ASP.NET 会员 API 无法在 Win2008 服务器/IIS7 上运行

发布于 2024-09-04 03:48:29 字数 3762 浏览 2 评论 0原文

我有一个非常奇怪的问题。我有一个使用 .NET Membership API 提供登录功能的 Web 应用程序。

这在我的本地开发计算机上使用 WebDev 4.0 服务器运行良好。

我使用 .NET 4.0 进行一些 URL 重写，但不在需要登录的页面上使用。

我有一个带有 IIS7 的 Windows Server 2008

但是，Membership API 似乎无法在服务器上运行。我已经设置了远程调试，并且 LoginUser 控件的 LoginUser.LoggedIn 事件正常触发，但 MembershipUser 为空。我没有得到关于用户名/密码无效的答案，因此它似乎正在识别它。

如果我输入无效的用户名/密码，我会收到无效的用户名/密码响应。

一些代码，如果有帮助的话：

<asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="validation-error-list" ValidationGroup="LoginUserValidationGroup"/>
<div class="accountInfo">
    <fieldset class="login">
        <legend>Account Information</legend>
        <p>
            <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
            <asp:TextBox ID="UserName" runat="server" CssClass="textEntry"></asp:TextBox>
            <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" 
                 CssClass="validation-error" Display="Dynamic" ErrorMessage="User Name is required." ToolTip="User Name is required." 
                 ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
        </p>
        <p>
            <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
            <asp:TextBox ID="Password" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
            <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" 
                 CssClass="validation-error" Display="Dynamic" ErrorMessage="Password is required." ToolTip="Password is required." 
                 ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
        </p>
        <p>
            <asp:CheckBox ID="RememberMe" runat="server"/>
            <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
        </p>
    </fieldset>
    <p class="login-action">
        <asp:Button ID="LoginButton" runat="server" CommandName="Login" CssClass="submitButton" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
    </p>
</div>

以及背后的代码：

protected void Page_Load(object sender, EventArgs e)
{
    LoginUser.LoginError += new EventHandler(LoginUser_LoginError);
    LoginUser.LoggedIn += new EventHandler(LoginUser_LoggedIn);
}

void LoginUser_LoggedIn(object sender, EventArgs e)
{
    // this code gets run so it appears logins work
    Roles.DeleteCookie(); // this behaviour has been removed for testing - no difference
}

void LoginUser_LoginError(object sender, EventArgs e)
{
    HtmlGenericControl htmlGenericControl = LoginUser.FindControl("errorMessageSpan") as HtmlGenericControl;
    if (htmlGenericControl != null) htmlGenericControl.Visible = true;
}

我“摆弄”了登录表单响应，我得到以下 Cookie-Set 标头：

Set-Cookie: ASP.NET_SessionId=lpyyiyjw45jjtuav1gdu4jmg; path=/; HttpOnly
Set-Cookie: .ASPXAUTH=A7AE08E071DD20872D6BBBAD9167A709DEE55B352283A7F91E1066FFB1529E5C61FCEDC86E558CEA1A837E79640BE88D1F65F14FA8434AA86407DA3AEED575E0649A1AC319752FBCD39B2A4669B0F869; path=/; HttpOnly
Set-Cookie: .ASPXROLES=; expires=Mon, 11-Oct-1999 23:00:00 GMT; path=/; HttpOnly

我不知道这里有什么用，因为它显然是加密的，但我发现.APXROLES cookie 没有任何有趣的价值。貌似注册cookie失败，但是认证通过了。

更新：

已在经典和集成模式下尝试过：相同的行为
ASP.NET 用户网络服务（NT AUTHORITY/NETWORK SERVICE）的成员资格为所有 aspnet_* 角色。

原文

I have a very odd problem. I have a web app that uses the .NET Membership API to provide login functionality.

This works fine on my local dev machine, using WebDev 4.0 server.

I'm using .NET 4.0 with some URL Rewriting, but not on the pages where login is required.

I have a Windows Server 2008 with IIS7

However, the Membership API seemingly does not work on the server. I have set up remote debugging and the LoginUser.LoggedIn event of the LoginUser control gets fired okay, but the MembershipUser is null. I get no answer about the username/password being invalid so it seems to be recognising it.

If I enter an invalid username/password, I get an invalid username/password response.

Some code, if it helps:

<asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="validation-error-list" ValidationGroup="LoginUserValidationGroup"/>
<div class="accountInfo">
    <fieldset class="login">
        <legend>Account Information</legend>
        <p>
            <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
            <asp:TextBox ID="UserName" runat="server" CssClass="textEntry"></asp:TextBox>
            <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" 
                 CssClass="validation-error" Display="Dynamic" ErrorMessage="User Name is required." ToolTip="User Name is required." 
                 ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
        </p>
        <p>
            <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
            <asp:TextBox ID="Password" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
            <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" 
                 CssClass="validation-error" Display="Dynamic" ErrorMessage="Password is required." ToolTip="Password is required." 
                 ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
        </p>
        <p>
            <asp:CheckBox ID="RememberMe" runat="server"/>
            <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
        </p>
    </fieldset>
    <p class="login-action">
        <asp:Button ID="LoginButton" runat="server" CommandName="Login" CssClass="submitButton" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
    </p>
</div>

and the code behind:

protected void Page_Load(object sender, EventArgs e)
{
    LoginUser.LoginError += new EventHandler(LoginUser_LoginError);
    LoginUser.LoggedIn += new EventHandler(LoginUser_LoggedIn);
}

void LoginUser_LoggedIn(object sender, EventArgs e)
{
    // this code gets run so it appears logins work
    Roles.DeleteCookie(); // this behaviour has been removed for testing - no difference
}

void LoginUser_LoginError(object sender, EventArgs e)
{
    HtmlGenericControl htmlGenericControl = LoginUser.FindControl("errorMessageSpan") as HtmlGenericControl;
    if (htmlGenericControl != null) htmlGenericControl.Visible = true;
}

I have "Fiddled" with the Login form reponse and I get the following Cookie-Set headers:

Set-Cookie: ASP.NET_SessionId=lpyyiyjw45jjtuav1gdu4jmg; path=/; HttpOnly
Set-Cookie: .ASPXAUTH=A7AE08E071DD20872D6BBBAD9167A709DEE55B352283A7F91E1066FFB1529E5C61FCEDC86E558CEA1A837E79640BE88D1F65F14FA8434AA86407DA3AEED575E0649A1AC319752FBCD39B2A4669B0F869; path=/; HttpOnly
Set-Cookie: .ASPXROLES=; expires=Mon, 11-Oct-1999 23:00:00 GMT; path=/; HttpOnly

I don't know what is useful here because it is obviously encrypted but I find the .APXROLES cookie having no value interesting. It seems to fail to register the cookie, but passes authentication.

Updates:

Have tried in Classic and Integrated mode: the same behavior
ASP.NET user NETWORK SERVICE (NT AUTHORITY/NETWORK SERVICE) has membership of all the aspnet_* roles.

分享到QQ

分享到微博