共享表单身份验证Cookie在子域上不起作用 [英] Shared Forms Auth cookie not working on subdomain

问题描述

我有一个域www.foo.com和一个子域www.bar.foo.com.用户从www.foo.com登录并被重定向到www.bar.foo.com.子域中的站点是一个不同的网站，即使在后续对主域和子域的请求中正确传递了Cookie，子域上的身份验证也无法正常工作.

I have a domain www.foo.com and sub domain www.bar.foo.com. A user logs in at www.foo.com and is redirected to www.bar.foo.com. The site at the sub domain is a different website, and even though the cookie is being passed across correctly in the subsequent requests to both the primary and sub domain, the authentication on the sub domain isn't working.

两个站点共享相同的机器密钥信息，并且两个站点的Web配置配置为:

Both sites share the same machine key information and the web config for the two sites are configured as:

www.foo.com:

www.foo.com:

<authentication mode="Forms">
  <forms timeout="120" protection="All" slidingExpiration="true" name=".authcookie" domain=".foo.com" />
</authentication>

www.bar.foo.com:

www.bar.foo.com:

<authentication mode="Forms">
  <forms loginUrl="http://www.foo.com" timeout="120" protection="All" slidingExpiration="true" name=".authcookie" domain=".foo.com"/>
</authentication>

如您所见，cookie名称设置正确，并且我在提琴手中确认，cookie是在对两个域的所有请求上都正确发送的，但是在服务器端www.bar.foo.com上，请求不是已验证.除了Cookie名称和机器密钥外，是否还需要设置其他内容以允许子域上的两个站点共享身份验证Cookie?

as you can see the cookie name is set correctly and I have confirmed in fiddler that the cookie is being sent correctly on all requests to both domains, but on the server side at www.bar.foo.com the request is not authenticated. Apart from the cookie name and the machine keys is there anything else that needs to be set to allow two sites on sub domains to share an auth cookie?

编辑-在Windows事件日志中找到:

Edit - Found in the windows event logs:

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. 
Event time: 19/02/2015 15:25:34 
Event time (UTC): 19/02/2015 15:25:34 
Event ID: 96e946d72f6b4fd3b5748e985aee7c50 
Event sequence: 27 
Event occurrence: 9 
Event detail code: 50201 

这意味着票证加密存在问题

This implies it is a problem with the ticket encryption

我忘了提及，目前它仍处于开发阶段，因此即使它们是两个不同的网站，它们都托管在我的本地计算机上

Edit 2: I forgot to mention, at the moment this is still in dev, so even though they are two different websites they are both hosted on my local machine

更新:我已经尝试过重新生成机器密钥，因为这显然已解决了某些用户的问题，但对我来说并不高兴

Update: I Have tried regenerating the machine keys as that has apparently fixed the issue for some users, but no joy for me

推荐答案

之所以引起此问题，是因为在子域指向的项目的Web配置中，http运行时版本的设置不同.我删除了该行:

The problem was caused because the http runtime version was set differently in the web config for the project that the sub domain points to. I removed the line:

<httpRuntime targetFramework="4.5.1" />

通过网络配置完成了任务

from the web config and that did the job

这篇关于共享表单身份验证Cookie在子域上不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！