为什么不通过FormsAuthentication验证.ASPAUX cookie? [英] Why isn't .ASPAUX cookie being validated by FormsAuthentication?

查看:79
本文介绍了为什么不通过FormsAuthentication验证.ASPAUX cookie?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个使用FormsAuthentication的网站,是的,cookie的名称是.ASPAUX:)

I have a site that uses FormsAuthentication and yes, the name of the cookie is .ASPAUX :)

我可以完美登录.服务器创建一个表单身份验证票证,将其包装在cookie中,适当地确定到期时间(提前1年),然后将其发送给客户端.

I can log in perfectly. The server creates a forms authentication ticket, packs it in a cookie, properly determines the expiration time (1 year ahead) and sends it to the client.

由于某种原因,经过一段时间后,即使cookie仍然存在(我可以在FireCookies上看到它),HttpContext.Current.Request.IsAuthenticated在服务器上也变为false.好像无法验证cookie.

For some reason, after some time, even though the cookie is there yet (I can see it with FireCookies) HttpContext.Current.Request.IsAuthenticated becomes false at the server. It's as if the cookie couldn't be validated.

问题是:为什么会发生这种情况?我该如何调试为什么Cookie突然失效而没有过期?

The problem is: Why would that happen? How can I debug why the cookie suddenly becomes invalid without expiring?

编辑

这是登录方法:

public static bool Login(int id)
        {
            try
            {
                string securityToken = UserHelper.AuthenticateUser(id);

                DateTime expiryDate = DateTime.Now.AddYears(1);
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                     1, id.ToString(), DateTime.Now, expiryDate, true,
                     securityToken, FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                cookie.Expires = expiryDate;

                HttpContext.Current.Response.Cookies.Add(cookie);

                return true;
            }
            catch
            {
                return false;
            }
        }

和web.config:

And the web.config:

<authentication mode="Forms">
            <forms loginUrl="~/Login.aspx" timeout="2880" slidingExpiration="true"/>
        </authentication>

推荐答案

在web.config中设置静态机器密钥,以确保用于生成票证的加密密钥在应用程序池被回收(或重新启动您的网站)后仍然有效在ASP.NET Web服务器中)?

Set static machine keys in your web.config to make sure that the encryption key used in generating your ticket survives an application pool being recycled (or your website being restarted in the ASP.NET web server)?

另请参见此 MSDN库文章的表单身份验证票"部分

Also see the Forms Authentication Tickets section of this MSDN library article

这篇关于为什么不通过FormsAuthentication验证.ASPAUX cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