ASP.NET Core 6- cookie返回但未存储在浏览器中
我在ASP.NET Core 6.0中的Cookie身份验证方面苦苦挣扎,
我已经实施并配置了Cookie身份验证,并且我面临的问题如下。
将发布请求发送到登录端点时,该登录端点是<域>/api/account/login登录将返回200个好的响应和正确的cookie。
但是,cookie并未存储在浏览器中。
cookie配置,
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "Affito.Identity";
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.Cookie.SameSite = (SameSiteMode) (-1);
options.SlidingExpiration = true;
options.Cookie.Domain = ".affito.ch";
options.ExpireTimeSpan = TimeSpan.FromMinutes(3);
options.Cookie.IsEssential = true;
});
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = (SameSiteMode)(-1);
options.HttpOnly = HttpOnlyPolicy.None;
options.Secure = CookieSecurePolicy.None;
});
因为我有多个子域需要与同一cookie一起使用,所以我在options.cookie.domain中具有.domain属性。
这是发送登录请求后,浏览器中的“网络”选项卡中的响应
但是,cookie已返回,但没有存储在浏览器中以供将来的请求。
我正在从react-app中发送简单的提取请求:
const response = await fetch(BASEURL + "/account/login", {
method: "POST",
body: JSON.stringify(loginData),
headers: {
"Content-Type": "application/json",
},
});
console.log(response);
};
我是否缺少某些内容,或者为什么它不将cookie存储在浏览器中。 我已经咨询了文档,但无法弄清楚。
Swagger: 从Swagger发送请求时,它返回相同的cookie并将其正确存储在浏览器中。
我猜想它与“ samesite”限制有关,这就是为什么我将其取出的原因,但是在从阶段发送请求时它仍然不起作用。“域”
I am struggling with Cookie Authentication in Asp.Net Core 6.0
I have implemented and configured the Cookie Authentication and the problem I am facing is the following.
When sending POST request to the login Endpoint which is at <domain>/api/account/login the login returns a 200 OK response and the correct cookie.
However, the Cookie is not getting stored in the browser.
The Cookie Configurations
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "Affito.Identity";
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.Cookie.SameSite = (SameSiteMode) (-1);
options.SlidingExpiration = true;
options.Cookie.Domain = ".affito.ch";
options.ExpireTimeSpan = TimeSpan.FromMinutes(3);
options.Cookie.IsEssential = true;
});
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = (SameSiteMode)(-1);
options.HttpOnly = HttpOnlyPolicy.None;
options.Secure = CookieSecurePolicy.None;
});
since I have multiple subdomains that need to work with the same cookie I have the .domain attribute in options.Cookie.Domain.
This is the response from the Network Tab in the browser after sending the login request
However, the Cookie is getting returned but it is not getting stored in the browser for future requests.
I am sending a simple fetch request from the React-App:
const response = await fetch(BASEURL + "/account/login", {
method: "POST",
body: JSON.stringify(loginData),
headers: {
"Content-Type": "application/json",
},
});
console.log(response);
};
Am I missing something or why does it not store the cookie in the browser.
I have consulted the docs but could not figure that out.
Swagger:
When sending the request from swagger, it returns the same cookie and stores it correctly in the browser.
I guessed it had something to do with the 'SameSite' Restriction that's why I took it out but it still does not work when sending the request from stage."domain"
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我要做的就是添加正确的CORS政策。如果您期望将cookie存储并包含在以后的请求中,则必须将riginins和.withcredentials()属性添加到CORS策略中。
看起来像这样:
All I had to do was to add the correct CORS policy. If you expect a Cookie to be stored and included in future requests, you must add the Origins and the .WithCredentials() properties to the Cors policy.
It might look something like this: