSL证书绑定到IIS网站并启用HTTPS。
-
更新你的ASP.NET Core应用程序以使用HTTPS:在Startup.cs文件中,你可以使用以下代码将所有HTTP流量重定向到HTTPS:
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Rewrite;
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
var options = new RewriteOptions().AddRedirectToHttps();
app.UseRewriter(options);
// 其余的代码...
}
英文:
Your cookies are configured to require an HTTPS connection. When you try to set them on a non-secure connection, they will be rejected. You can try these steps:
- Obtain a valid SSL certificate: You'll need a certificate that is trusted by the browsers you're targeting. Check your web.config file settings for:
<httpCookies requireSSL="true" />
-
Configure IIS to use HTTPS: This involves binding the SSL certificate to the IIS website and enabling HTTPS.
-
Update your ASP.NET Core application to use HTTPS: In the Startup.cs file, you can use the following code to redirect all HTTP traffic to HTTPS:
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Rewrite;
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
var options = new RewriteOptions().AddRedirectToHttps();
app.UseRewriter(options);
// rest of the code...
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论