当前位置: 文江博客话题详情

如何在 ASP.NET 运行时更改 FormsCookieName

发布于 2024-07-08 13:45:25 字数 448 浏览 7 评论 0原文

我们希望根据应用程序实例更改 FormsCookiePath 的 FormsCookieName。 我们有一个应用程序,在 1 个服务器/域名上有多个实例。 因此,我们只能同时在 1 个应用程序中工作,因为 cookie 会互相覆盖。 顺便说一句,会话也是如此。

有没有办法动态地(例如在 Global.asax Application_Start 中)更改此名称? 这很有用,因为我们在每个应用程序中保留一个许可证名称,可以用作 CookieName 的基础。

我们已经使用 Web.config 和额外文件来覆盖外部文件中的 Web.config 值,使用:

但这需要手动操作,可以由于可以从数据库中检索设置,因此会被遗忘并且是多余的。

谢谢。

原文

We would like to have the FormsCookieName of FormsCookiePath change per instance of our application. We have an application which has multiple instances on 1 server/domainname. Because of this we can only work in 1 application at the same time, since the cookies will overwrite eachother. Same for the Sessions btw.

Is there a way to dynamicly, for example in the Global.asax Application_Start, change this name? This would be usefull as we keep a license name in each application which could be used as the basis for the CookieName.

We already work with Web.config and extra files to overwrite Web.config values in external files using: <appSettings file="Web.AppSettings.Config">

But this requires manual actions which can be forgotten and are redundant since the settings can be retrieved from the database.

Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

冷默言语 2024-07-15 13:45:26

根据 MSDN,FormsAuthentication存储 cookie 名称的 .FormsCookieName 属性是只读属性。 该属性必须从 web.config 中读取。

每个实例在 web.config 中都需要一个单独的名称。 我建议将身份验证 cookie 的名称包含在您现有的变更管理系统中。

According to MSDN, the FormsAuthentication.FormsCookieName property that stores the cookie name is a read-only property. This property must be read from the web.config.

Each instance will need a separate name in the web.config. I suggest including the name of the authentication cookie in your existing change management system.

回复 原文
醉酒的小男人 2024-07-15 13:45:25

我有类似的情况,我做了以下事情。 在 Application_Start 中,我检查了我的 cookie 名称是否需要更改。 在对所有应用程序进行新部署(其中所有应用程序都具有相同的 web.config)后,就会发生这种情况。


protected void Application_Start(object sender, EventArgs e)
{
  // determine unique cookie name per application
  string cookieName = ...
  // Get the web.config forms settings
  Configuration c = WebConfigurationManager.OpenWebConfiguration("~");
  AuthenticationSection auth = c.GetSection("system.web/authentication") 
        as AuthenticationSection;
  // See if we have mismatch in web.config or in Forms cookiename
  if (auth != null && auth.Forms != null && 
       (auth.Forms.Name != cookieName 
          || FormsAuthentication.FormsCookieName != cookieName
       )
     )
  {
     // Assign value in web.config for future restarts
     auth.Forms.Name = cookieName;
     // would be nice if this restarted the app, but it doesn't appear to
     c.Save();
     // This seems to restart the app
     System.Web.HttpRuntime.UnloadAppDomain();
  }
  ...
}

web.config 在应用程序启动时修改,然后重新启动 Web 应用程序。 下次启动 Web 应用程序时,Cookie 名称会同步,并且会跳过重置代码。

I had similar situation, I did the following. In the Application_Start, I checked to see if my cookie name needed change. This would occur after a new deployment for all applications where I have the same web.config for all.


protected void Application_Start(object sender, EventArgs e)
{
  // determine unique cookie name per application
  string cookieName = ...
  // Get the web.config forms settings
  Configuration c = WebConfigurationManager.OpenWebConfiguration("~");
  AuthenticationSection auth = c.GetSection("system.web/authentication") 
        as AuthenticationSection;
  // See if we have mismatch in web.config or in Forms cookiename
  if (auth != null && auth.Forms != null && 
       (auth.Forms.Name != cookieName 
          || FormsAuthentication.FormsCookieName != cookieName
       )
     )
  {
     // Assign value in web.config for future restarts
     auth.Forms.Name = cookieName;
     // would be nice if this restarted the app, but it doesn't appear to
     c.Save();
     // This seems to restart the app
     System.Web.HttpRuntime.UnloadAppDomain();
  }
  ...
}

The web.config is modified on the application start and then the web app is restarted. Next time the web app comes up, cookie names are in sync and the reset code is skipped.

回复 原文
回梦 2024-07-15 13:45:25

这几天我一直在与 Cookie 作斗争。 这是一次很棒的学习经历。

所以想分享我发现和使用的可能方法。 发现: 有几个 HACK 可以修改表单身份验证 Cookie 名称:

  1. 您可以在 Global.asax 中的 Application_Start 事件中的 Web.Config 文件的 Authenticaiton 部分下自动修改 Cookie 名称。 感谢 Ron 分享此内容。 但我无法保证其身份将用于运行应用程序域的用户是否有足够的权限来修改磁盘上的文件。 因此我需要一个临时解决方案,因此我设计了以下方案。

  2. 感谢 ILSpy 让我了解 FormsAuthentication 类的内部情况,也非常感谢 Reflection 让我修改类的私有字段。 我使用下面的代码在运行时修改 cookie 名称,并使用下面的一小段代码,这就像一个魅力!

    protected void Application_Start(Object sender, EventArgs e)
    {
        // This will enforce that FormsAuthentication class is loaded from configuration settings for the application.
        FormsAuthentication.Initialize();

        // The new cookie name whatever you need can go here, I needed some value from my application setting to be prefixed so I used it.
        string newCookieName = string.Format("{0}.ASPXAUTH", ConfigurationManager.AppSettings["SomeSettingThatIsUniquetoSite"]);

        // Modifying underlying baking field that points to FormsAuthentication.FormsCookieName         
        Type type = typeof(FormsAuthentication);
        System.Reflection.FieldInfo field = type.GetField("_FormsName", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static);
        field.SetValue(null, newCookieName);
    }

建议,漏洞,因为这是我在这个论坛上的第一个答案。

I have been struggling with Cookies with quite a few days. It has been an awesome learning experience.

So wanted to share the possible ways I found & discovered: There are several HACKs to modify Forms Authentication Cookie name:

  1. You can automate the modification of cookie name under Authenticaiton secion of Web.Config file in Application_Start event in Global.asax. Thanks to Ron for sharing this. But I could not guarantee that the user whose identity would be used to run application domain have enough privileges to modify the file on disk or not. Hence I needed an improvised solution, so I devised following.

  2. Thanks to ILSpy for letting me see inside the FormsAuthentication class, and many thanks to Reflection to let me modify the private field of a class. I used following code to modify the cookie name on run-time with following small piece of code and this worked like a charm !!!

    protected void Application_Start(Object sender, EventArgs e)
    {
        // This will enforce that FormsAuthentication class is loaded from configuration settings for the application.
        FormsAuthentication.Initialize();

        // The new cookie name whatever you need can go here, I needed some value from my application setting to be prefixed so I used it.
        string newCookieName = string.Format("{0}.ASPXAUTH", ConfigurationManager.AppSettings["SomeSettingThatIsUniquetoSite"]);

        // Modifying underlying baking field that points to FormsAuthentication.FormsCookieName         
        Type type = typeof(FormsAuthentication);
        System.Reflection.FieldInfo field = type.GetField("_FormsName", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static);
        field.SetValue(null, newCookieName);
    }

Suggestions, loopholes are requested as this is my first answer on this forum.

回复 原文
~没有更多了~

关于作者

如此安好

暂无简介

0 文章
0 评论
588 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

玍銹的英雄夢

文章 0 评论 0

我不会写诗

文章 0 评论 0

十六岁半

文章 0 评论 0

浸婚纱

文章 0 评论 0

qq_kJ6XkX

文章 0 评论 0

旧伤还要旧人安

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文