Google Chrome 浏览器仅在部署中阻止 “.AspNetCore.Identity.Application” Cookie。

huangapple go评论52阅读模式
英文:

Google Chrome Browser Block ".AspNetCore.Identity.Application" Cookie In Deployment Only

问题

在将ASP.NET Core MVC 6部署到IIS服务器后,用户在提交真实登录时未重定向到控制器并未经身份验证。当我在开发者工具中跟踪Cookie时,.AspNetCore.Identity.Application 上有一个感叹号,当悬停在上面时,会显示消息(此Cookie已被阻止,因为它具有“Secure”属性并且连接不安全)。

我尝试过的方法:

  • 更改Cookie配置
  • LocalRedirect(returnUrl)更改为RedirectionToAction("Index", "Home")
  • Areas.Identity.Pages.Account中的LoginModel上添加[AllowAnonymous]属性
  • program.cs中删除Use.HttpsRedirection();
英文:

After deploy asp.net core mvc 6 to iis server the user in case submit a true login not redirected to the controller and not authenticated, when I tracked the cookie in developer tools there is a ! mark on .AspNetCore.Identity.Application and when hover on it there is a message show (This cookie was blocked because it had the "Secure" attribute and the connection was not secure).

What I tried Before

  • Changing the cookie configuration
  • Exchange return LocalRedirect(returnUrl) To return RedirectionToAction("Index","Home")
  • Add [AllowAnonymous] attribute on LoginModel in Areas.Identity.Pages.Account
  • Remove Use.HttpsRedirection(); from program.cs

答案1

得分: 1

因为服务器上托管了许多应用程序,所以浏览器阻止了 cookie,因为其他应用程序具有相同的 cookie 名称 .AspNetCore.Identity.Application。所以问题可以通过更改 cookie 名称来简单解决:

builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
    options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
});

builder.Services.ConfigureApplicationCookie(options => options.Cookie.Name = "AppNameForExample");
英文:

Because there are many apps host in the server so the browser blocked the cookie cause the other apps have the same cookie name which .AspNetCore.Identity.Application. So simply the issue can be solved by changing the name of the cookie:

builder.Services.AddAuthentication(options => 
{
    options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
    options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
});

builder.Services.ConfigureApplicationCookie(options => options.Cookie.Name = "AppNameForExample");

答案2

得分: 0

你的cookies已配置为要求使用HTTPS连接。当你尝试在非安全连接上设置它们时,它们将被拒绝。你可以尝试以下步骤:

  1. 获取有效的SSL证书:你需要一个被你的目标浏览器信任的证书。检查你的web.config文件设置:
<httpCookies requireSSL="true" />
  1. 配置IIS以使用HTTPS:这涉及将SSL证书绑定到IIS网站并启用HTTPS。

  2. 更新你的ASP.NET Core应用程序以使用HTTPS:在Startup.cs文件中,你可以使用以下代码将所有HTTP流量重定向到HTTPS:

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Rewrite;

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    var options = new RewriteOptions().AddRedirectToHttps();
    app.UseRewriter(options);

    // 其余的代码...
}
英文:

Your cookies are configured to require an HTTPS connection. When you try to set them on a non-secure connection, they will be rejected. You can try these steps:

  1. Obtain a valid SSL certificate: You'll need a certificate that is trusted by the browsers you're targeting. Check your web.config file settings for:
&lt;httpCookies requireSSL=&quot;true&quot; /&gt;
  1. Configure IIS to use HTTPS: This involves binding the SSL certificate to the IIS website and enabling HTTPS.

  2. Update your ASP.NET Core application to use HTTPS: In the Startup.cs file, you can use the following code to redirect all HTTP traffic to HTTPS:

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Rewrite;

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    var options = new RewriteOptions().AddRedirectToHttps();
    app.UseRewriter(options);

    // rest of the code...
}

huangapple
  • 本文由 发表于 2023年2月7日 03:30:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/75365755.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定