[英]ASP.NET Membership API not working on Win2008 server/IIS7
I have a very odd problem. 我有一个很奇怪的问题。 I have a web app that uses the .NET Membership API to provide login functionality. 我有一个使用.NET Membership API提供登录功能的Web应用程序。
This works fine on my local dev machine, using WebDev 4.0 server. 使用WebDev 4.0服务器,在我的本地开发机器上运行良好。
I'm using .NET 4.0 with some URL Rewriting, but not on the pages where login is required. 我正在使用带有某些URL重写的.NET 4.0,但未在需要登录的页面上使用。
I have a Windows Server 2008 with IIS7 我有一个带有IIS7的Windows Server 2008
However, the Membership API seemingly does not work on the server. 但是,成员资格API似乎在服务器上不起作用。 I have set up remote debugging and the LoginUser.LoggedIn event of the LoginUser control gets fired okay, but the MembershipUser is null. 我已经设置了远程调试,并且LoginUser控件的LoginUser.LoggedIn事件被触发,但是MembershipUser为null。 I get no answer about the username/password being invalid so it seems to be recognising it. 我没有收到有关用户名/密码无效的答案,因此似乎可以识别它。
If I enter an invalid username/password, I get an invalid username/password response. 如果输入无效的用户名/密码,则会收到无效的用户名/密码响应。
Some code, if it helps: 一些代码,如果有帮助的话:
<asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="validation-error-list" ValidationGroup="LoginUserValidationGroup"/>
<div class="accountInfo">
<fieldset class="login">
<legend>Account Information</legend>
<p>
<asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
<asp:TextBox ID="UserName" runat="server" CssClass="textEntry"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
CssClass="validation-error" Display="Dynamic" ErrorMessage="User Name is required." ToolTip="User Name is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
<asp:TextBox ID="Password" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
CssClass="validation-error" Display="Dynamic" ErrorMessage="Password is required." ToolTip="Password is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:CheckBox ID="RememberMe" runat="server"/>
<asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
</p>
</fieldset>
<p class="login-action">
<asp:Button ID="LoginButton" runat="server" CommandName="Login" CssClass="submitButton" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
</p>
</div>
and the code behind: 以及后面的代码:
protected void Page_Load(object sender, EventArgs e)
{
LoginUser.LoginError += new EventHandler(LoginUser_LoginError);
LoginUser.LoggedIn += new EventHandler(LoginUser_LoggedIn);
}
void LoginUser_LoggedIn(object sender, EventArgs e)
{
// this code gets run so it appears logins work
Roles.DeleteCookie(); // this behaviour has been removed for testing - no difference
}
void LoginUser_LoginError(object sender, EventArgs e)
{
HtmlGenericControl htmlGenericControl = LoginUser.FindControl("errorMessageSpan") as HtmlGenericControl;
if (htmlGenericControl != null) htmlGenericControl.Visible = true;
}
I have "Fiddled" with the Login form reponse and I get the following Cookie-Set headers: 我的登录表单响应为“ Fiddled”,并且得到以下Cookie-Set标头:
Set-Cookie: ASP.NET_SessionId=lpyyiyjw45jjtuav1gdu4jmg; path=/; HttpOnly
Set-Cookie: .ASPXAUTH=A7AE08E071DD20872D6BBBAD9167A709DEE55B352283A7F91E1066FFB1529E5C61FCEDC86E558CEA1A837E79640BE88D1F65F14FA8434AA86407DA3AEED575E0649A1AC319752FBCD39B2A4669B0F869; path=/; HttpOnly
Set-Cookie: .ASPXROLES=; expires=Mon, 11-Oct-1999 23:00:00 GMT; path=/; HttpOnly
I don't know what is useful here because it is obviously encrypted but I find the .APXROLES cookie having no value interesting. 我不知道这里有什么用,因为它显然已加密,但是我发现.APXROLES cookie没有任何价值。 It seems to fail to register the cookie, but passes authentication. 它似乎无法注册cookie,但是通过了身份验证。
Updates: 更新:
Have tried in Classic and Integrated mode: the same behavior 在经典和集成模式下尝试过:相同的行为
ASP.NET user NETWORK SERVICE (NT AUTHORITY/NETWORK SERVICE) has membership of all the aspnet_* roles. ASP.NET用户网络服务(NT AUTHORITY / NETWORK SERVICE)具有所有aspnet_ *角色的成员身份。
make sure you have formsauth set in IIS as the security type. 确保已在IIS中将FormsAuth设置为安全类型。
look here for the auth types: http://learn.iis.net/page.aspx/142/understanding-iis-url-authorization/ 在此处查找身份验证类型: http : //learn.iis.net/page.aspx/142/understanding-iis-url-authorization/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.