FormsAuthentication:用户数据丢失(但在 Cookie 中)
- Asp.Net MVC 3
- FormsAuthentication(自定义)
- iPad MobileSafari
- iframe(同一域)
在与 formsTicket.UserData 无法与 MobileSafari(仅限 MoblieSafari)一起使用之后,我发现, httpContext.User.Identity.Ticket.UserData 是空(在 MobileSafari 中,而不是其他)并且原始 FormsAuthentication HttpCookie 包含正确的值?!?
怎么可能?!
代码:
public void UpdateContext()
{
if (httpContext.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)httpContext.User.Identity;
// Create a custom Principal Instance and assign to Current User (with caching)
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
var cookieUserData = ticket.UserData; // not empty
var httpContextIdentiyUserData = id.Ticket.UserData; // empty!
...
}
}
任何线索都会有帮助!
LG
Warappa
PS:如果重要的话,我会在 iframe 中使用我网站的页面 - 相同的域。
- Asp.Net MVC 3
- FormsAuthentication (custom)
- iPad MobileSafari
- iframe (same domain)
After struggling with formsTicket.UserData not working with MobileSafari (ONLY MoblieSafari), I found out, that httpContext.User.Identity.Ticket.UserData is empty (in MobileSafari, not the others) and the original FormsAuthentication HttpCookie contains the right values?!?
How can that be?!
Code:
public void UpdateContext()
{
if (httpContext.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)httpContext.User.Identity;
// Create a custom Principal Instance and assign to Current User (with caching)
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
var cookieUserData = ticket.UserData; // not empty
var httpContextIdentiyUserData = id.Ticket.UserData; // empty!
...
}
}
Any clue would be helpful!
Lg
Warappa
PS: If it matters, I use a page of my website in an iframe - same domain.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
所以问题如下:
当我注销并访问执行
history.back()的页面时,出现此错误。使用 Fiddler 查看流量,我发现 Asp.Net 使用 cookieless 身份验证模式,因此身份验证为 编码到 url 中。现在,当发生
history.back()时,该 url 指向注销 url,其中现在无效的身份验证信息...令人讨厌的错误在我身边。强制 Asp.Net 使用 cookies 就成功了!
Lg
瓦拉帕
So the issue was the following:
This error arose when I logged out and accessed a page that did a
history.back().Looking at the traffic with Fiddler I saw, that Asp.Net used the cookieless authentication mode, so the authentication was encoded into the url. Now, when the
history.back()occurred, the url pointed to the Logout url with the now invalid authentication information... nasty bug at my side.Forcing Asp.Net to use cookies did the trick!
Lg
warappa