当前位置: 文江博客话题详情

生产中的随机ASP.NET核心身份记录

发布于 2025-01-22 01:37:54 字数 309 浏览 0 评论 0原文

我有一个ASP.NET Core MVC Web应用程序,该应用程序使用身份来处理用户帐户身份验证和授权。在我的本地II Express上运行该应用程序时,一切正常工作。将应用程序部署到共享的Web服务器后,我开始注意到登录的用户帐户将以似乎随机的间隔登录。通过实验,我能够确定注销是在帐户处于活动状态还是闲置。它们没有以固定时间间隔发生,并且与我设置在饼干上的任何过期时间完全无关。登录在Web应用程序中的每个视图上都发生,因此我无法将问题固定在任何特定的控制器上。另外,我将相同的数据库用于该应用程序的已发布和本地测试版本,因此使用相同的用户帐户。我任何人都知道从哪里开始寻找解决方案,这将不胜感激。

原文

I have an ASP.NET Core MVC web application that uses Identity to handle user account Authentication and Authorization. When running the app on my local IIS express everything was working properly. After deploying the app to a shared web server I started to notice that the logged-in user accounts would get logged out at seemingly random intervals. Through experimentation, I was able to determine that the log-outs were occurring whether the account was active or idle. They were occuring at no recuring time interval and completely unrelated to any expiry time that I set on my cookies. The logouts were occuring on every view in the web app so I couldn't pin the issue to any particular controller. Also I use the same Database for the published and the local testing version of the app and therefore the same user accounts. I anyone has an idea where to start looking for a solution it would be greatly appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

雪若未夕 2025-01-29 01:37:54

我之所以发布这个问题,是因为有一个很好的答案,即90%解决了问题在这里但是,在过去几天我一直在搜寻的多个论坛中,没有一个得到公认的答案。我正在发布此答案以解决这个问题。该问题的根本原因是IIS应用程序池是重置或回收的,并且在使用多个应用程序的共享主机上,这种情况可能很频繁地发生。如上所述,如果IIS应用程序池回收,则必须使用链接数据保护来持续键。这是原始答案中提供的代码。

services.AddDataProtection()
            .PersistKeysToFileSystem(new System.IO.DirectoryInfo("SOME WHERE IN STORAGE"))
            //.ProtectKeysWithCertificate(new X509Certificate2());
            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));

此代码将在configureservices中添加在startup.cs
由于我的应用程序是使用.persistKeyStofileSystem的选择,因此不是一个选项,因此我使用这样的dbcontext坚持了键:

            services.AddDataProtection().PersistKeysToDbContext<MyKeysContext>()
            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));

基于 this 此此处的文章我构建mykeyscontext,如下所示。

    // Add a DbContext to store your Database Keys
services.AddDbContext<MyKeysContext>(options =>
    options.UseSqlServer(
        Configuration.GetConnectionString("MyKeysConnection")));

configureservices in startup.cs中,然后创建一个称为mykeyscontext的类,如下所示:

using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
using WebApp1.Data;
namespace WebApp1
{
 public class MyKeysContext : DbContext, IDataProtectionKeyContext
 {
    // A recommended constructor overload when using EF Core 
    // with dependency injection.
        public MyKeysContext(DbContextOptions<MyKeysContext> options) 
        : base(options) { }

        // This maps to the table that stores keys.
     public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
    }
}

我在主机上创建了数据库我省略了这一步骤。然后,我将迁移应用于这样的数据库。

Add-Migration AddDataProtectionKeys -Context MyKeysContext 
Update-Database -Context MyKeysContext

I posted this question because there is a great answer that 90% solves the issue Here however of the multiple forums that I have been scouring over the last few days there are none with an accepted answer. I am posting this answer to address this. The underlying cause of the issue is that IIS application pool is being reset or recyling and on a shared host with multiple applications using it this can be happening fairly frequently. As is suggested in the above link Data Protection has to be used to persist the keys if IIS application pool recycles. Here is the code offered in the original answer.

services.AddDataProtection()
            .PersistKeysToFileSystem(new System.IO.DirectoryInfo("SOME WHERE IN STORAGE"))
            //.ProtectKeysWithCertificate(new X509Certificate2());
            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));

This code is to be added in ConfigureServices in Startup.cs
As my application is being hosted on a shared server using .PersistKeysToFileSystem was not an option so instead I persisted the keys using DbContext like this:

            services.AddDataProtection().PersistKeysToDbContext<MyKeysContext>()
            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));

Based on This article here I build MyKeysContext as follows.

    // Add a DbContext to store your Database Keys
services.AddDbContext<MyKeysContext>(options =>
    options.UseSqlServer(
        Configuration.GetConnectionString("MyKeysConnection")));

In ConfigureServices in Startup.cs and then created a class called MyKeysContext as follows:

using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
using WebApp1.Data;
namespace WebApp1
{
 public class MyKeysContext : DbContext, IDataProtectionKeyContext
 {
    // A recommended constructor overload when using EF Core 
    // with dependency injection.
        public MyKeysContext(DbContextOptions<MyKeysContext> options) 
        : base(options) { }

        // This maps to the table that stores keys.
     public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
    }
}

I created the database on my Host this will probably be different so I have omitted this step. then I applied the migrations to the database like this.

Add-Migration AddDataProtectionKeys -Context MyKeysContext 
Update-Database -Context MyKeysContext
回复 原文
迷途知返 2025-01-29 01:37:54

我也面临这个问题。当我从Visual Studio运行应用程序时,它可以正常工作,但是当我将其发布到IIS服务器时,我将无法登录。当我登录时,它会将我登录,但是当我刷新页面或做某事时,它将我重定向回到登录页面。因此,我更改了应用程序池。

您可以在IIS中创建一个新的应用程序池,并使用.NET 4.0作为专门用于ASP.NET Core应用程序的框架。

iis configuration

iis配置2

如果您使用.NET 2.0池,则不会持续使用用户会话,何时将重新加载该网站,将登录用户。确保您使用的应用程序池不应运行任何其他应用程序。

I also faced this problem. When I run the application from Visual Studio, It works fine but when I published it to IIS Server, I wouldn't be able to keep logged in. When I log in, It logs me in but when I refresh the page or do something, It redirects me back to Login Page. So I then changed the application pool.

You can create a new application pool in IIS with .NET 4.0 as Framework dedicated for your ASP.NET Core Application.

IIS Configuration

IIS Configuration 2

If you use .NET 2.0 pool, the user sessions will not be persisted and when the website will be reloaded, The user will be logged out. Make sure that the Application Pool you are using should not have any other Applications running.

回复 原文
~没有更多了~

关于作者

唱一曲作罢

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文