发表新帖
发表新帖

Asp.Net Identity - Setting CookieDomain at runtime

前端 未结
关注
3 432
小蘑菇
小蘑菇 2021-01-02 05:41

How can I set the CookieDOmain in the CookieAuthenticationOptions at runtime if i want to pull this value from the Request.Url or from some settings stored in my database?

相关标签:
3条回答
  • 余生分开走
    2021-01-02 06:01

    Do you already try this: 

    app.UseCookieAuthentication(new CookieAuthenticationOptions
{
  AuthenticationType = "Application",
  LoginPath = "/Account/Login",
  CookieDomain = ".myDomain.com"
});
    0 讨论(0)
  • 难免孤独
    2021-01-02 06:07

    You can assign your own cookie provider:

    CookieAuthProvider myProvider = new CookieAuthProvider();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
   LoginPath = new PathString("/Account/Login"),
   Provider = myProvider
});

    Either implement your own, or simply inherit from the existing provider:

    public class CookieAuthProvider : CookieAuthenticationProvider
{
    public override void ResponseSignIn(CookieResponseSignInContext context)
    {
      //Alter you cookie options
      //context.CookieOptions.Domain  =  "www...";      
      base.ResponseSignIn(context);
    }
 }

    And implement ResponseSignIn, it is called when an endpoint has provided sign in information before it is converted into a cookie. By implementing this method the claims and extra information that go into the ticket may be altered.

    You'll be passed a CookieResponseSignInContext, which exposes CookieOptions property that can be replaced or altered during the ResponseSignIn call.

    Code references from Katana project:

    • ICookieAuthenticationProvider

    • CookieResponseSignInContext

    • CookieAuthenticationHandler

    0 讨论(0)
  • 刺人心
    2021-01-02 06:07

    It looks like MK. answer does not allow proper handling of token renewal when using SlidingExpiration option.

    As a workaround, instead of supplying a custom cookie provider, it appears you can supply a custom cookie manager, and define your own methods for adding/removing the cookie.

    To keep it simple in my case, I reuse the default cookie manager under the hood. (I can not extend it, its methods are not overridable.)

    Here is the code I have ended up with:

    using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.Owin.Infrastructure;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.DataProtection;
using Owin;

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        var options = new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            SlidingExpiration = true,
            CookieManager = new CustomCookieManager()
        };

        app.UseCookieAuthentication(options);
    }
}

public class CustomCookieManager : ICookieManager
{
    private readonly ICookieManager ConcreteManager;

    public CustomCookieManager()
    {
        ConcreteManager = new ChunkingCookieManager();
    }

    string ICookieManager.GetRequestCookie(IOwinContext context, string key)
    {
        return ConcreteManager.GetRequestCookie(context, key);
    }

    void ICookieManager.AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options)
    {
        SetupDomain(context, options);
        ConcreteManager.AppendResponseCookie(context, key, value, options);
    }

    void ICookieManager.DeleteCookie(IOwinContext context, string key, CookieOptions options)
    {
        SetupDomain(context, options);
        ConcreteManager.DeleteCookie(context, key, options);
    }

    private void SetupDomain(IOwinContext context, CookieOptions options)
    {
        // custom logic for assigning something to options.Domain
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题