问题
I'm trying to deploy a .NET Core 2.2 app on IIS. The IIS server is configured for SSO with ADFS (SAML). That is working, and after successful authentication IIS stores the user's login attributes as session variables and uses a cookie for session id.
When I deploy a simple ASPX template to display the attributes, it works fine:
<% @ Page Language="C#" %>
<%
Response.Write("<h3>Session Variables</h3>");
Response.Write("User Id = " + Request["userId"] + "<br>");
Response.Write("Email = " + Request["email"] + "<br>");
%>
That code correctly displays the expected session attributes. However, when I deploy my .Net Core 2.2 application as an In-Process application to IIS. I'm unable to see those session attributes. Here is how I'm attempting to access the session variables:
_httpContextAccessor.HttpContext.Request.HttpContext.Session.GetString("userId"); <-- Returns Null
And in fact, I'm not getting ANY session variables at all:
_httpContextAccessor.HttpContext.Request.HttpContext.Session.Keys.Count().ToString(); <-- Returns 0
Am I able to access Session variables and Server variables set by IIS with .Net Core even though I'm deploying as "In-Process"? (https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-2.2#in-process-hosting-model)
Here is the webconfig:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\MyApp.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
</system.webServer>
</location>
<system.web>
<identity impersonate="false" />
</system.web>
</configuration>
-- EDIT - Adding Startup --
using cFTE_Services.Repositories;
using cFTE_Services.Services;
using Serilog;
namespace cFTEServices
{
using System;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Swashbuckle.AspNetCore.Swagger;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache();
services.AddSession(options => { options.Cookie.IsEssential = true; });
services.AddMvc(
config => {
config.Filters.Add(new CorsAuthorizationFilterFactory("CorsPolicy"));
config.Filters.Add(new AllowAnonymousFilter());
}
).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
var corsDomains = Environment.GetEnvironmentVariable("CORS_DOMAINS")?.Split(",");
services.AddCors(
options => {
options.AddPolicy(
"CorsPolicy",
builder => builder
.WithOrigins(corsDomains)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
);
}
);
services.AddHttpContextAccessor();
services.Configure<IISServerOptions>(options =>
{
options.AutomaticAuthentication = false;
});
//Services
services.AddScoped<IUserService, UserService>();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1",
new Info
{
Title = "My App",
Version = "v1"
});
});
Log.Warning("Config services complete.");
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "cFTE API v1");
});
app.UseSession();
app.UseCors("CorsPolicy");
app.UseMvc();
}
}
}
来源:https://stackoverflow.com/questions/57716069/net-core-2-2-and-iis-session-data