【发布时间】:2023-01-19 13:57:45
【问题描述】:
我已经创建了简单的基于 cookie 的身份验证。它在登录和访问页面时正常工作。但是,在用户执行的每次页面刷新后,我都会重新路由到登录页面......cookie 仍然存在,即使在刷新后我也能够检查它们。
//startup.cs-ConfigureServices
services
.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
{
o.SaveToken = true;
o.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
context.Token = context.Request.Cookies["access_token"];
return Task.CompletedTask;
}
};
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.Name = "access_token";
options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.Cookie.SameSite = SameSiteMode.Lax;
options.LoginPath = "/signin";
options.LogoutPath = "/signout";
// optional
});
var multiSchemePolicy = new AuthorizationPolicyBuilder(
CookieAuthenticationDefaults.AuthenticationScheme,
JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
//startup.cs - Configure
var cookiePolicyOptions = new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.None,
HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.None,
};
app.UseCookiePolicy(cookiePolicyOptions);
app.UseAuthentication();
【问题讨论】:
-
您使用的是 HTTP 还是 HTTPS?
-
如果您只想进行经典的基于 cookie 的身份验证,我认为您不需要 AddJwtBearer。
-
如果您可以显示您如何登录以及如何使用授权属性配置方案,这可能会有所帮助
-
@ToreNestenius 目前在本地主机 http
标签: c# .net asp.net-core