身份验证令牌在 ASP.NET Web 应用程序中无法正常工作
我已将网站转换为 Web 应用程序,但现在该应用程序出现了奇怪的行为。本质上,有 2 个网。一个网站是主要的、面向前端的网站,使用 ASP.NET 1.1 编写,但从 2.0 开始添加了会员功能。另一个是以前的网站,现在已发展成为网络应用程序。
似乎当我登录网站(项目 1)时,我正确地重定向到网络应用程序(项目 2)。但是,我点击的任何链接都会让我返回登录网站(项目 1)。机器密钥是相同的,并且所有表单身份验证属性都是相同的。
我已经多次停止 IIS 并删除临时文件夹中的文件,但仍然无法进行。非常令人沮丧。
这是我的 Web 应用程序的表单元素的示例:
<forms domain="beta.domain.com" name=".ASPXAUTH" loginUrl="http://beta.domain.com/" protection="All" timeout="600" path="/" requireSSL="true" slidingExpiration="true" defaultUrl="https://beta.domain.com/app/" enableCrossAppRedirects="true"/>
这是我的网站的表单元素的示例:
<forms name=".ASPXAUTH" enableCrossAppRedirects="true" timeout="600" defaultUrl="/QueryStringAuthenticate.aspx" loginUrl="/" protection="All" slidingExpiration="true" cookieless="UseDeviceProfile" domain="beta.domain.com" />
然后,我在这两个应用程序上指定了相同的计算机密钥值。网站中的 QueryStringAuthenticate.aspx 页面没有更改。它仍然执行与往常相同的操作(获取 cookie 名称 [.ASPXAUTH] 和 cookie 值 [身份验证令牌])。
I've converted a web site to a web application and am now experiencing a strange behavior with the application. Essentially, there are 2 webs. One web site is the main, front-facing site written in ASP.NET 1.1 but with the Membership piece added from 2.0. The other is a former web site now grown up to a web application.
It seems as though when I login to the web site (project 1), I get properly redirected to the web app (project 2) properly. However, any link I click on sends me back to login on the web site (project 1). The machine keys are the same and all of the forms authentication properties are the same.
I've stopped IIS several times and deleted the files in the temporary folder and still no go. Very frustrating.
Here is an example of my forms element for my web app:
<forms domain="beta.domain.com" name=".ASPXAUTH" loginUrl="http://beta.domain.com/" protection="All" timeout="600" path="/" requireSSL="true" slidingExpiration="true" defaultUrl="https://beta.domain.com/app/" enableCrossAppRedirects="true"/>
Here is an example of my forms element for the web site:
<forms name=".ASPXAUTH" enableCrossAppRedirects="true" timeout="600" defaultUrl="/QueryStringAuthenticate.aspx" loginUrl="/" protection="All" slidingExpiration="true" cookieless="UseDeviceProfile" domain="beta.domain.com" />
Then on both I have the same machine key value specified. The QueryStringAuthenticate.aspx page in the web site hasn't changed. It still does the same thing it always did (obtain the cookie name [.ASPXAUTH] and cookie value [authentication token]).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我终于明白了。它实际上与身份验证本身无关,而是与浏览器设置有关。显然,有人修改了我们的开发机器映像文件,以将站点添加到 HTTPS 的受信任站点中,但在没有 HTTPS 的情况下没有添加它。因此,IE 在某处断开了连接。添加带有和不带有 HTTPS 的条目或删除这些条目都解决了该问题。
I finally got it. It actually had nothing to do with the authentication itself, but rather the browser settings. Apparently, someone had modified our image file for dev machines to add the site in the trusted sites for HTTPS, but did not add it without the HTTPS. So, IE was dropping the connection somewhere. Either adding both with and without the HTTPS or removing those entries resolved the issue.