Auth0 ASP.Net.Owin SSO 验证 cookie 跨域

Question

我正在尝试使用 Auth0 和 OWIN 在同一域上的 ASP.NET 应用程序上设置 SSO。我用下面的教程来setup my Owin Context。

我在 startup.cs 中使用 CookieAuthenticationOptions 为 Auth0 cookie 配置了名称和域：

string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"];
string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"];
string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"];

// Enable Kentor Cookie Saver middleware
app.UseKentorOwinCookieSaver();
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    //Add Cross domain
    CookieName = "sso.example.com",
    CookieDomain = ".example.com",
    AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
    LoginPath = new PathString("/Account/Login")
});

我在 Startup.cs 中的 Auth0 配置：

var options = new Auth0AuthenticationOptions()
        {
            Domain = auth0Domain,
            ClientId = auth0ClientId,
            ClientSecret = auth0ClientSecret,
            Provider = new Auth0AuthenticationProvider
            {

                OnAuthenticated = context =>
                {
                    // Get the user's country
                    JToken countryObject = context.User["https://example.com/geoip"];
                    if (countryObject != null)
                    {
                        string countryCode = countryObject["country_code"].ToObject<string>();
                        string Lat = countryObject["latitude"].ToObject<string>();
                        string Long = countryObject["longitude"].ToObject<string>();
                        string City = countryObject["city_name"].ToObject<string>();
                        string Country = countryObject["country_name"].ToObject<string>();

                        context.Identity.AddClaim(new Claim("country_code", countryCode, ClaimValueTypes.String, context.Connection));
                        context.Identity.AddClaim(new Claim("country_name", Country, ClaimValueTypes.String, context.Connection));
                        context.Identity.AddClaim(new Claim("city_name", City, ClaimValueTypes.String, context.Connection));
                        context.Identity.AddClaim(new Claim("longitude", Long, ClaimValueTypes.String, context.Connection));
                        context.Identity.AddClaim(new Claim("latitude", Lat, ClaimValueTypes.String, context.Connection));
                    }
                    JToken userMeta = context.User["https://example.com/user_metadata"];
                    if (userMeta != null)
                    {
                        string companyName = userMeta["company"].ToObject<string>();
                        context.Identity.AddClaim(new Claim("company", companyName, ClaimValueTypes.String, context.Connection));
                        string fullName = userMeta["full_name"].ToObject<string>();
                        context.Identity.AddClaim(new Claim("full_name", fullName, ClaimValueTypes.String, context.Connection));
                    }

                    JToken rolesObject = context.User["https://example.com/app_metadata"];
                    if (rolesObject != null)
                    {
                        string[] roles = rolesObject["roles"].ToObject<string[]>();
                        foreach (var role in roles)
                        {
                            context.Identity.AddClaim(new Claim(ClaimTypes.Role, role, ClaimValueTypes.String, context.Connection));
                        }
                    }

                    return Task.FromResult(0);
                }
            }

        };
        options.Scope.Add("openid profile"); // Request a refresh_token

我将如何在辅助应用程序上对客户端进行身份验证？ Cookie 在辅助应用程序上可用，但我仍然必须使用 Auth0 进行登录过程。我错过了什么吗？或者有没有我可以阅读的关于实施的文章？

Answer 1

我通过在两个应用上复制相同的 startup.cs 并在 system.web 标记中将 machine key 添加到根 Web Config 文件来解决此问题.

我的初始配置没有任何变化，我只是将域名更改为我的域。