asp.net“记住我”不再使用表单身份验证
我有两个带有自行编写的会员提供程序的网站,它们托管在不同 Web 应用程序和不同应用程序池中同一 Web 的同一服务器上。
以前我遇到了问题,我无法同时登录两个网站。感谢 Remy 的 帖子,现在可以工作了,我必须将 name 属性添加到 forms 元素。
但现在我遇到了问题,asp 登录控件的“记住我”选项停止工作。用户在正常会话超时后注销。
web.config 文件中的身份验证属性如下所示:
<authentication mode="Forms" >
<forms loginUrl="~/UserMgmt/Login.aspx" timeout="400000" slidingExpiration="true" name="NameOfTheSite"/>
</authentication>
我还将表单身份验证的 cookie 名称设置为不同的名称。
我还需要添加其他内容才能使“记住我”功能发挥作用吗?
更新
我观察到,如果我禁用表单身份验证 cookie 的加密和验证,问题就消失了。如果我激活加密、验证或两者,则会重新出现问题。
我还知道,它与会话 cookie 名称无关(它们甚至可以相同)。也许这些信息可以帮助某人弄清楚发生了什么事?
更新1
感谢 Jason Kealey 解决了这个问题。我永远也找不到它。 同时我在msdn中找到了相应的信息。在 如何:在 ASP.NET 2.0 中配置 MachineKey 在“Web Farm 部署注意事项”部分中写道:
如果要将您的应用程序与同一服务器上的其他应用程序隔离,请将
I have two websites with self written membership providers that are hostet on the same server in the same Web in different web-applications and different application pools.
Formerly I had the problem, that I could not log on on both sites together. Thanks to Remy's post, this works now, I had to add the name-attribute to the forms element.
But now I have the problem that the remember-me option of the asp login-control stopped to work. The user is logged off after the normal session-timeout.
The authentication-attributes in the web.config file look as follows:
<authentication mode="Forms" >
<forms loginUrl="~/UserMgmt/Login.aspx" timeout="400000" slidingExpiration="true" name="NameOfTheSite"/>
</authentication>
Also have I set the cookie name for the forms authetication to different names.
Is there something else that I have to add, so that the remember-me feature works?
Update
I have observed that if I disable encryption and validation for the forms authentication-cookie, the problem is gone. If I either activate encryption, validation or both, the problem occurs newly.
I know also, that it's independent of the session-cookie names (they even could be identical). Maybe this information helps someone to figure out what's going on?
Update 1
Thanks to Jason Kealey for the solution to this problem. I would never had found it.
In the meantime I've found the corresponding information in msdn. In
How To: Configure MachineKey in ASP.NET 2.0
in the section "Web Farm Deployment Considerations" is written:
If you want to isolate your application from other applications on the same server, place the <machineKey> in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each application, but duplicate each application's keys across all servers in the farm.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
问题可能是您每次启动工作进程时都会自动生成验证密钥。该 cookie 已加密,但当您回来时,将使用新的服务器端密钥,因此您的 cookie 无法解密。
查看 machineKey 部分
http://msdn.microsoft.com/en-us/library/ff649308.aspx
这是将为您生成 machineKey 部分的内容
http://www.qualitydata.com/products/aspnet -membership/help/configuration/no-machinekey.aspx
The issue may be that you have validation keys that are automatically generated every time you launch the worker process. The cookie is encrypted, but when you come back a new server-side key is used and thus your cookie cannot be decrypted.
Check out the machineKey section
http://msdn.microsoft.com/en-us/library/ff649308.aspx
Here is something that will generate the machineKey section for you
http://www.qualitydata.com/products/aspnet-membership/help/configuration/no-machinekey.aspx
尝试设置域名以确保记住的cookie在所有情况下都设置正确
Try set the domain name to be sure that the cookie of the remember is set correctly in all cases
cookie 超时也受到 IIS 的限制,默认为 20 分钟之类的低值。
要更改此设置:
特性。
编辑配置。
价值。设置为30
天,输入
30:00:00。
The cookie timeout is also limited by IIS and defaults to something low like 20 min.
To change this:
properties.
Edit Configuration.
value. To set to 30
days, enter
30.00:00:00.