堆栈内存溢出
  简体   繁体   English

表单身份验证跨应用程序没有cookie

[英]Forms Authentication Across Applications has no cookie

 原文  2013-12-04 21:37:47       c#/ asp.net/ asp.net-mvc/ cookies/ forms-authentication

问题描述

I have two applications. 我有两个申请。 The first one is an ASP.NET 4 MVC application that requires authentication. 第一个是需要身份验证的ASP.NET 4 MVC应用程序。 The second is an app that will handle the authentication and set the forms authentication cookie. 第二个是应用程序,它将处理身份验证并设置表单身份验证cookie。

On the authorizing app, I call 在授权应用程序上,我打电话 

FormsAuthentication.SetAuthCookie(username, false);

and then I do a simple Response.Redirect back to my MVC application. 然后我做一个简单的Response.Redirect回到我的MVC应用程序。

In the MVC app, I am making a custom filter that inherits from AuthorizeFilter. 在MVC应用程序中,我正在制作一个继承自AuthorizeFilter的自定义过滤器。 On the OnAuthorization method, I was going to decrypt the cookie and grab some additional user data from the authorized user. 在OnAuthorization方法上,我打算解密cookie并从授权用户那里获取一些额外的用户数据。

My problem is, that 我的问题是,那 

HttpContext.Current.Request.Cookies

has nothing in it. 什么都没有。 I have checked out fiddler, and the authentication app correctly sets the cookie, and the MVC application gets the cookie, but when it gets to my filter, there is nothing there. 我已经检查了fiddler,并且身份验证应用程序正确设置了cookie,MVC应用程序获取了cookie,但是当它到达我的过滤器时,那里什么都没有。

My web.config has in both applications has the exact same setup: 我的web.config在两个应用程序中都具有完全相同的设置: 

      <forms
    name=".ASPXFORMSAUTH"
    protection="All"
    path="/"
    timeout="30"
    enableCrossAppRedirects="true"
    domain="localhost"/>

And I have setup both with the same machineKey to be able to decrypt the cookie. 并且我已使用相同的machineKey设置两者以便能够解密cookie。 The problem is, I am not seeing any cookie in my OnAuthorization method within my MVC filter. 问题是,我在我的MVC过滤器中的OnAuthorization方法中没有看到任何cookie。

Right now both applications are running on my local IIS instance. 现在,两个应用程序都在我的本地IIS实例上运行。

1 个解决方案

解决方案1
 8 已采纳  2013-12-06 21:09:43

All the weird behavior was due to the httpRuntime between each application being different. 所有奇怪的行为都是由于每个应用程序之间的httpRuntime不同。 My MVC application was set to 4.5 while my application that was setting the cookie was 4.0. 我的MVC应用程序设置为4.5,而我设置cookie的应用程序是4.0。 Apparently there was a change in how the crypto happens behind the scenes, and therefore when the cookie came through the pipeline, it would get stripped out as ASP.NET couldn't decrypt it. 显然,加密在幕后发生了变化,因此当cookie通过管道时,它会因为ASP.NET无法解密而被剥离。

I came across this when I manually tried to decrypt the cookie by setting the name property different. 当我手动尝试通过将name属性设置为不同来解密cookie时,我遇到了这个问题。 That way I could access the cookie and try to dectypt, but at that point I would get an exception. 这样我可以访问cookie并尝试dectypt,但在那时我会得到一个例外。

I found the following link led me in the right direction: Sharing a cookie between two websites on the same domain 我发现以下链接引导我朝着正确的方向: 在同一个域上的两个网站之间共享cookie

By setting the compatibility mode setting on the machine key, the cookie came through just fine and could be decrypted. 通过在机器密钥上设置兼容模式设置,cookie可以很好地解密。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 表单身份验证Cookie是否未设置? - Forms Authentication Cookie is not setting? 表单身份验证Cookie替换 - forms authentication cookie replacement 表单身份验证和身份验证Cookie不持久 - Forms Authentication and authentication cookie not persisting 表单身份验证Cookie无法识别 - Forms Authentication Cookie Not Being Recognized 在表单身份验证Cookie中更新域 - Updating the Domain in Forms Authentication Cookie 基于Cookie的表单身份验证(禁用Cookie) - Cookie-based Forms Authentication with Cookies disabled 表单身份验证cookie似乎停止工作 - Forms Authentication cookie seems to stop working 用于SSO的C#表单身份验证.ASPXAUTH Cookie - C# Forms Authentication .ASPXAUTH Cookie for SSO Owin使用外部表单身份验证cookie - Owin use external forms authentication cookie 表单身份验证票是否将密码存储在Cookie中? - Forms authentication ticket is storing password in a cookie?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM