asp.net mvc自定义成员资格提供程序-严格登录到一个应用程序的缓存 [英] asp.net mvc custom membership provider - strict login cache to one application

问题描述

我为asp.net mvc应用程序创建了自定义成员资格提供程序，除以下几点外，其他所有方法都工作正常:
登录到我的应用程序时，我还登录到了使用Visual Studio运行的所有其他asp.net mvc应用程序.我认为此数据是从缓存中提取的，因为当我注销并尝试在其他应用程序中再次登录时，我被拒绝了.

I created custom membership provider for asp.net mvc applications and it all works fine except one thing:
when logged in to my application, I am also logged in to all other asp.net mvc applications that I run using Visual Studio. I suppose this data is being pulled from cache because when I logout and try to login again in other application, I'm being rejected.

在webconfig中，我添加了applicationName来解决此问题，但这没用:

In webconfig, I added applicationName in order to solve this but it didn't work:

<membership defaultProvider="SAMembershipProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear/>
        <add
          name="SAMembershipProvider"
          type="ShinyAnt.Membership.SAMembershipProvider, ShinyAnt"
          connectionStringName ="ShinyAntConnectionString"
          applicationName="MyApp"
          />
      </providers>
    </membership>

    <roleManager defaultProvider="SARoleProvider" enabled="true" cacheRolesInCookie="true">
      <providers>
        <clear/>
        <add
          name="SARoleProvider"
          type="ShinyAnt.Membership.SARoleProvider"
          connectionStringName ="ShinyAntConnectionString"
          applicationName="MyApp"
          />
      </providers>
    </roleManager>

我有没有忘记执行的解决该问题的方法?或者是其他什么方法?

Is there any method that I forgot to implement that is dealing with this problem or it is something else?

推荐答案

对于您来说可能有点晚了，但是也许其他访问此页面的人可能会觉得有用.

It's probably a bit late for you, but maybe other people reaching this page may find this useful.

默认情况下，表单身份验证使用浏览器cookie来保存您的身份验证状态，并且它们的作用域(和限制)在(子)域级别(可能是

By default, forms authentication uses a browser cookie to save your authentication state, and they are scoped (and restricted) to a (sub)domain level (probably http://localhost/ in your case?).

这意味着每个应用程序都在本地主机"域根目录下运行( http://localhost/App1 ， http://localhost/App2 )可以访问相同的身份验证Cookie.

This means that every application running under the 'localhost' domain root ( http://localhost/App1, http://localhost/App2) has access to the same authentication cookies.

通过在web.config中为每个应用程序指定不同的cookie名称，您也许可以解决此问题:

you might be able to work around this issue by specifying a different cookie name per application in the web.config:

<authentication mode="Forms">
  <forms name="[cookie name]"></forms>
</authentication>

希望这对您有帮助...

Hope this helps...

这篇关于asp.net mvc自定义成员资格提供程序-严格登录到一个应用程序的缓存的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！