From 9ca041ac18b91f46e3ff6e210415b07ddb7f27e6 Mon Sep 17 00:00:00 2001 From: SamSys Date: Wed, 11 Jun 2025 15:32:40 +0330 Subject: [PATCH] add Authorization setting for next - subdomain --- .../BaseControllers/AdminController.cs | 2 +- ServiceHost/Program.cs | 34 +++++++++++++++++-- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/ServiceHost/BaseControllers/AdminController.cs b/ServiceHost/BaseControllers/AdminController.cs index b9e9c2ff..69f37ff6 100644 --- a/ServiceHost/BaseControllers/AdminController.cs +++ b/ServiceHost/BaseControllers/AdminController.cs @@ -2,7 +2,7 @@ using Microsoft.AspNetCore.Mvc; namespace ServiceHost.BaseControllers; -//[Authorize(Policy = "AdminArea")] +[Authorize(Policy = "AdminArea")] [Area("Admin")] [ApiExplorerSettings(GroupName = "Admin")] [Route("api/[area]/[controller]")] diff --git a/ServiceHost/Program.cs b/ServiceHost/Program.cs index 4ac2a728..f8cb86cd 100644 --- a/ServiceHost/Program.cs +++ b/ServiceHost/Program.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Collections.Generic; using _0_Framework.Application.Sms; using _0_Framework.Application; @@ -71,9 +71,19 @@ builder.Services.Configure(options => builder.Services.Configure(options => { options.CheckConsentNeeded = context => true; - options.MinimumSameSitePolicy = SameSiteMode.Strict; + //options.MinimumSameSitePolicy = SameSiteMode.Strict; }); +builder.Services.ConfigureApplicationCookie(options => +{ + //options.Cookie.Name = "GozarAuth"; + options.Cookie.HttpOnly = true; + options.Cookie.SameSite = SameSiteMode.None; // مهم ✅ + options.Cookie.SecurePolicy = CookieSecurePolicy.Always; // فقط روی HTTPS کار می‌کنه ✅ + options.Cookie.Domain = ".dad-mehr.ir"; // دامنه مشترک بین پدر و ساب‌دامین‌ها ✅ +}); + + builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => { @@ -148,6 +158,25 @@ builder.Services.AddSignalR(); #endregion +builder.Services.AddCors(options => +{ + options.AddPolicy("AllowSpecificOrigins", policy => + { + policy.WithOrigins( + "http://localhost:3000", + "http://localhost:3001", + "https://gozareshgir.ir", + "https://dad-mehr.ir", + "https://admin.dad-mehr.ir", + "https://admin.gozareshgir.ir" + ) + .AllowAnyHeader() + .AllowAnyMethod() + .AllowCredentials(); + }); +}); + + #region PWA //old @@ -198,6 +227,7 @@ app.UseStaticFiles(); app.UseCookiePolicy(); app.UseRouting(); +app.UseCors("AllowSpecificOrigins"); app.UseAuthorization();