使用自定义窗体身份验证表单身份验证续订问题
[英]Forms Authentication Renewal Issue with Custom Forms Authentication
问题描述
My project has problem renewing Forms Authentication Session due to conflicting Forms Auth Cookies. 
由于表格身份验证Cookie冲突,我的项目更新了表单身份验证会话。
Detailed Description: 详细说明:
After a user logged in, one forms auth cookie (FACookieA) is created, and s/he is authenticated. 用户登录后,会创建一个表单身份验证cookie(FACookieA),并对其进行身份验证。 When it comes to renew the cookie, however, a second forms auth cookie (FACookieB) is created, and FACookieA is not renewed. 但是,在更新cookie时,会创建第二个表单auth cookie(FACookieB),并且不会续订FACookieA。 The User is redirected to login page on page request after the expiration time in FACookieA, even it is before expiration time in FACookieB. 在FACookieA中的到期时间之后,用户被重定向到页面请求上的登录页面,即使它在FACookieB中的到期时间之前。
Generated cookies: 生成的cookie:
Please note that both cookies have the same name. 请注意,两个cookie都具有相同的名称。
FACookieA : FACookieA :
name: FormsAuth
domain: .formsauth.com
please note the "." 请注意“。” pre-appended by .NET, the "formsauth.com" is from Forms Authentication Ticket section 由.NET预先附加,“formsauth.com”来自Forms Authentication Ticket部分
FACookieB : FACookieB :
name: FormsAuth
host: a.formsauth.com
please note the cookie uses "host", not domain, and "a.formsauth.com" is based on the current request url domain. 请注意,cookie使用“host”,而不是域,“a.formsauth.com”基于当前请求url域。
Project url tested: 项目网址测试:
a.formsauth.com
Web.config: Web.config文件:
<forms loginUrl="~/Account/Login.aspx" name="FormsAuth"/>
Code 码
public partial class Account_Login : System.Web.UI.Page
{
protected void LoginButton_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(LoginUser.UserName.Trim(), LoginUser.Password.Trim()))
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
"username",
DateTime.Now,
DateTime.Now.AddMinutes(2),
false,
string.Empty
);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.Domain = "formsauth.com";
cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Remove(cookie.Name);
Response.Cookies.Add(cookie);
Response.Redirect("~/Account/ChangePassword.aspx"); //authenticated area
}else
{
Response.Write("Invalid UserID and Password");
}
}
}
Questions: 问题:
1) How to generate one forms auth cookie, so that users can renew forms auth session and will not be logged out? 1)如何生成一个表单auth cookie,以便用户可以更新表单auth session并且不会被注销?
Considerations: 注意事项:
1) The project needs to support multiple languages, with possible domain formats below: 1)项目需要支持多种语言,可能的域格式如下:
a.formsauth.com
a.en.formsauth.com
a.us.formsauth.com
and 和
b.formsauth.com
b.en.formsauth.com
b.us.formsauth.com
Thus, I cannot set the domain attribute of Forms element declaratively. 因此,我无法以声明方式设置Forms元素的domain属性。 Because two sets of domain cannot share cookie, sharing cookie within one set is allowed. 由于两组域无法共享cookie,因此允许在一组内共享cookie。 That is the same code base is used for different apps with different domains. 这是相同的代码库用于具有不同域的不同应用程序。 But one set of domain can share cookie. 但是一组域可以共享cookie。
2) The default built-in FormsAuthenticationModule renews user session cookie, which is why I has no control over the domain in the cookie. 2)默认的内置FormsAuthenticationModule更新用户会话cookie,这就是我无法控制cookie中域的原因。 Please note that FormsAuthenticationTicket is used to create cookie upon use login as shown above. 请注意,FormsAuthenticationTicket用于在使用登录时创建cookie,如上所示。
Any idea? 任何想法?
3 个解决方案
解决方案1
0 2015-04-27 22:16:27
The logic of the code is not very clear, Not clear why you are attempting to replace cookies.) 代码的逻辑不是很清楚,不清楚为什么你试图替换cookie。)
However I am going to guess that the redirection is happening before the new cookie has been registered. 但是我猜测重定向是在新cookie注册之前发生的。
Response.Cookies.Remove(cookie.Name);
Add Code here to check if cookie is removed before you try to add the other 在此处添加代码以检查在尝试添加其他cookie之前是否删除了cookie
Response.Cookies.Add(cookie);
Add code here to make sure the cookie has been registered by the browser (?), before you redirect 在重定向之前,在此处添加代码以确保浏览器(?)已注册cookie
解决方案2
0 2015-05-01 19:54:24
You can't mix host and domain cookies with the same name. 您不能将主机和域Cookie混合使用相同的名称。 To make this work all cookies will need to be set at the top level domain. 要使这项工作,所有cookie都需要在顶级域设置。
解决方案3
0 2015-06-01 22:06:03
Try to use following code.I hope that will help you. 尝试使用以下代码。我希望这会对你有所帮助。
if (Membership.ValidateUser(LoginUser.UserName.Trim(), LoginUser.Password.Trim())) { if(Membership.ValidateUser(LoginUser.UserName.Trim(),LoginUser.Password.Trim())){
int timeout = model.RememberMe ? 525600 : 30;
//DateTime timeout = model.RememberMe ? 525600 : 30;
string userData = JsonConvert.SerializeObject(model);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, login[0].adminUserName, DateTime.Now, DateTime.Now.AddMinutes(525600), false, userData);
string enTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authcookie = new HttpCookie(FormsAuthentication.FormsCookieName, enTicket);
Response.Cookies.Add(authcookie);
return Response.Redirect("~/Account/ChangePassword.aspx"); //authenticated area
}
else
{
Response.Write("Invalid UserID and Password");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.