RewritePath之后,ASP.NET表单身份验证很麻烦
[英]ASP.NET forms authentication is screwy after RewritePath
问题描述
I have a problem which I can't replicate on my dev server (IIS 8.5), but which is happening on my live server. 
我有一个问题,我无法在开发服务器(IIS 8.5)上复制,但是正在我的实时服务器上发生。
The ASP.NET website uses forms authentication, which works perfectly unless the URL is rewritten. ASP.NET网站使用表单身份验证,除非重写URL,否则它可以完美地工作。 On rewritten URLs, the user is not considered logged in. If you click "log in", then the user is logged in without redirecting to the login form! 在重写的URL上,不认为该用户已登录。如果单击“登录”,则该用户将登录,而不会重定向到登录表单! This means the cookie is somehow being used to authenticate the user after clicking "log in". 这意味着单击“登录”后,将以某种方式使用cookie来验证用户身份。 Refreshing the rewritten page reverts to not being logged in. 刷新重写的页面将恢复为未登录状态。
Here are some concrete examples: 以下是一些具体示例:
Go to http://www.paraglidingmap.com and log in with the following details (top right of the screen): 转到http://www.paraglidingmap.com并使用以下详细信息登录(屏幕右上方):
Username: test 用户名:test
Password: hibiscus 密码:芙蓉
Now go to this page which uses URL redirection, and you will not be logged in! 现在转到使用URL重定向的页面,您将无法登录! But if you click "log in", you will be magically logged in until you refresh the page. 但是,如果您单击“登录”,您将神奇地登录,直到刷新页面为止。 http://www.paraglidingmap.com/page/AppAndroid http://www.paraglidingmap.com/page/AppAndroid
Someone out there must be smarter than me. 外面肯定有人比我聪明。 Why is this only happening on the live server and not dev? 为什么这仅在实时服务器上发生而在dev上没有发生? I have checked that integrated pipeline is used on both servers. 我检查了两个服务器上都使用了集成管道。
1 个解决方案
解决方案1
0 2015-07-01 14:02:55
I have found a solution. 我找到了解决方案。 Instead of using HttpContext.Current.RewritePath, using Context.Server.TransferRequest seems to also transfer the request cookie. 而不是使用HttpContext.Current.RewritePath,使用Context.Server.TransferRequest似乎也可以传输请求cookie。
I would be grateful if anyone could explain why this is the case. 如果有人能解释为什么会这样,我将不胜感激。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.