[英]ASP.NET Identity 2 - logout not working when sign in on foo.com and logout on username.foo.com
I'm working on a multi tenant web application and primarily using .NET Framework 4.6 (MVC and ASP.NET Identity 2.0). 我正在使用多租户Web应用程序,主要使用.NET Framework 4.6(MVC和ASP.NET Identity 2.0)。 Here's my implementation:
这是我的实现:
User visits foo.com to login. 用户访问foo.com进行登录。 I am using following code in foo.com Startup.Auth.cs:
我在foo.com Startup.Auth.cs中使用以下代码:
var cookieOptions = new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/login"),
CookieDomain = ".foo.com"
};
app.UseCookieAuthentication(cookieOptions);
And exact same machine key on both applications (foo.com as well as username.foo.com), here's my sample machine key: 在这两个应用程序(foo.com和username.foo.com)上,机器密钥完全相同,这是我的示例机器密钥:
<machineKey validationKey="xx" decryptionKey="xx" validation="SHA1" decryption="AES" />
To login i'm using following code: 要登录,我使用以下代码:
signInManager.SignIn(user, isPersistent: false, rememberBrowser: false);
My other application username.abc.com is multi tenant, ie username can be anything. 我的其他应用程序username.abc.com是多租户,即username可以是任何东西。 I'm using below code in username.abc.com Startup.Auth.cs:
我在username.abc.com Startup.Auth.cs中使用以下代码:
var cookieOptions = new CookieAuthenticationOptions
{
ReturnUrlParameter = "redirectto",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/login")
};
app.UseCookieAuthentication(cookieOptions);
Notice, i'm not using cookies domain, because it can be anything or maybe user has started using his own domain (let's consider user is still using foo.com subdomain). 请注意,我没有使用Cookies域,因为它可以是任何域,或者用户已经开始使用自己的域(让我们考虑用户仍在使用foo.com子域)。
With this code, user is successfully login and redirected on his username.foo.com, but as soon as he clicks on logout on username.foo.com, page just reloads and nothing happens. 使用此代码,用户可以成功登录并在其username.foo.com上重定向,但是一旦他单击username.foo.com上的注销,页面就会重新加载,并且什么也没有发生。 Here's what i'm using in logout action:
这是我在注销操作中使用的:
authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
//authenticationManager.SignOut();
We have another option to login and logout from username.foo.com too, so when user login directly from username.foo.com, he can logout successfully. 我们还有另一个从username.foo.com登录和注销的选项,因此,当用户直接从username.foo.com登录时,他可以成功注销。 Issue occurring only when user login from foo.com.
仅当用户从foo.com登录时才会发生问题。
From infrastructure point, foo.com is not load balanced but username.foo.com is running through load balancer (on production). 从基础结构角度来看,foo.com不是负载平衡的,但是username.foo.com正在通过负载平衡器运行(在生产中)。 But i don't think this will be issue, because i'm running both applications on single staging environment with same issue.
但是我认为这不会成为问题,因为我在同一个问题的单一登台环境中运行两个应用程序。
I tried custom CookieAuthenticationProvider implementation also, but it has similar issue. 我也尝试了自定义CookieAuthenticationProvider实现,但是它有类似的问题。
Please help. 请帮忙。
You can not change a cookie for .foo.com
from username.foo.com
. 您不能从
username.foo.com
更改.foo.com
的cookie。 It's in the RFC2109 . 在RFC2109中 。
4.3.2 Rejecting Cookies
4.3.2拒绝Cookies
- A Set-Cookie from request-host yxfoo.com for Domain=.foo.com would be rejected, because H is yx and contains a dot.
来自请求主机yxfoo.com的Domain = .foo.com的Set-Cookie将被拒绝,因为H是yx并包含一个点。
You must change your workflow. 您必须更改工作流程。 you can redirect your users to
foo.com
with redirect_url
in order to signout and after successful signout redirect them to redirect_url
which is in username.foo.com
. 您可以重定向用户到
foo.com
与redirect_url
以signout后成功signout重定向他们redirect_url
这是username.foo.com
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.