0

我在理解 Asp.NET Core 中的某些内容时遇到了很多麻烦。我已经有一个使用登录身份验证的 Asp.NET 4.5 应用程序,FormAuthenticationTicket但我的目标是设置一个核心 Web Api,它对用户进行身份验证并创建一个 cookie 供我的 4.5 应用程序读取,并重定向到已经通过 cookie 登录.

<machinekey>在 web.config 中为这两个应用程序提供了相同的内容,并添加UseCookieAuthenticationCookieAuthenticationOptionsto,但是我从这里对如何在我的核心应用程序中复制我的内部Startup.cs感到茫然。我发现 Core 的文档还不是很一致,但是我尝试了很多建议都无济于事。FormsAuthenticationTicketApplicationController.cs

我认为对我来说主要的困惑是我可以在 Core 中创建一个 cookie 我显然没有正确创建它,或者很可能也没有正确验证。


配置函数中的Startup.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
     AuthenticationScheme = "ApiAuth",
     CookieName = ".ASPXAUTH",
     CookieHttpOnly = false,
     ExpireTimeSpan = TimeSpan.FromDays(30),
     SlidingExpiration = true,
     AutomaticAuthenticate = true,
     LoginPath = new PathString("/Application/Authorize"),
});


应用控制器.cs

[HttpGet("Authorize/{appGuid}/{userGuid}", Name = "SignIn")]
public async Task<IActionResult> SignIn(Guid appGuid, Guid userGuid)
{
     var application = Application.Find(appGuid);
     var user = User.Find(userGuid);

     if (application != null && user != null)
     {
          await HttpContext.Authentication.SignOutAsync("ApiAuth");

          /****************Confusion start****************/

          Claim cookiePath = new Claim(ClaimTypes.CookiePath, ".ASPXAUTH");
          Claim expiration = new Claim(ClaimTypes.Expiration, DateTime.UtcNow.AddDays(30).ToString());
          Claim expiryDate = new Claim(ClaimTypes.Expired, "false");
          Claim persistant = new Claim(ClaimTypes.IsPersistent, "true");
          Claim issueDate = new Claim("IssueDate", DateTime.UtcNow.ToString());
          Claim name = new Claim(ClaimTypes.Name, user.Username);
          Claim userData = new Claim(ClaimTypes.UserData, "");
          Claim version = new Claim(ClaimTypes.Version, "2");
          ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { cookiePath, expiration, expiryDate,
                    persistant, issueDate, name, userData, version }, "ApiAuth"));
          await HttpContext.Authentication.SignInAsync("ApiAuth", principal);

          /****************Confusion end****************/

          return new RedirectResult("http://localhost/MyWebsite/Repository.aspx");
     }

     return Unauthorized();
}


cookie 的大小比我的 4.5 应用程序上的要大得多,我不知道从这里去哪里。我相信我也会导致与UseCookieAuthentication和 的设置冲突ClaimsPrincipal

4

0 回答 0