堆栈内存溢出
  简体   繁体   English

子域的URL重写因Identityserver3而失败

[英]URL Rewrite for subdomain fails with identityserver3

 原文  2015-06-24 07:15:10       asp.net/ azure/ identityserver3

问题描述

We have a wild card domain hosted on azure. 我们在Azure上托管了一个通配符域。 I've setup up subdomain.domain.com to rewrite to domain.com/subdomain. 我已经设置了subdomain.domain.com以重写为domain.com/subdomain。 It all works fine. 一切正常。

However when I login to our identity server, once the login process is completed and I am redirected back to subdomain.domain.com it seems like the authentication token is lost. 但是,当我登录到身份服务器时,一旦登录过程完成并且将我重定向回subdomain.domain.com,似乎认证令牌就丢失了。

I can't see how this can be possible. 我看不到这怎么可能。 This issue happens with all our identity providers (google, Facebook, Microsoft live) 我们所有的身份提供商(Google,Facebook,Microsoft live)都会发生此问题

If I change the setup to use domain.com/subdomain then everything works as expected 如果我将设置更改为使用domain.com/subdomain,那么一切都会按预期进行

1 个解决方案

解决方案1
 0  2015-06-24 07:45:34

The main issue is what type of cookie your identity server places, It looks like your server places and domain specific cookie, and not a wildcard one. 主要问题是您的身份服务器放置哪种类型的cookie,它看起来像服务器位置和特定于域的cookie,而不是通配符。

Cookie domains Cookie域

Common issue with the cookie for the authentication is the domain for the cookie. 用于身份验证的cookie的常见问题是cookie的域。 Similarly to the paths of the cookies, if the cookies are created on two different subdomains, then the cookie will only be accessible on the domain where it was created. 与cookie的路径类似,如果cookie是在两个不同的子域上创建的,则cookie仅可在创建它的域上访问。 For instance, your main application may be on www.domain.com, but you have Telligent Evolution running on cs.domain.com. 例如,您的主应用程序可能在www.domain.com上,但是您在CS.domain.com上运行了Telligent Evolution。 If you create the cookie on www.domain.com, the browser will only send it to that domain, and it won't be passed along when they navigate over to cs.domain.com. 如果您在www.domain.com上创建cookie,则浏览器只会将其发送到该域,并且当它们导航到cs.domain.com时不会传递。

The cookie can be carried over by setting the domain to “.domain.com”. 可以通过将域设置为“ .domain.com”来保留cookie。 Cookies don't use the common “*” wild card. Cookies不使用通用的“ *”通配符。 Simply use “.domain.com”. 只需使用“ .domain.com”。 With this entry, the browser will not to pass the cookie when it goes over to cs.domain.com as well. 使用此条目,浏览器也不会在将cookie移到cs.domain.com时传递它。

Like the path, the domain can be specified in either the web.config or through code. 与路径一样,可以在web.config或通过代码中指定域。 When setting the web.config file, it will only check for the authorization cookie. 设置web.config文件时,它将仅检查授权cookie。 You must have this set for the site to correctly recognize the new domain level cookie: 您必须为此设置站点才能正确识别新的域级别Cookie: 

<authentication mode="Forms">
  <forms name=".CommunityServer" ... domain=".domain.com" />
</authentication>

The "domain" name is ignored by the FormsAuthentication.SetAuthCookie method, so you must manually set it on your login page when creating the AuthCookie. FormsAuthentication.SetAuthCookie方法将忽略“域名”名称,因此在创建AuthCookie时必须在登录页面上手动设置它。 For example: 例如: 

HttpCookie cookie = FormsAuthentication.GetAuthCookie(username, true);
cookie.Domain = ".domain.com";
Response.Cookies.Add(cookie);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 URL重写到子域 - URL Rewrite to a subdomain urlrewritingnet-用子域重写URL - urlrewritingnet - rewrite URL with subdomain 将子网域的网址重写为用户名 - Url rewrite for subdomain as Username UseIdentityServerBearerTokenAuthentication对IdentityServer3不起作用 - UseIdentityServerBearerTokenAuthentication is not working for IdentityServer3 IdentityServer3 xBehave测试 - IdentityServer3 xBehave test 使用IdentityServer3保护IdentityManager - Secure IdentityManager with IdentityServer3 IdentityServer3 + AzureAD和RedirectUri混淆 - IdentityServer3 + AzureAD and RedirectUri Confusion IdentityServer3 - 客户端证书验证 - IdentityServer3 - Client certificate validation Asp.net 4 url 将子域重写为文件夹 - Asp.net 4 url rewrite a subdomain as a folder 使用没有密码的 IdentityServer3 生成访问令牌 - Generate access token with IdentityServer3 without password
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM