结合 https://github.com/GrabYourPitchforks/aspnet5-samples/tree/dev/CookieSharing 和 Sharing authentication cookie among Asp.Net Core 1 (MVC6) and MVC 5 applications,我成功地找到了一个可行的解决方案。我不知道这是否是“正确”的方法,但它起作用了,所以就这样吧:
在两个应用程序中使用 nuget 包 Microsoft.Owin.Security.Interop 1.0.0-rc2-final。
使用 DataProtectionProvider 创建一个 TicketDataFormat,指定相同的加密密钥位置和相同的目的。
在两个应用程序中使用 OWIN 的方式配置 cookie 认证。指定相同的 CookieName 和 TicketDataFormat:
.NET 4.5.1,在 Startup.cs 的 Configure 方法中:
var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";
var dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = dataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector));
app.SetDefaultSignInAsAuthenticationType(authenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = authenticationType,
CookieName = cookieName,
TicketDataFormat = ticketDataFormat
});
在Startup.cs文件的Configure方法中使用.NET CORE RC2:
var authenticationType = "Cookies";
var cookieName = "myCookieName";
var cookieEncryptionKeyPath= "C:/mypath";
var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(cookieEncryptionKeyPath));
var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
var ticketFormat = new TicketDataFormat(dataProtector);
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
CookieName = options.CookieName,
CookieDomain = options.CookieDomain,
TicketDataFormat = ticketFormat
});