iis “取消保护会话cookie时出错”异常错误

7xzttuei 于 2022-11-12 发布在其他

关注(0)|答案(3)|浏览(192)

我有一个使用此身份验证设置的ASP.NET MVC应用程序：
配置服务（）：

services.AddSession()
services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);

设定（）：

app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
        {
            ClientId = "xx",
            Authority = "xx",
            Events = new OpenIdConnectEvents { OnRemoteFailure = this.OnAuthenticationFailed }
        });

在IIS中承载时，某些用户会遇到此异常：

Microsoft.AspNetCore.Session.SessionMiddleware, 
      Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {9ec59def-874e-45df-9bac-d629f5716a04} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)

我已经在托管服务器https://github.com/aspnet/DataProtection/blob/dev/Provision-AutoGenKeys.ps1上运行了此程序
Web仅具有HTTPS绑定，SSL证书正常且已签名。可能导致此问题的原因是什么？“密钥”值实际是什么？

iis

来源：https://stackoverflow.com/questions/40865011/error-unprotecting-the-session-cookie-exception

3条答案

按热度按时间

68bkxrlz1#

services.AddSession(options => {
    options.IdleTimeout = TimeSpan.FromHours(12);
    options.Cookie.Name = ".yourApp.Session"; // <--- Add line
    options.Cookie.IsEssential = true;
});

赞(0）回复(0）举报 2022-11-12

vh0rcniy2#

我遇到了同样的问题。我通过以下方法解决了它：

*按如下所述配置会话：https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-5.0

启动的ConfigureServices方法：

services.AddControllersWithViews()
            .AddSessionStateTempDataProvider();

    services.AddRazorPages()
            .AddSessionStateTempDataProvider();

    services.AddSession(options =>
    {
        options.IdleTimeout = TimeSpan.FromHours(4);
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.Cookie.SameSite = SameSiteMode.Strict;
        options.Cookie.HttpOnly = true;
        // Make the session cookie essential if you wish
        //options.Cookie.IsEssential = true;
    });

启动的Configure方法：

app.UseCookiePolicy();

        app.UseSession();

*删除此网站浏览器中所有现有的Cookie（或者服务器可能会尝试读取旧的Cookie，即使您同时修复了该问题）

赞(0）回复(0）举报 2022-11-12

nuypyhwy3#

更改您的service.addSession（）为以下内容：

services.AddSession(options =>
    {
        // Set a short timeout for easy testing.
        options.IdleTimeout = TimeSpan.FromMinutes(60);
        // You might want to only set the application cookies over a secure connection:
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.Cookie.SameSite = SameSiteMode.Strict;
        options.Cookie.HttpOnly = true;
        // Make the session cookie essential
        options.Cookie.IsEssential = true;
    });

这应该可以解决您的问题！

赞(0）回复(0）举报 2022-11-12

我来回答

iis “取消保护会话cookie时出错”异常错误

3条答案

相关问题

热门标签

最新问答