Home > Article > Backend Development > Detailed explanation of the coexistence solution for ASP.NET and ASP.NET Core user authentication cookies
Detailed explanation of the coexistence solution for ASP.NET and ASP.NET Core user authentication cookies
- 高洛峰Original
- 2017-02-20 17:13:031466browse
This article mainly introduces the detailed solution for the coexistence of ASP.NET and ASP.NET Core user authentication cookies. It has certain reference value and interested friends can refer to it.
When you migrate your existing user login (Sign In) site from ASP.NET to ASP.NET Core, you will face such a problem - how to connect ASP.NET and ASP.NET Core users Verify that cookies coexist and let ASP.NET applications and ASP.NET Core applications use their own cookies? Because ASP.NET uses FormsAuthentication, ASP.NET Core uses claims-based authentication, and their encryption algorithms are different.
The solution we adopted is to generate 2 Cookies respectively after successful login in ASP.NET Core and send them to the client at the same time.
Generating ASP.NET Core's claims-based authentication verification cookie is relatively simple. The sample code is as follows:
var claimsIdentity = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, loginName) }, "Basic");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
await context.Authentication.SignInAsync(_cookieAuthOptions.AuthenticationScheme,
claimsPrincipal,
new AuthenticationProperties
{
IsPersistent = isPersistent,
ExpiresUtc = DateTimeOffset.Now.Add(_cookieAuthOptions.ExpireTimeSpan)
});
Generating ASP.NET The FormsAuthentication-based authentication cookie is slightly more troublesome.
First create a Web API site with ASP.NET and generate cookies based on FormsAuthentication. The sample code is as follows:
public IHttpActionResult GetAuthCookie(string loginName, bool isPersistent)
{
var cookie = FormsAuthentication.GetAuthCookie(loginName, isPersistent);
return Json(new { cookie.Name, cookie.Value, cookie.Expires });
}
Then in ASP. NET Core login site to write a Web API client to obtain cookies. The sample code is as follows:
public class UserServiceAgent
{
private static readonly HttpClient _httpClient = new HttpClient();
public static async Task<Cookie> GetAuthCookie(string loginName, bool isPersistent)
{
var response = await _httpClient.GetAsync(url);
response.EnsureSuccessStatusCode();
return await response.Content.ReadAsAsync<Cookie>();
}
}
Finally, after successful login to the ASP.NET Core login site The processing code specifically sends ASP.NET FormsAuthentication Cookies to the client. The sample code is as follows:
var cookie = await _userServiceAgent.GetAuthCookie(loginName, isPersistent);
var options = new CookieOptions()
{
Domain = _cookieAuthOptions.CookieDomain,
HttpOnly = true
};
if (cookie.Expires > DateTime.Now)
{
options.Expires = cookie.Expires;
}
context.Response.Cookies.Append(cookie.Name, cookie.Value, options);
The above is the entire content of this article. I hope it will be useful to everyone. It is helpful, and I hope everyone will support the PHP Chinese website.
For more detailed explanations of ASP.NET and ASP.NET Core user authentication cookie coexistence solutions, please pay attention to the PHP Chinese website for related articles!