authentication - 切换到生产环境和 Https 时的 Asp Net Core Identity 问题

Question

一切都在开发本地机器上运行良好（像往常一样！）但是由于我发布了一个支持 HTTPS 的生产版本（=Environment Production），我遇到了以下问题。

首先点击登录调用我常用的登录页面：

然后，如果我想访问某个功能，应用程序会要求我使用默认的 Asp Net Core Identity 登录页面再次登录。奇怪的是我已经登录了，如页面右上角所示：

确实不一致：有时我可以立即登录有时我必须使用默认的“身份”登录页面进行第二步登录（这就像一个魔术，因为我的项目中没有这样的页面！ ）当我注销时，我得到一个nullreferenceobject-httpcontext也许这就是线索。

这让我觉得httpcontext设置不正确。下面是我来自 startup.cs 的身份验证配置：

#region Cookie options
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
     .AddCookie(options =>
     {
         options.Cookie.HttpOnly = true;
         options.Cookie.SecurePolicy = _environment.IsDevelopment()
           ? CookieSecurePolicy.None : CookieSecurePolicy.Always;
         options.Cookie.SameSite = SameSiteMode.Lax;
     });

services.ConfigureApplicationCookie(options =>
{
    options.AccessDeniedPath = "/Account/AccessDenied";
    options.Cookie.Name = "AuthCookie";
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
    options.LogoutPath = "/Account/Logout";
    options.LoginPath = "/Account/Login";
    // ReturnUrlParameter requires 
    options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
    options.SlidingExpiration = true;
    options.Cookie.SecurePolicy = _environment.IsDevelopment()
      ? CookieSecurePolicy.None : CookieSecurePolicy.Always;
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.Cookie.IsEssential = true;
});

services.AddDistributedMemoryCache();

services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromMinutes(60);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
});
#endregion

//This registers the various databases, either as in-memory or via SQL Server (see appsetting.json for connection strings)
var databaseSettings = new DatabaseSettings();
_configuration.GetSection("DatabaseSettings").Bind(databaseSettings);
services.RegisterDatabases(databaseSettings);


#region Identity Services

//https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-3.1
services.AddDefaultIdentity<ItemUser>(options =>
        options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ExtraAuthorizeDbContext>()
    .AddDefaultTokenProviders()
    .AddClaimsPrincipalFactory<CustomClaimsPrincipalFactory>();

// Register the Identity services.
services.Configure<IdentityOptions>(options =>
{
    // Password settings.
    options.Password.RequiredLength = 8;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireDigit = true;
    options.Password.RequireUppercase = true;
    options.Password.RequiredUniqueChars = 0;
    options.Password.RequireLowercase = true;
    options.Password.RequiredUniqueChars = 1;

    // Lockout settings.
    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(10);
    options.Lockout.MaxFailedAccessAttempts = 3;
    options.Lockout.AllowedForNewUsers = true;

    // User settings.
    options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+?!&$€%";
    options.User.RequireUniqueEmail = true;

    // Default SignIn settings.
    options.SignIn.RequireConfirmedEmail = true;
    options.SignIn.RequireConfirmedPhoneNumber = false;
});

services.AddScoped<IPasswordHasher<ItemUser>, IpsumPasswordHasher>();

#region Page Authorization
services.AddMvc() //to avoid adding Authorize attribute to all pages model
    .AddRazorPagesOptions(options =>
    {
        options.Conventions.AuthorizeFolder("/");
        //Manage folder need to be logged in
        options.Conventions.AuthorizeFolder("/Account/Manage");
        //Reset password doesn't need to logged in
        options.Conventions.AllowAnonymousToPage("/Account/ResetPassword");
        //Ask for checking email to validate email address
        options.Conventions.AllowAnonymousToPage("/Account/CheckEmail");
        //Message when Email has been confirmed
        options.Conventions.AllowAnonymousToPage("/Account/ConfirmEmail");
        //Authenticated on external login, ask for creating a backup account in the app
        options.Conventions.AllowAnonymousToPage("/Account/ExternalLogin");
        //Input Email to get a reset password email
        options.Conventions.AllowAnonymousToPage("/Account/ForgotPassword");
        //Ask for checking email to reset password
        options.Conventions.AllowAnonymousToPage("/Account/ForgotPasswordConfirmation");
        //User Profile
        options.Conventions.AllowAnonymousToPage("/Account/Index");
        //Notification that account is lock out
        options.Conventions.AllowAnonymousToPage("/Account/Lockout");
        //Login screen
        options.Conventions.AllowAnonymousToPage("/Account/Login");
        //Login when 2FA is enabled = seconde step after standard login
        options.Conventions.AllowAnonymousToPage("/Account/LoginWith2fa");
        //Login with recovery code = use recovery code if 2FA code not received
        options.Conventions.AllowAnonymousToPage("/Account/LoginWithRecoveryCode");
        //Notification log out successful
        options.Conventions.AllowAnonymousToPage("/Account/Logout");
        //Register as a new user
        options.Conventions.AllowAnonymousToPage("/Account/Register");

        options.Conventions.AllowAnonymousToPage("/Account/ResetPasswordConfirmation");

        options.Conventions.AllowAnonymousToPage("/stripewebhook");
    });
#endregion

我不知道在哪里检查以解决此问题。感谢您的帮助。