问题描述
我有一个.net MVC 5应用程序。 AuthCookie可以在iframe上正常工作,我可以看到SameSite策略设置为None。但是,在iframe中,[Authorize]属性方法固定在永久重定向上。看来,在iframe中,请求无法读取由以下代码创建的cookie。
我followed the documentation并实施了SameSiteCookieManager.cs
Web配置
<httpCookies sameSite="None" requireSSL="true" />
<sessionState cookieSameSite="None">
</sessionState>
<authentication mode="None" />
<compilation targetFramework="4.7.2" />
<httpRuntime targetFramework="4.7.2" />
启动
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,LoginPath = new PathString("/Account/Login"),Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),regenerateIdentity: (manager,user) => user.GenerateUserIdentityAsync(manager))
},CookieManager = new SameSiteCookieManager(new SystemWebCookieManager()),CookieSameSite = SameSiteMode.None,CookieHttpOnly = true,CookieSecure = CookieSecureOption.Always,ExpireTimeSpan = new TimeSpan(0,10,0)
});
帐户/登录
var user = UserManager.Find(userName,"*****");
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
var identity = UserManager.CreateIdentity(user,DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent },identity);
return RedirectToAction("Index","Home");