asp.net“记住我”不再使用表单身份验证

发布于 2024-10-12 08:36:50 字数 1212 浏览 9 评论 0原文

我有两个带有自行编写的会员提供程序的网站,它们托管在不同 Web 应用程序和不同应用程序池中同一 Web 的同一服务器上。

以前我遇到了问题,我无法同时登录两个网站。感谢 Remy 的 帖子,现在可以工作了,我必须将 name 属性添加到 forms 元素。
但现在我遇到了问题,asp 登录控件的“记住我”选项停止工作。用户在正常会话超时后注销。

web.config 文件中的身份验证属性如下所示:

<authentication mode="Forms" >
  <forms loginUrl="~/UserMgmt/Login.aspx" timeout="400000" slidingExpiration="true" name="NameOfTheSite"/>
</authentication>

我还将表单身份验证的 cookie 名称设置为不同的名称。

我还需要添加其他内容才能使“记住我”功能发挥作用吗?

更新
我观察到,如果我禁用表单身份验证 cookie 的加密和验证,问题就消失了。如果我激活加密、验证或两者,则会重新出现问题。
我还知道,它与会话 cookie 名称无关(它们甚至可以相同)。也许这些信息可以帮助某人弄清楚发生了什么事?

更新1
感谢 Jason Kealey 解决了这个问题。我永远也找不到它。 同时我在msdn中找到了相应的信息。在 如何:在 ASP.NET 2.0 中配置 MachineKey 在“Web Farm 部署注意事项”部分中写道:

如果要将您的应用程序与同一服务器上的其他应用程序隔离,请将 放在 Web.config 文件中场中每台服务器上的每个应用程序。确保为每个应用程序使用单独的密钥值,但在场中的所有服务器上复制每个应用程序的密钥。

I have two websites with self written membership providers that are hostet on the same server in the same Web in different web-applications and different application pools.

Formerly I had the problem, that I could not log on on both sites together. Thanks to Remy's post, this works now, I had to add the name-attribute to the forms element.
But now I have the problem that the remember-me option of the asp login-control stopped to work. The user is logged off after the normal session-timeout.

The authentication-attributes in the web.config file look as follows:

<authentication mode="Forms" >
  <forms loginUrl="~/UserMgmt/Login.aspx" timeout="400000" slidingExpiration="true" name="NameOfTheSite"/>
</authentication>

Also have I set the cookie name for the forms authetication to different names.

Is there something else that I have to add, so that the remember-me feature works?

Update
I have observed that if I disable encryption and validation for the forms authentication-cookie, the problem is gone. If I either activate encryption, validation or both, the problem occurs newly.
I know also, that it's independent of the session-cookie names (they even could be identical). Maybe this information helps someone to figure out what's going on?

Update 1
Thanks to Jason Kealey for the solution to this problem. I would never had found it.
In the meantime I've found the corresponding information in msdn. In
How To: Configure MachineKey in ASP.NET 2.0
in the section "Web Farm Deployment Considerations" is written:

If you want to isolate your application from other applications on the same server, place the <machineKey> in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each application, but duplicate each application's keys across all servers in the farm.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

黑凤梨 2024-10-19 08:36:50

问题可能是您每次启动工作进程时都会自动生成验证密钥。该 cookie 已加密,但当您回来时,将使用新的服务器端密钥,因此您的 cookie 无法解密。

查看 machineKey 部分
http://msdn.microsoft.com/en-us/library/ff649308.aspx

这是将为您生成 machineKey 部分的内容
http://www.qualitydata.com/products/aspnet -membership/help/configuration/no-machinekey.aspx

The issue may be that you have validation keys that are automatically generated every time you launch the worker process. The cookie is encrypted, but when you come back a new server-side key is used and thus your cookie cannot be decrypted.

Check out the machineKey section
http://msdn.microsoft.com/en-us/library/ff649308.aspx

Here is something that will generate the machineKey section for you
http://www.qualitydata.com/products/aspnet-membership/help/configuration/no-machinekey.aspx

燕归巢 2024-10-19 08:36:50

尝试设置域名以确保记住的cookie在所有情况下都设置正确

<forms  path="/" domain="nameof.com" ...the rest

Try set the domain name to be sure that the cookie of the remember is set correctly in all cases

<forms  path="/" domain="nameof.com" ...the rest
若相惜即相离 2024-10-19 08:36:50

cookie 超时也受到 IIS 的限制,默认为 20 分钟之类的低值。
要更改此设置:

  1. 打开 IIS 管理器。
  2. 右键单击您的网站并选择
    特性。
  3. 选择 ASP.NET 选项卡并单击
    编辑配置。
  4. 选择身份验证选项卡。
  5. 选择启用滑动到期。
  6. 将 Cookie 超时时间设置得更长
    价值。设置为30
    天,输入
    30:00:00。
  7. 单击“确定”并退出 IIS 管理器。

在此处输入图像描述

The cookie timeout is also limited by IIS and defaults to something low like 20 min.
To change this:

  1. Open IIS Manager.
  2. Right click your site and select
    properties.
  3. Select the ASP.NET tab and click
    Edit Configuration.
  4. Select the Authentication tab.
  5. Select Enable sliding expiration.
  6. Set the Cookie timeout to a longer
    value. To set to 30
    days, enter
    30.00:00:00.
  7. Click OK and exit IIS manager.

enter image description here

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文