如何使抗试样代币在ASP.NET核心版本2.1和3.1上起作用?
在我的公司中,我们在一个域中运行了许多应用程序。
其中一些仍在ASP.NET Core 2.1(Targinaling .NET Framework 4.8)上运行,而其中大多数在ASP.NET Core 3.1上。
我们注意到ASP.NET CORE 3.1应用程序在指定paliveAtatiforgeryToken时,无法使用ASP.NET Core 2.1 API。 (虽然有可能是相反的。)我们认为这是由不兼容的数据置软件包引起的...
我们在网络共享上设置了使用通用应用程序名称和公共键设置的数据,
services
.AddDataProtection()
.SetApplicationName("coolcompanyapps")
.PersistKeysToFileSystem(di);
并且默认设置抗试验始终是相同的名称如下:
services.AddAntiforgery(opt =>
{
opt.HeaderName = "X-XSRF-TOKEN";
opt.Cookie.Name = "XSRF-TOKEN";
opt.Cookie.Path = "/";
});
在微软文档中,描述您需要 引用相同的数据保护软件包版本
遗憾的是,我完全在此上完全失败了...
应该很容易,因为数据保护软件包仅由5个包装组成,根据 Microsoft docs :
- microsoft.aspnetcore.dataprotection.dataprotection.abstractions
- microsostoft.aspnetcort.aspnetcore.datapaprotection
- microsoft microsoft microsoft。 aspnetcore.dataprotection.extensions
- microsoft.aspnetcore.dataprotection.dataprotection.systemweb
- microsoft.aspnetcore.cryptography.keyderivation.keyderivation
我看起来好像构成数据保护堆栈的这些5个包在2.1版和3.1版之间是不合时宜的吗?
In my company we have a multitude of applications running in one domain.
Some of them are still running on ASP.NET Core 2.1 (targeting .NET Framework 4.8), while most of them are on ASP.NET Core 3.1.
We noticed that ASP.NET Core 3.1 applications can't use ASP.NET Core 2.1 API's when they have the ValidateAntiForgeryToken specified. (While it is possible the other way around.) We believe this is caused by an incompatible DataProtection package...
We set up DataProtection with a common application name and common keys on a network share:
services
.AddDataProtection()
.SetApplicationName("coolcompanyapps")
.PersistKeysToFileSystem(di);
And antiforgery is always setup the same with default names as follows:
services.AddAntiforgery(opt =>
{
opt.HeaderName = "X-XSRF-TOKEN";
opt.Cookie.Name = "XSRF-TOKEN";
opt.Cookie.Path = "/";
});
In the Microsoft docs it is described that you need to reference the same Data Protection package version
Regrettably I completely fail over and over again on this one...
It should be easy as the data protection package consists of only 5 packages according to the microsoft docs :
- Microsoft.AspNetCore.DataProtection.Abstractions
- Microsoft.AspNetCore.DataProtection
- Microsoft.AspNetCore.DataProtection.Extensions
- Microsoft.AspNetCore.DataProtection.SystemWeb
- Microsoft.AspNetCore.Cryptography.KeyDerivation
I looks as if these 5 packages that constitute the data protection stack are incompatible between version 2.1 and 3.1... Is it ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论