问题描述

我在Azure上托管了Angle 5应用程序和.net Core 2.0 Web API应用程序作为应用程序服务.应用程序具有两个网址，如下所示.

I have angular 5 app and .net core 2.0 web api app hosted on azure as app services.Apps have two urls as below.

angularclient.azurewebsites.net
serviceapi.azurewebsites.net

angularclient.azurewebsites.net
serviceapi.azurewebsites.net

我面临的问题是有角度的应用程序没有收到由serviceapi发送的.AspNetCore.Antiforgery cookie.由Angular应用程序生成的Http发布请求具有"withCredentials:true"标头.我已经在服务API中定义了cors策略，如下所示.

The issue I am facing is angular app not receiving .AspNetCore.Antiforgery cookie that is sent by serviceapi. Http post request generated by angular app has "withCredentials: true" header. I have defined cors policy in service API as below.

      app.UseCors(builder => builder.WithOrigins("angularclient.azurewebsites.net").AllowAnyMethod().AllowAnyHeader());

我已使用POSTMAN发送了一个请求，并测试了cookie是否由服务器发送.对于POSTMAN请求，正在接收cookie，没有任何问题.当我将应用程序托管在测试IIS服务器中并进行检查时.在该环境中，应用程序运行良好.帮助我找到此问题的解决方案.

I have sent a request using POSTMAN and test if cookies are sent by the server. For the POSTMAN request cookies are receiving without any issue. When I host the apps in my test IIS server and check. On that environment application working fine. Help me to find a solution to this issue.

推荐答案

这需要一周的时间才能找到在Azure应用服务中发生此问题的原因.原因是Microsoft通过将其包含在公共后缀列表中来禁止azurewebsites.net顶级域上的cookie.您可以在此处找到更多详细信息

This takes a week to find a reason why this issue happened in azure app services. Reason was Microsoft has banned cookies on azurewebsites.net top domain by including it in public suffix list. You can find more details from here

这篇关于在Azure应用程序服务上运行的Angular应用程序未收到Azure上的.net核心Web API应用程序发送的.AspNetCore.Antiforgery cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！