经典ASP和ASP.NET之间的会话丢失 [英] Losing Session between Classic ASP and ASP.NET

问题描述

我工作的公司正在为我们的Intranet软件在传统的ASP程序和ASP.NET程序之间过渡.最终，所有内容都将用ASP.NET编写，但是由于时间限制，仍然有许多使用经典ASP的程序.

The company that I work for is making a transition between classic ASP programs and ASP.NET programs for our intranet software. Eventually, everything will be written in ASP.NET, but because of time constraints, there are still a number of programs that use classic ASP.

为弥补这一点，我们编写了一些功能，允许在经典ASP程序和ASP.NET程序之间进行重定向和自动登录.但是，我一直在看到关于保持ASP.NET软件的会话状态的问题.如果用户使用ASP.NET程序，则可以在经典的ASP程序中工作，然后返回该ASP.NET程序，通常情况下，用户对ASP.NET程序的身份验证仍然有效，但是用户的会话丢失，每当在程序中执行功能时都会导致错误.

To compensate we've written features that allow for redirects and autologins between classic ASP programs and ASP.NET programs. I've been starting to see a problem, though, with holding the session state for our ASP.NET software. If a user uses an ASP.NET program, then does work in a classic ASP program, then goes back to that ASP.NET program, often times, the user's authentication for the ASP.NET program is still in place, yet the user's session is lost, resulting in an error whenever a function is performed within the program.

我正在尝试捕获global.asax Session_End事件中会话状态的丢失，该事件会将用户重定向到登录页面，但这没有用.在用户在经典ASP和ASP.NET之间来回移动并丢失会话的情况下，还有其他人遇到过类似的问题吗?这甚至是我真正的问题吗?这是我唯一看到的问题.

I'm trying to capture the loss of the session state in global.asax's Session_End event, which would redirect the user to the login page, but that hasn't worked. Has anyone else faced a similar issue with users moving back and forth between classic ASP and ASP.NET and losing sessions? Is that even my real issue here? It's the only thing that I can see as being a problem.

编辑

这是我们的工作，用于将用户从经典的ASP页面重定向到ASP.NET页面.

This is what we do to redirect users to an ASP.NET page from a classic asp page.

我们根据用户ID和日期创建MD5哈希，然后通过查询字符串将其发送到redirect.aspx页面.从那里，aspx页面基于userId和日期创建自己的MD5，这两者都是通过查询字符串传递的.如果两个哈希相同，则对用户进行身份验证，然后加载程序.这是一个示例:

We create an MD5 hash based off of the userID and the date and send it to a redirect.aspx page via the query string. From there, the aspx page creates its own MD5 has based off of the userId and the date, both passed via the query string. If the 2 hashes are identical, the user is authenticated, and the program loads. Here is an example:

经典ASP:

strDate = Year(Now())  & right("0" & Month(Now()), 2) & right("0" & Day(Now()), 2)
key = MD5(SessionUserID & strDate)
Response.Redirect "/redirect.aspx?key="&key&"&lpid="&ProgramID&"&unum="&SessionUserNum&"&uid="&SessionUserID&"&gid="&SessionGroupID

Redirect.aspx:

Redirect.aspx:

string key = Request.QueryString["key"];
//SetDesignModeState Variables:
if (getMd5Hash(Request.QueryString["uid"] + DateTime.Today.ToString("yyyyMMdd")) == key)
{
    Session["SessionGroupID"] = Request.QueryString["gid"];
    Session["SessionUserNum"] = Request.QueryString["unum"];
    Session["SessionUserID"] = Request.QueryString["uid"];
    string appID = Request.QueryString["lpid"];
    FormsAuthentication.SetAuthCookie(Request.QueryString["uid"], false);
    //redirect to ASP.NET page...

推荐答案

我对您做了类似的事情:对从旧版ASP应用程序到ASP.NET站点的用户进行身份验证.会有所帮助的是，如果您可以提供一些设置过程的更多细节(可能是示例代码)，以设置从遗留应用程序到ASPX应用程序的用户的使用权限.

I've done a similar thing to you: authenticating users from a legacy ASP application to an ASP.NET site. What would help, is if you could provide a little more detail (sample code, perhaps) of the process you've setup to do this with users coming from the legacy app to the ASPX app.

为了给您一个简短的想法，在我的实现中，我做了以下操作:

To give you a brief idea, in my implementation I've done the following:

• 创建.ASPX页面
• .ASPX页面接受来自特定旧式ASP应用程序的HTTP POST值，仅 .
• 收到POST请求后，我将提取用户名/密码值，然后以常规方式继续进行身份验证.如果用户成功通过身份验证，我们将向用户发出FormsAuthentication cookie.

实际上，我的实现要复杂得多，使用数据库作为后备存储(因为两个应用程序共享一个公共数据源)，并且使用特定的数据库字段来存储从经典应用程序发送到.NET端进一步验证.NET应用程序接收到的请求是否有效.

In reality, my implementation is quite a bit more complicated, using the database as a backing store (as both apps share a common data source) and a particular database field to store a random code which is sent from the classic app to the .NET side to further verify that the request received by the .NET app is valid.

尝试手动设置身份验证Cookie.删除行:

Try manually setting your authentication cookie. Delete the line:

FormsAuthentication.SetAuthCookie(Request.QueryString["uid"], false); 

替换为:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                Request.QueryString["uid"],
                DateTime.Now,
                DateTime.Now.AddHours(24),
                false,
                null)

        string encryptedTicket = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);            
        HttpContext.Current.Response.Cookies.Add(cookie);

看看你如何处理吗?

这篇关于经典ASP和ASP.NET之间的会话丢失的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！