为什么 ASP.NET FormsAuthentication cookie 无法验证用户身份?
我有一个使用默认 SqlMembershipProvider 和 FormsAuthentication 的网站。我可以使用内置的登录控件和/或以编程方式调用所有方法来对用户进行身份验证并获得相同的结果 - 用户已通过身份验证并创建了 cookie,但 cookie 似乎无效,因为我不能'不进入任何需要身份验证的页面。
没有真正的代码可显示默认登录控件,因为它应该只是“工作”,但这是我尝试过的自定义代码:
protected void ctrlLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
if (Membership.ValidateUser(ctrlLogin.UserName, ctrlLogin.Password))
{
FormsAuthentication.RedirectFromLoginPage(ctrlLogin.UserName, ctrlLogin.RememberMeSet);
/*
* I also tried this:
FormsAuthentication.SetAuthCookie(ctrlLogin.UserName, ctrlLogin.RememberMeSet);
if (!String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
Response.Redirect(Request.QueryString["ReturnUrl"]);
Response.Redirect("/index.aspx");
*/
}
else
{
ctrlLogin.FailureText = "Invalid Username/Password Combination";
}
}
使用此代码,Membership.ValidateUser() 成功,并且都 < strong>FormsAuthentication.RedirectFromLoginPage() 和 FormsAuthentication.RedirectFromLoginPage() 成功设置了 cookie - 该 cookie 无法验证我的身份验证。我通过删除所有 cookie 并观察它们使用 FireCookie 再次创建来确认了这一点。 cookie 名称与我在 web.config 中的名称相匹配,域为“/”,并且到期日期符合预期(见下文)。
以下是我的 web.config 的相关部分:
<authentication mode="Forms">
<forms loginUrl="~/login/index.aspx" name=".SoeAuth" protection="All"
slidingExpiration="true" timeout="525599" domain=""></forms>
</authentication>
<membership defaultProvider="SqlMembershipProvider">
<providers>
<add connectionStringName="[MY_CS]" applicationName="[MY_APPNAME]"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
enablePasswordReset="true" passwordFormat="Hashed" requiresUniqueEmail="true"
name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
requiresQuestionAndAnswer="false"/>
</providers>
</membership>
应该注意的是,我还根据 这里有一个非常相似的问题(这没有解决我的问题)。另外,作为参考,对于我的持久性 cookie,上面的 timeout=525599 比一年少了 1 分钟。
I have a site that uses the default SqlMembershipProvider and FormsAuthentication. I can use the built-in Login Controls and/or programmatically call all the methods to authenticate a user and get the same result - the user is authenticated and a cookie is created, but the cookie does not appear to be valid since I can't get into any page that requires authentication.
There is no real code to show for the default Login Control since it should just "work", but here is the custom code I tried:
protected void ctrlLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
if (Membership.ValidateUser(ctrlLogin.UserName, ctrlLogin.Password))
{
FormsAuthentication.RedirectFromLoginPage(ctrlLogin.UserName, ctrlLogin.RememberMeSet);
/*
* I also tried this:
FormsAuthentication.SetAuthCookie(ctrlLogin.UserName, ctrlLogin.RememberMeSet);
if (!String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
Response.Redirect(Request.QueryString["ReturnUrl"]);
Response.Redirect("/index.aspx");
*/
}
else
{
ctrlLogin.FailureText = "Invalid Username/Password Combination";
}
}
With this code, Membership.ValidateUser() succeeds, and both FormsAuthentication.RedirectFromLoginPage() and FormsAuthentication.RedirectFromLoginPage() successfully set a cookie - that cookie just doesn't work to verify my authentication. I have confirmed this by deleting all my cookies and watching them get created again with FireCookie. The cookie name matches what I have in my web.config, the domain is "/", and the expiration date is as expected (see below).
Here are the relevant sections of my web.config:
<authentication mode="Forms">
<forms loginUrl="~/login/index.aspx" name=".SoeAuth" protection="All"
slidingExpiration="true" timeout="525599" domain=""></forms>
</authentication>
<membership defaultProvider="SqlMembershipProvider">
<providers>
<add connectionStringName="[MY_CS]" applicationName="[MY_APPNAME]"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
enablePasswordReset="true" passwordFormat="Hashed" requiresUniqueEmail="true"
name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
requiresQuestionAndAnswer="false"/>
</providers>
</membership>
It should be noted that I also added a machineKey entry in my web.config file based on a suggestion from a very similar question here (which didn't solve my problem). Also, for reference, the timeout=525599 above is 1 minute less than a year for my persistent cookies.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我发现了问题:
由于我能够使用完全相同的源代码创建一个简单的工作测试项目,因此我确定问题出在 web.config 文件中。
浏览每个部分,我发现在
'system.web / httpModules'部分中有一个当我尝试使用 FormsAuthentication 方法并且该模块甚至没有加载时收到错误消息肯定会很高兴......
I found the problem:
Since I was able to create a simple working test project with the exact same source code, I determined that the problem was in the web.config file.
Going through each section, I discovered in the
'system.web / httpModules'section I had a<clear/>element. This removed the<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>module defined in machine-level web.config file. Adding it back in instantly fixed the problem.It sure would have been nice to get an error message when I tried to use the FormsAuthentication methods and that module wasn't even loaded...