{"id":11861,"date":"2019-08-20T22:36:01","date_gmt":"2019-08-20T22:36:01","guid":{"rendered":"https:\/\/www.gencayyildiz.com\/blog\/?p=11861"},"modified":"2019-08-21T08:29:00","modified_gmt":"2019-08-21T08:29:00","slug":"asp-net-core-identity-cookie-bazli-kimlik-dogrulama-ix","status":"publish","type":"post","link":"https:\/\/www.gencayyildiz.com\/blog\/asp-net-core-identity-cookie-bazli-kimlik-dogrulama-ix\/","title":{"rendered":"Asp.NET Core Identity – Cookie Bazl\u0131 Kimlik Do\u011frulama – IX"},"content":{"rendered":"
<\/div>\n

Merhaba,<\/p>\n

Bu i\u00e7eri\u011fimizde; art\u0131k Asp.NET Core Identity yaz\u0131 dizimizde<\/a> s\u0131ra Cookie bazl\u0131 kimlik do\u011frulama mekanizmas\u0131n\u0131 in\u015fa etmeye geldi\u011finden dolay\u0131 web uygulamam\u0131zda kullan\u0131c\u0131 do\u011frulama kontrol\u00fcn\u00fcn Cookie mekanizmas\u0131yla nas\u0131l yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131n\u0131 inceleyecek ve uygulamal\u0131 olarak \u00f6rneklendirece\u011fiz.<\/p>\n

Yine uygulamay\u0131 yaz\u0131 dizimizde \u015fu ana kadar bizlere e\u015flik eden malum projemiz \u00fczerinden prati\u011fe d\u00f6kece\u011fiz. Evet, hadi ba\u015flayal\u0131m…<\/p>\n

Uygulamada Temel Cookie Konfig\u00fcrasyonunun Yap\u0131land\u0131r\u0131lmas\u0131<\/h3>\n

Uygulamada Cookie bazl\u0131 kimlik do\u011frulamas\u0131 yapabilmek i\u00e7in her\u015feyden \u00f6nce Cookie konfig\u00fcrasyonunun ger\u00e7ekle\u015ftirilmesi gerekmekte ve bunun i\u00e7in her zaman oldu\u011fu gibi “Startup.cs” dosyas\u0131nda \u00e7al\u0131\u015f\u0131lmas\u0131 gerekmektedir.<\/p>\n

