[英]Can an ASP.NET 4.0 application within an ASP.NET 2.0 site use the same Forms Authentication cookie?
See update at bottom of question 请参阅问题底部的更新
I have an ASP.NET 2.0 web application (say https://mysite.somedomain.com/
) which uses forms authentication. 我有一个ASP.NET 2.0 Web应用程序(比如
https://mysite.somedomain.com/
),它使用表单身份验证。 I wish to integrate an ASP.NET 4.0 web app within this site, based at https://mysite.somedomain.com/NewApp/
. 我希望在此站点中集成ASP.NET 4.0 Web应用程序,基于
https://mysite.somedomain.com/NewApp/
。 Forms Auth is working on the outer app, but the inner app is rejecting the cookie. Forms Auth正在处理外部应用程序,但内部应用程序拒绝cookie。
web.config
on the outer (ASP.NET 2.0) web app contains: 外部(ASP.NET 2.0)Web应用程序上的
web.config
包含:
<httpCookies requireSSL="true"/>
<authentication mode="Forms">
<forms name="MySiteWebAuth" loginUrl="/Login.aspx" protection="All"
path="/" timeout="90" requireSSL="true" slidingExpiration="true"/>
</authentication>
<machineKey (same machine key is in both configs)
validation="SHA1"
decryption="AES"/>
<authorization>
<deny users="?"/>
<allow users="*" />
</authorization>
web.config
on the inner (ASP.NET 4.0) web app contains: 内部(ASP.NET 4.0)Web应用程序上的
web.config
包含:
<authentication mode="Forms">
<forms name="MySiteWebAuth" loginUrl="/Login.aspx" protection="All"
path="/" timeout="90" requireSSL="true" slidingExpiration="true"
ticketCompatibilityMode="Framework20"/>
</authentication>
<machineKey (same machine key is in both configs)
validation="SHA1"
decryption="AES"/>
This is the code in Login.aspx.cs that sets the cookie on successful authentication: 这是Login.aspx.cs中的代码,用于在成功验证时设置cookie:
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(
1,
ApplicationContext.User.Identity.Name,
DateTime.Now,
DateTime.Now.AddMinutes(90),
false,
ApplicationContext.User.Identity.SessionID.ToString()
);
HttpCookie cookie =
new HttpCookie(
FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket)
);
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
If I log into the outer web app, then navigate to a page within the inner web app, it does a redirect to the login page and writes Forms authentication failed for the request. Reason: The ticket supplied was invalid.
如果我登录到外部Web应用程序,然后导航到内部Web应用程序中的页面,它会重定向到登录页面并
Forms authentication failed for the request. Reason: The ticket supplied was invalid.
写入Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Forms authentication failed for the request. Reason: The ticket supplied was invalid.
to the event log on the server. 到服务器上的事件日志。
How do I get the ASP.NET 2.0 Forms Auth ticket to be accepted by the inner ASP.NET 4.0 web app? 如何让内部ASP.NET 4.0 Web应用程序接受ASP.NET 2.0 Forms Auth票证?
Update : It works under HTTPS IIS 7.5, but not under HTTPS IIS 7.0. 更新 :它在HTTPS IIS 7.5下运行,但不在HTTPS IIS 7.0下运行。 Doing some more investigation.
做一些调查。
Update 2 : We have applied Server 2008 SP2 to the server along with the recent patch for the hash-collision DoS and since then the cookie sharing has worked. 更新2 :我们已将Server 2008 SP2与最近的哈希冲突DoS补丁一起应用到服务器,从那时起cookie共享就起作用了。
除了保持几乎所有上述值相同外,还需要在4.0应用程序的配置文件中设置machineKey
元素的compatibilityMode
属性:
<machineKey compatibilityMode="Framework20SP2" validationKey="THE_KEY" decryptionKey="ANOTHER_KEY" validation="SHA1" />
我假设你读过这个 - http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx - 也许从你的4.0应用程序中删除ticketCompatibilityMode属性,或者至少确保它们是相同的。
Add this appsetting to both web.config files: 将此appsetting添加到两个web.config文件中:
add key="aspnet:UseLegacyFormsAuthenticationTicketCompatibility" value="true" add key =“aspnet:UseLegacyFormsAuthenticationTicketCompatibility”value =“true”
You need to make sure both applications have the same encryption key in the web.config files 您需要确保两个应用程序在web.config文件中具有相同的加密密钥
<machineKey
validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
validation="SHA1" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.