我有一个具有此身份验证设置的 Asp.NET MVC 应用程序:
配置服务():
services.AddSession()
services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
配置():
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = "xx",
Authority = "xx",
Events = new OpenIdConnectEvents { OnRemoteFailure = this.OnAuthenticationFailed }
});
在 IIS 中托管时,某些用户会遇到此异常:
Microsoft.AspNetCore.Session.SessionMiddleware,
Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {9ec59def-874e-45df-9bac-d629f5716a04} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)
我已在托管服务器上运行此程序https://github.com/aspnet/DataProtection/blob/dev/Provision-AutoGenKeys.ps1
Web 仅具有 HTTPS 绑定,SSL 证书正常且已签名。什么可能导致此问题?这个“关键”值到底是什么?
发生这种情况的原因是因为多个 ASP 站点托管在同一台计算机(主机名)上。如果您使每个站点的 cookie 名称都是唯一的,则冲突应该会消失。
services.AddSession(options => {
options.IdleTimeout = TimeSpan.FromHours(12);
options.Cookie.Name = ".yourApp.Session"; // <--- Add line
options.Cookie.IsEssential = true;
});
就我而言,同一应用程序的两个实例在同一 IIS 服务器上运行,位于默认网站的不同子目录下。在这种情况下,有必要将 cookie 路径设置为部署目录,否则它只是默认为“/”,导致浏览器尝试为两个实例使用相同的会话 cookie。配置看起来像这样:
app.UseSession(new SessionOptions()
{
Cookie = new CookieBuilder()
{
Name = isInstance1 ? ".AspNetCore.Session.MyApp1" : ".AspNetCore.Session.MyApp2",
Path = isInstance1 ? "/MyApp1" : "/MyApp2"
}
});
在 IIS 应用程序池高级设置中启用 LoadUserProfile。
如果您在通过 IIS 托管应用程序时看到此错误,请尝试在应用程序池设置中将“加载用户配置文件”设置为“True”。
我也有同样的问题。 我通过以下方式修复了它:
Startup的ConfigureServices方法:
services.AddControllersWithViews()
.AddSessionStateTempDataProvider();
services.AddRazorPages()
.AddSessionStateTempDataProvider();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(4);
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.HttpOnly = true;
// Make the session cookie essential if you wish
//options.Cookie.IsEssential = true;
});
Startup 的配置方法:
app.UseCookiePolicy();
app.UseSession();
将您的 services.AddSession() 更改为以下内容:
services.AddSession(options =>
{
// Set a short timeout for easy testing.
options.IdleTimeout = TimeSpan.FromMinutes(60);
// You might want to only set the application cookies over a secure connection:
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.HttpOnly = true;
// Make the session cookie essential
options.Cookie.IsEssential = true;
});
这应该可以解决你的问题!