\r\n    public class Startup\r\n    {\r\n        public IConfiguration Configuration { get; set; }\r\n        public Startup(IConfiguration configuration) => Configuration = configuration;\r\n        public void ConfigureServices(IServiceCollection services)\r\n        {\r\n            services.AddDbContext<AppDbContext>(_ => _.UseSqlServer(Configuration["ConnectionStrings:SqlServerConnectionString"]));\r\n            services.AddIdentity<AppUser, AppRole>(_ =>\r\n            {\r\n                _.Password.RequiredLength = 5; \/\/En az ka\u00e7 karakterli olmas\u0131 gerekti\u011fini belirtiyoruz.\r\n                _.Password.RequireNonAlphanumeric = false; \/\/Alfanumerik zorunlulu\u011funu kald\u0131r\u0131yoruz.\r\n                _.Password.RequireLowercase = false; \/\/K\u00fc\u00e7\u00fck harf zorunlulu\u011funu kald\u0131r\u0131yoruz.\r\n                _.Password.RequireUppercase = false; \/\/B\u00fcy\u00fck harf zorunlulu\u011funu kald\u0131r\u0131yoruz.\r\n                _.Password.RequireDigit = false; \/\/0-9 aras\u0131 say\u0131sal karakter zorunlulu\u011funu kald\u0131r\u0131yoruz.\r\n\r\n                _.User.RequireUniqueEmail = true; \/\/Email adreslerini tekille\u015ftiriyoruz.\r\n                _.User.AllowedUserNameCharacters = "abc\u00e7defghi\u0131jklmno\u00f6pqrs\u015ftu\u00fcvwxyzABC\u00c7DEFGHI\u0130JKLMNO\u00d6PQRS\u015eTU\u00dcVWXYZ0123456789-._@+"; \/\/Kullan\u0131c\u0131 ad\u0131nda ge\u00e7erli olan karakterleri belirtiyoruz.\r\n            }).AddPasswordValidator<CustomPasswordValidation>()\r\n              .AddUserValidator<CustomUserValidation>()\r\n              .AddErrorDescriber<CustomIdentityErrorDescriber>().AddEntityFrameworkStores<AppDbContext>();\r\n\r\n            services.ConfigureApplicationCookie(_ =>\r\n            {\r\n                _.LoginPath = new PathString("\/User\/Login");\r\n                _.Cookie = new CookieBuilder\r\n                {\r\n                    Name = "AspNetCoreIdentityExampleCookie", \/\/Olu\u015fturulacak Cookie'yi isimlendiriyoruz.\r\n                    HttpOnly = false, \/\/K\u00f6t\u00fc niyetli insanlar\u0131n client-side taraf\u0131ndan Cookie'ye eri\u015fmesini engelliyoruz.\r\n                    Expiration = TimeSpan.FromMinutes(2), \/\/Olu\u015fturulacak Cookie'nin vadesini belirliyoruz.\r\n                    SameSite = SameSiteMode.Lax, \/\/Top level navigasyonlara sebep olmayan requestlere Cookie'nin g\u00f6nderilmemesini belirtiyoruz.\r\n                    SecurePolicy = CookieSecurePolicy.Always \/\/HTTPS \u00fczerinden eri\u015filebilir yap\u0131yoruz.\r\n                };\r\n                _.SlidingExpiration = true; \/\/Expiration s\u00fcresinin yar\u0131s\u0131 kadar s\u00fcre zarf\u0131nda istekte bulunulursa e\u011fer geri kalan yar\u0131s\u0131n\u0131 tekrar s\u0131f\u0131rlayarak ilk ayarlanan s\u00fcreyi tazeleyecektir.\r\n                _.ExpireTimeSpan = TimeSpan.FromMinutes(2); \/\/CookieBuilder nesnesinde tan\u0131mlanan Expiration de\u011ferinin varsay\u0131lan de\u011ferlerle ezilme ihtimaline kar\u015f\u0131n tekrardan Cookie vadesi burada da belirtiliyor.\r\n            });\r\n\r\n            services.AddMvc();\r\n        }\r\n\r\n        public void Configure(IApplicationBuilder app, IHostingEnvironment env)\r\n        {\r\n            if (env.IsDevelopment())\r\n                app.UseDeveloperExceptionPage();\r\n\r\n            app.UseStatusCodePages();\r\n            app.UseStaticFiles();\r\n            app.UseAuthentication();\r\n            app.UseMvc(_ => _.MapRoute("Default", "{controller=Home}\/{action=Index}\/{id?}"));\r\n        }\r\n    }\r\n<\/pre>\n
Yukar\u0131daki “Startup.cs” dosyas\u0131n\u0131n kodlar\u0131n\u0131 incelerseniz e\u011fer “ConfigureServices” metodu i\u00e7erisinde uygulamaya 22 ile 35. sat\u0131rlar\u0131 aras\u0131nda eklenen “ConfigureApplicationCookie” servisine g\u00f6z atarsan\u0131z e\u011fer parametre olarak belirtilen lambda ifadesiyle belli ba\u015fl\u0131 tan\u0131mlamalar yap\u0131lm\u0131\u015ft\u0131r. Bu tan\u0131mlamalar\u0131n ne oldu\u011funa dair a\u00e7\u0131klamalar kod k\u0131sm\u0131nda yorum sat\u0131r\u0131 olarak yanlar\u0131na yaz\u0131lm\u0131\u015ft\u0131r.<\/p>\n
\u0130\u015fte bu \u015fekilde uygulamada kullan\u0131lacak olan Cookie yap\u0131lanmas\u0131n\u0131n temel konfig\u00fcrasyonunu sa\u011flam\u0131\u015f bulunmaktay\u0131z. Burada devam etmeksizin “CookieBuilder” nesnesinin “SameSite” ve “SecurePolicy” olmak \u00fczere iki propertysi \u00fczerinde durmak ve detayland\u0131rmak istiyorum.<\/p>\n\n\n\n\n\n
SameSite<\/td>\nSecurePolicy<\/td>\n<\/tr>\n<\/thead>\n
SameSite, uygulamam\u0131za ait Cookie bilgilerinin 3. taraflardan kaynaklanan isteklere g\u00f6nderilip g\u00f6nderilmemesi ayar\u0131n\u0131 yapt\u0131\u011f\u0131m\u0131z bir \u00f6zelliktir. “None”, “Strict” ve “Lax” olmak \u00fczere \u00fc\u00e7 farkl\u0131 de\u011fer al\u0131r.<\/p>\n
    \n
  • None<\/strong>
    \nUygulamaya ait Cookie bilgilerini 3. taraf iste\u011fe ekler ve g\u00f6nderir.<\/li>\n
  • Strict<\/strong>
    \nUygulamaya iat Cookie bilgilerini 3. taraf hi\u00e7bir iste\u011fe g\u00f6ndermez.<\/li>\n
  • Lax<\/strong>
    \nUygulamaya ait Cookie bilgilerini \u00fcst d\u00fczey(top level) navigasyonlara sebep olmayan yani bir ba\u015fka deyi\u015fle adres \u00e7ubu\u011fundaki de\u011fi\u015fikliklere neden olmayan isteklere g\u00f6ndermeyecektir.<\/li>\n<\/ul>\n<\/td>\n
SecurePolicy, uygulamam\u0131za ait Cookie bilgilerinin g\u00fcvenilir(HTTPS) ya da g\u00fcvensiz(HTTP) \u00fczerinden eri\u015filebilir olup olmamas\u0131n\u0131 ayarlad\u0131\u011f\u0131m\u0131z \u00f6zelliktir. “Always”, “SameAsRequest” ve “None” olmak \u00fczere \u00fc\u00e7 farkl\u0131 de\u011fer al\u0131r.<\/p>\n