我想使用cookie授权从MVC网站向WebApi发送ajax请求。 但是 我陷入困境。跨域cookie认证麻烦WebApi ASP.NET
ControllerContext.RequestContext.Principal
为空。它似乎无法识别Cookie,除非它存在于请求中。 我有两个应用程序 1 - MVC主要 2 - WebApi额外 MVC请求WebApi。两者都使用普通的身份用户
这是我实现
登记IAppBuilder
public static void Register(IAppBuilder app) { app.CreatePerOwinContext(MyDbContext.Create); app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); app.UseCookieAuthentication(new CookieAuthenticationOptions() { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, CookieName = ".AspNet.Cookies", CookieSecure = CookieSecureOption.Never, AuthenticationMode = AuthenticationMode.Active }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); }
我ApplicationManager是:
public class ApplicationUserManager : UserManager<ApplicationUser> { public ApplicationUserManager(IUserStore<ApplicationUser> store) : base(store) { } public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context) { var appDbContext = context.Get<MyDbContext>(); var appUserManager = new ApplicationUserManager(new UserStore<ApplicationUser>(appDbContext)); return appUserManager; } }
中的WebAPI和MVC
同样MachineKeys的<的machineKey解密= “AES” decryptionKey = “F7F ...” 验证= “SHA1” 的validationKey = “DD2 ...”/ >
覆盖有授权控制器属性
[Authorize] [EnableCors(origins: "*", headers: "*", methods: "*", SupportsCredentials = true)] public sealed class BalanceController : ApiController ...
请任何帮助。