仅在 IIS 7.5 经典模式下,IE 的表单身份验证失败
我认为是时候将其引入堆栈了。我们在 Windows Server 2008 上有 IIS 7.5(经典模式)和 .net 2.0。该应用程序是从 .net 1.1 升级的,不需要任何问题/更改。它是从 Server 2000 迁移而来的。一旦进入新家,表单身份验证对于 IE 用户来说就开始出现问题。 IE用户可以登录,到达成功登录的目标页面,该页面有一段文字、一个WebControlLibrary声音位(mp3)和一个asp按钮。单击按钮后,IE 用户将立即返回登录状态。它发生得如此之快,似乎没有回发,但 fiddler 说有回发,并显示它回发了两次,并混合了狡猾的 302 重定向。
在 fiddler 上,Firefox 没有显示 302,并且像 Chrome 一样工作正常。这也只发生在我们网络的外部,在 IE7/8 上,内部测试没问题。
我看到用户报告说 url 中的下划线可能会导致这种情况..没有。在 IIS 7.5 中混合身份验证模式可能会导致问题,我们使用经典模式。我已经看到用于调用按钮回发的 javascript 可能会导致此问题,我们在后面的代码中使用标准 .net 按钮 onclick 事件(仅检查页码,然后将响应重定向到应用程序中的下一页。
)已经在谷歌和必应(以及这里)上漫游了几天的大部分时间,但毫无结果。对于问题的含糊之处,我深表歉意。
编辑: 服务器名称中没有下划线。这是用户可见的过程。您登录后,登录页面会刷新并要求您验证您的身份。如果您同意,您将转到 instructions.aspx。当您点击“继续”时,此页面按钮将回发。 IE 在第一次继续单击时死掉,并注意 fiddler 中的奇怪内容...FF 很好,然后继续应用程序的其余部分。
IE 8
Result Protocol Host URL Body
200 HTTP CONNECT / 0
200 HTTPS xxxxxx.com / 12,354
200 HTTPS xxxxxx.com /login.aspx 8,139
302 HTTPS xxxxxx.com /login.aspx 137
200 HTTPS xxxxxx.com /instructions.aspx 6935
302 HTTPS xxxxxx.com / 131
302 HTTPS xxxxxx.com /logout.aspx 130
200 HTTPS xxxxxx.com /login.aspx 12,354
302 HTTPS xxxxxx.com /insturctions.aspx 167
200 HTTPS xxxxxx.com /login.aspx?ReturnUrl=&...
FireFox
Result Protocol Host URL Body
200 HTTP CONNECT / 0
200 HTTPS xxxxxx.com digicert.com 12,354
200 HTTPS xxxxxx.com /login.aspx 8,139
302 HTTPS xxxxxx.com /login.aspx 137
200 HTTPS xxxxxx.com /instructions.aspx 6935
200 HTTPS xxxxxx.com /images/xxx.jpg 47
200 HTTPS xxxxxx.com /images/xx2.jpg 46
200 HTTPS xxxxxx.com /instructions.aspx 12,354
200 HTTPS xxxxxx.com /images/xx3.jpg 49
Thought is was time to bring this to the Stack. We have IIS 7.5 (classic mode), .net 2.0 on Windows Server 2008. The app was upgraded from .net 1.1 with no issues/changes needed. It was migrated from Server 2000. Once in its new home, Forms Authentication started to hiccup for IE users. IE users can log in, arrive at the successful login destination page which has a paragraph of text, a WebControlLibrary sound bit (mp3) and an asp button. Upon button click, IE users are immediately sent back to login. It happens so fast, does not appear to postback, but fiddler says it does and shows it posts back twice with a sneaky 302 redirect mixed in.
On fiddler, Firefox shows no 302s and works fine as does Chrome. This only happens externally to our network as well, on IE7/8, internal testing is fine.
I have seen where users have reported that an underscore in the url can cause this..don't have one. Mixing authentication modes in IIS 7.5 can cause issues, we use classic mode. I have seen where javascript used to call the postback for the button can cause this, we use standard .net button onclick event in code behind (that simply checks a page number then does a response redirect to the next page in the app.)
I have roamed google and bing (and here) for the better part of a few days to no avail. I apologize for the vagueness of the question.
EDIT:
No underscores in server name. Here is the process as visible by a user. You Login, login page refreshes and asks you to verify you are who you say you are. If you say yes, you go to instructions.aspx. This pages buttons will postback as you hit "continue". IE dies on first conitnue click and note the odd stuff in fiddler...FF is fine and moves on to rest of app.
IE 8
Result Protocol Host URL Body
200 HTTP CONNECT / 0
200 HTTPS xxxxxx.com / 12,354
200 HTTPS xxxxxx.com /login.aspx 8,139
302 HTTPS xxxxxx.com /login.aspx 137
200 HTTPS xxxxxx.com /instructions.aspx 6935
302 HTTPS xxxxxx.com / 131
302 HTTPS xxxxxx.com /logout.aspx 130
200 HTTPS xxxxxx.com /login.aspx 12,354
302 HTTPS xxxxxx.com /insturctions.aspx 167
200 HTTPS xxxxxx.com /login.aspx?ReturnUrl=&...
FireFox
Result Protocol Host URL Body
200 HTTP CONNECT / 0
200 HTTPS xxxxxx.com digicert.com 12,354
200 HTTPS xxxxxx.com /login.aspx 8,139
302 HTTPS xxxxxx.com /login.aspx 137
200 HTTPS xxxxxx.com /instructions.aspx 6935
200 HTTPS xxxxxx.com /images/xxx.jpg 47
200 HTTPS xxxxxx.com /images/xx2.jpg 46
200 HTTPS xxxxxx.com /instructions.aspx 12,354
200 HTTPS xxxxxx.com /images/xx3.jpg 49
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
从 IE8 开始,表单标签属性“domain='domain.com'”似乎是必需的。找到了这个 blob 帖子持久 Cookies 在 IE8 和 Windows 7 中失败
这已经解决了基于初步测试的问题。
It appears that as of IE8, the forms tag attribute "domain='domain.com'" is required. Found this blob post Persistent Cookies Fail in IE8 and Windows 7
and this has solved the issue based on prelim testing.
_ 问题不是针对 URL...而是针对服务器名称。请您检查并确认是否不是这样?
还要安装 Fiddler (www.fiddlertool.com),并从 IE 浏览该网站。保存日志。立即清除日志...从 Chrome 浏览网站,然后再次保存。完成此练习后,检查并比较日志。
[如果您将按照 fiddler 建议保存的日志发送给我,我可以提供帮助]
The _ issue is not for the URL... it is for the server name. Can you please check and confirm if that's not the case?
Also install Fiddler (www.fiddlertool.com), and browse the site from IE. Save the logs. Clear the logs now... browse the site from Chrome, and save it again. Once done with this exercise, check and compare the logs.
[I can help if you send me the logs saved as suggested from fiddler]