MVC 5 Owin 应用程序 cookie 在来自 Visual Studio 的两个项目 运行 之间共享
MVC 5 Owin application cookie shared between two projects running from Visual Studio
所以我有两个 MVC5 Web 应用程序的解决方案,都使用 Owin 身份验证。
当我 运行 两个应用程序同时通过 Visual Studio 2015 时,owin 上下文被共享(不应该!)
所谓共享,是指每当我向其中一个应用程序添加声明时,它也会添加到另一个应用程序中。这导致 User.Identity.GetUserId() 从我最后登录的应用程序返回 UserId,即使这 2 个应用程序彼此无关,并且彼此之间没有引用。
我使用默认的 Owin 设置:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
谁能帮我配置我的应用程序,这样他们就不会共享应用程序 cookie?
更改CookieName in CookieAuthenticationOptions
Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies". This value should be changed if you change the name of the AuthenticationType, especially if your system uses the cookie authentication middleware multiple times.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "AspNet.AppName"
}
所以我有两个 MVC5 Web 应用程序的解决方案,都使用 Owin 身份验证。 当我 运行 两个应用程序同时通过 Visual Studio 2015 时,owin 上下文被共享(不应该!)
所谓共享,是指每当我向其中一个应用程序添加声明时,它也会添加到另一个应用程序中。这导致 User.Identity.GetUserId() 从我最后登录的应用程序返回 UserId,即使这 2 个应用程序彼此无关,并且彼此之间没有引用。
我使用默认的 Owin 设置:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
谁能帮我配置我的应用程序,这样他们就不会共享应用程序 cookie?
更改CookieName in CookieAuthenticationOptions
Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies". This value should be changed if you change the name of the AuthenticationType, especially if your system uses the cookie authentication middleware multiple times.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "AspNet.AppName"
}