asp.net mvc3和cookie [英] asp.net mvc3 and cookie

问题描述

我有一个网站，用户可以在其中使用其Facebook帐户或Twitter进行身份验证:
知道我使用过Cookie的用户:

Global.asax:

I have a website where a user can authenticate with their facebook account or twitter:
to know the user I used the cookie:

Global.asax:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                var id = new MyIdentity(authTicket);
                var userData = authTicket.UserData.Split(',');
               
                id.SocialProviderName = userData[0].Replace("providerslist=", "").Split('|')[0];
                var newUser = new MyPrincipal(id);
                Context.User = newUser;
            }

        }

用户可以链接两个帐户(facebook和twitter).与
连接 Twitter，然后单击帐户链接"，并将重定向到她的Facebook帐户进行身份验证

问题在于，当重定向到第二个帐户时，Cookie会变为null，并且

the user can link two accounts (facebook and twitter). connect with
twitter and then click on "account linking" and will be redirect to authenticate with her facebook account

the problem is that when redirecting to the second account the cookie becomes null and

if (this.HttpContext.Request.IsAuthenticated)
            {...}

返回false


我的控制器:
....
FormsAuthentication.SetAuthCookie(socialProfile.UserId，true);
ResetFormsCookie(providerName，socialProfile.UserId);
....
用户ID由GUID生成

return false


My Controller:
....
FormsAuthentication.SetAuthCookie(socialProfile.UserId, true);
ResetFormsCookie(providerName, socialProfile.UserId);
....
UserId generate by GUID

public void ResetFormsCookie(string providerName, string userId)
        {
            var authCookie = HttpContext.Current.ApplicationInstance.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie == null)
            {
                authCookie = FormsAuthentication.GetAuthCookie(userId, true);
            }
            var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var userData = authTicket.UserData;
            var providerslist = (from c in userData.Split(',') where c.Contains("providerslist=") select c).FirstOrDefault();
            if (string.IsNullOrEmpty(providerslist))
            {
                userData += string.IsNullOrEmpty(userData) ? "providerslist=" + providerName : ",providerslist=" + providerName;
            }
            else
            {
                if (!providerslist.Contains(providerName))
                {
                    userData = userData.Replace(providerslist, providerslist + "|" + providerName);
                }
            }
            var newTicket = new FormsAuthenticationTicket(authTicket.Version, authTicket.Name, authTicket.IssueDate
                , DateTime.Now.AddDays(90) // authTicket.Expiration ToDo: This need to set in the config
            , authTicket.IsPersistent, userData);
            authCookie.Value = FormsAuthentication.Encrypt(newTicket);
            HttpContext.Current.Response.Cookies.Add(authCookie);
        }

我为我的英语道歉
谢谢，

I apologize for my English
Thanks,

推荐答案

Cookie是按主机或按路径存储的，您无法在服务器上读取由另一个服务器/另一个应用程序中的服务器发送的cookie.这将是一个很大的安全问题.
阅读有关使用mvc进行Facebook登录的文章: http://amirrajan.net/Blog /asp-mvc-and-facebook-single-on [ ^ ]

Cookies are stored per-host or per-path, you cannot read on a server a cookie sent by another server/set in another application. This would be a big security issue.
Read this article about facebook sign-on with mvc: http://amirrajan.net/Blog/asp-mvc-and-facebook-single-sign-on[^]

这篇关于asp.net mvc3和cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！