详解ASP.NET与ASP.NET Core用户验证Cookie并存解决方案
问题背景
ASP.NET和ASP.NET Core是常用的Web开发框架,然而在应用升级或者迁移时,可能需要两个框架共存。在这种情况下,用户认证的Cookie如何共存是一个需要解决的问题。
解决方案
将ASP.NET和ASP.NET Core用户验证的Cookie放在同一个Cookie中,可以很好地解决该问题。
实现方式
-
在ASP.NET Core中,使用
CookieAuthentication进行用户认证,在ASP.NET中使用FormsAuthentication或Session。 -
将ASP.NET Core中生成的认证Cookie和ASP.NET中生成的认证Cookie存储到同一个Cookie中。
示例说明
以下是ASP.NET和ASP.NET Core用户验证Cookie并存的实现示例:
//在ASP.NET Core中设置认证Cookie
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "AuthCookie";
});
//在ASP.NET中设置认证Cookie
void Login()
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now,
DateTime.Now.AddMinutes(30), isPersistent, userData, FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
authCookie.Expires = ticket.Expiration;
Response.Cookies.Add(c);
}
//在同一个Cookie中存储ASP.NET Core和ASP.NET中的认证Cookie
public void SetAuthCookies(HttpContext httpContext, string authenticationScheme, string username, bool isPersistent)
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, username)
};
var claimsIdentity = new ClaimsIdentity(
claims, authenticationScheme);
var authenticationProperties = new AuthenticationProperties
{
IsPersistent = isPersistent
};
var principal = new ClaimsPrincipal(claimsIdentity);
httpContext.Response.Cookies.Append("AuthCookie",
$"{authenticationScheme}:{await httpContext.Request.GetRequestTokenAsync()}",
new CookieOptions()
{
Expires = DateTimeOffset.Now.AddDays(7)
});
}
//从同一个Cookie中读取ASP.NET Core和ASP.NET中的认证Cookie
public async Task AuthenticateRequestAsync(HttpContext context)
{
var cookieHeaderValue = context.Request.Headers["Cookie"];
if (string.IsNullOrEmpty(cookieHeaderValue))
{
return;
}
var cookies = cookieHeaderValue.ToString().Split(';')
.Select(x => x.Trim())
.Select(x => new Cookie(x.Substring(0, x.IndexOf('=')).Trim(),
x.Substring(x.IndexOf('=') + 1).Trim()));
foreach (var cookie in cookies)
{
if (cookie.Name == "AuthCookie")
{
var cookieParts = cookie.Value.Split(':');
var scheme = cookieParts[0];
string token = cookieParts[1];
var authProperties = new AuthenticationProperties();
authProperties.StoreTokens(new Claim[] { new Claim("access_token", token) });
var ticket = new AuthenticationTicket(new ClaimsPrincipal(),
new AuthenticationProperties(),
"AuthCookie");
var result = await context.AuthenticateAsync(scheme);
if (result.Succeeded)
{
context.User = result.Principal;
return;
}
}
}
}
通过上述示例,我们可以将ASP.NET Core和ASP.NET的用户验证Cookie存储到同一个Cookie中,避免了两者之间的冲突。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:详解ASP.NET与ASP.NET Core用户验证Cookie并存解决方案 - Python技术站
微信扫一扫 
支付宝扫一扫 