可能吗?是的.您将需要创建自己的身份中间件来处理不同的cookie，但这是可以做到的.

Possible? Yes. You would need to create your own identity middleware to handle different cookies but it can be done.

推荐? 否

安全性有2个独立的问题:身份验证和授权. Cookie可以很好地用于身份验证(某人是)，但是您应该使用角色和声明进行授权(某人可以做什么并可以访问)，这就是您的身份.重新尝试在这里解决.

There are 2 separate issues with security: authentication and authorization. Cookies work well for authentication (who someone is) and but you should use roles and claims for authorization (what someone can do and has access to), which is what you're trying to solve here.

ASP.NET的身份框架已经为角色和声明提供了强大的支持，因此您可以为所有人使用标准的用户模型，为某些用户添加管理员"角色，然后根据需要添加更具体的声明.

ASP.NET's Identity framework already has great support for both Roles and Claims so you can use a standard user model for everyone, add an "admin" role for some users, and then add even more specific claims as needed.

用于处理授权的文档非常详细信息，并为您提供了很好的选择指南.可以通过将角色和声明添加到用户配置文件中，然后在控制器路由方法上使用[Attributes]来轻松实施它们，如下所示:

The documentation for handling authorization is very detailed and gives you a great walkthrough of options. Both Roles and Claims can easily be enforced by adding them to a user profile and then using [Attributes] on your controller route methods, as shown below:

角色:

[Authorize(Roles = "Administrator")]
public class AdministrationAreaController : Controller
{
    public IActionResult Index()
    {
    }
}

索赔:

[Authorize(Policy = "EmployeeOnly")]
public class ClientAreaController : Controller
{
    public IActionResult Index()
    {
    }
}