应用程序停止生成登录cookie [英] Application stops generating login cookies
问题描述
我一直在寻找答案,但这个问题似乎很复杂,我很难找到答案。
I've been searching for an answer to this for a while but the problem seems quite complex and I'm struggling to find an answer.
我是一名为初创公司工作的初学软件开发人员,刚刚完成了第一个版本系统供多个用户使用。本地测试软件没有问题,但自从将软件发布到iis上的Windows 2012服务器后,我发现登录系统存在一个主要问题。
I'm a beginner software developer working for a start up company and have just completed the first version system for use by multiple users. Locally Testing the software had no problems, but since publishing the software to a windows 2012 server on iis I have found a major problem with the Login system.
当程序上传时,多个用户可以登录并使用该程序没有任何问题,但是(看似)随机登录系统完全停止在所有计算机上运行目前正在退出。登录的用户可以注销并使用他们的帐户或任何其他帐户重新登录,但此时已注销的用户将无法访问系统。
When the program is uploaded initially multiple users can log in and use the program with no problems, however (seemingly) at random the login system completely stops functioning on all computers that are currently logged out. Those who are logged in can logout and log back in with their account or any other, but those who were logged out at this moment complete lose access to the system.
在Chrome上使用开发者工具时,似乎所有这些计算机完全停止生成登录时创建的cookie,只是重定向回登录屏幕。
When using the developer tools on Chrome it appears that all these computers completely stop generating the cookie created when logging in and just redirect back to the login screen.
系统仍会识别不正确的登录,每次上传程序时都会在不同的计算机上发生。
The systems still recognise incorrect logins and it happens with different computers each time I upload the program.
我很欣赏这是一个非常模糊的问题,但是我正在把头发拉过来!
I appreciate that this is a very vague question, but I'm pulling my hair out over it!
正如我所说,我是一名初学者,并且对于在商业服务器上托管并且对一般身份或登录系统没有太多经验非常新,因此非常感谢任何帮助。
As I said I am a beginner and am completely new to hosting on business servers and don't have much experience with Identity or Login systems in general so any help is much appreciated.
我主要想知道最有可能的问题是iis,如果是这样,我应该在哪里看?或者服务器安全设置?
I mainly want to know is the problem most likely iis, if so where in iis should I be looking? Or the servers security settings?
在服务器上运行时,为什么调试这个有效?
Is there an efficient why to debug this while its running on the server?
如果问题听起来像编码问题,其中身份文件已被编辑,让我知道它可能是什么类,我会发布代码。
If the problem sounds like a coding issue where identity files have been edited let me know what class it could be and Ill post the code.
谢谢!
编辑:
Global.asax.cs
Global.asax.cs
public class Global : HttpApplication
{
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
WebApiConfig.Register(GlobalConfiguration.Configuration);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
//Creates roles and adds an admin on first start
RoleCreator rc = new RoleCreator();
rc.CreateRoles();
rc.AddAdmin();
}
}
Startup.Auth.cs
Startup.Auth.cs
public partial class Startup {
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(UnitContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieName="TrackerCookie",
LoginPath = new PathString("/Login/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
推荐答案
问题现已解决。
对于遇到同样问题的人,问题是由一个名为katana bug#197的错误造成的。
For anyone with the same problem, the issue is caused by a bug called 'katana bug #197'.
最简单的解决方法是下载'kentor.OwinCookieSaver'NuGet Package。并在启动时在应用程序cookie配置上方添加 app.UseKentorOwinCookieSaver(); 。
The easiest fix is to download 'kentor.OwinCookieSaver' NuGet Package. and add app.UseKentorOwinCookieSaver(); above your Application cookie config in startup.
https://github.com/KentorIT/owin-cookie-saver
// kentor.OwinCookieSaver for 'katana bug #197' (login cookies being destroyed on logout!)
app.UseKentorOwinCookieSaver();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieName="LoginCookie",
LoginPath = new PathString("/Login/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Microsoft已发现此问题,并将于2015年解决。
Microsoft are aware of the issue and it will be resolved in 2015.
这篇关于应用程序停止生成登录cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
