如何设置表单身份验证cookie路径 [英] how to set the forms authentication cookie path

问题描述

在同一个IIS网站上，我有两个名为/foo和/bar的ASP.NET Web应用程序.两者都使用表单身份验证，我希望用户能够独立登录和退出两个站点.

On the same IIS web site, I have two ASP.NET web applications called /foo and /bar. Both use forms authentication and I want users to be able to log in and out of both sites independently.

使用表单身份验证的标准配置，似乎为表单身份验证cookie发送了一个cookie路径"/".这意味着，当用户登录/bar时，会将其从/foo中注销，这对我来说是不受欢迎的行为.

With the standard configuration for forms authentication, it seems to send a cookie path of "/" for the forms auth cookie. This means that when a user logs into /bar it logs him out of /foo which is undesirable behaviour for me.

显而易见的解决方案是这样的:

The obvious solution seems to be this:

FormsAuthentication.RedirectFromLoginPage(username, false, Request.ApplicationPath);

这使表单auth cookie具有应用程序路径，该路径允许用户独立登录/foo和/bar :-)但是，还有一个更加棘手的问题:如果用户尝试登录/Foo(使用IIS)将它们定向到Web应用程序/foo，但它们永远无法登录，因为在决定是否基于cookie路径发送cookie时，浏览器(在这种情况下为chrome)区分大小写.

This makes the forms auth cookie have the application path which allows the user to log into /foo and /bar independently :-) However there is a further and more nasty problem: If the user tries to log into /Foo (with a capital F), IIS directs them to the web application /foo, but they can never log in because the browser (chrome in this case) is case sensitive when deciding whether to send the cookie based on the cookie path.

这似乎是每个ASP.NET Web应用程序开发人员都将面临的常见问题，但我看不出任何明智的解决方案.请告诉我我错过了明显的事情吗?

This seems to be a common problem which every ASP.NET web app developer will face but I can't see a sensible solution for it. Please tell me i've missed something obvious?

谢谢

安迪

推荐答案

我认为您已经以某种方式解决了这个问题，但是由于偶然发现了这个问题，我想我应该多花几分钱.

I assume you have already solved this issue somehow, but since I stumbled upon this question I thought I should add my few cents.

要解决此问题，请在web.config中使用不同的cookie名称.像这样:

To solve the issue use different cookie names in web.config. Something like:

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_FOO"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

和

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_BAR"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

这篇关于如何设置表单身份验证cookie路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！