为什么不.ASPAUX饼干由FormsAuthentication验证？ [英] Why isn't .ASPAUX cookie being validated by FormsAuthentication?

问题描述

我有一个使用FormsAuthentication一个网站，是的，cookie的名字是.ASPAUX：）

我可以完全登录。服务器创建一个窗体身份验证票，包在一个cookie中，正确的决定到期时间（1年提前），并将其发送给客户端。

由于某些原因，经过一段时间后，即使cookie是有，但（我可以看到它与FireCookies）HttpContext.Current.Request.IsAuthenticated为假的服务器。这是因为如果该cookie无法验证。

现在的问题是：为什么会发生呢？如何调试为什么饼干突然变得无效，没有过期？

修改

下面的登录方法：

 公共静态布尔登录（INT ID）
        {
            尝试
            {
                串securityToken = UserHelper.AuthenticateUser（ID）;

                日期时间expiryDate = DateTime.Now.AddYears（1）;
                的FormsAuthenticationTicket票=新的FormsAuthenticationTicket（
                     1，id.ToString（），DateTime.Now，expiryDate，真实，
                     securityToken，FormsAuthentication.FormsCookiePath）;

                字符串的encryptedTicket = FormsAuthentication.Encrypt（票）;
                的HttpCookie饼干=新的HttpCookie（FormsAuthentication.FormsCookieName，encryptedTicket中）;
                cookie.Expires = expiryDate;

                HttpContext.Current.Response.Cookies.Add（饼干）;

                返回true;
            }
            抓住
            {
                返回false;
            }
        }
 

和web.config中：

 ＆LT;身份验证模式=形式＆GT;
            ＆LT;形式loginUrl =〜/的Login.aspx超时=2880slidingExpiration =真/＆GT;
        ＆LT; /认证＆GT;
 

解决方案

在你的web.config设置静态机键，以确保在生成您的机票使用的加密密钥生存被回收的应用程序池（或正在重新启动您的网站在ASP.NET Web服务器）？

另请参阅此 MSDN库文章的窗体身份验证门票栏目

I have a site that uses FormsAuthentication and yes, the name of the cookie is .ASPAUX :)

I can log in perfectly. The server creates a forms authentication ticket, packs it in a cookie, properly determines the expiration time (1 year ahead) and sends it to the client.

For some reason, after some time, even though the cookie is there yet (I can see it with FireCookies) HttpContext.Current.Request.IsAuthenticated becomes false at the server. It's as if the cookie couldn't be validated.

The problem is: Why would that happen? How can I debug why the cookie suddenly becomes invalid without expiring?

EDIT

Here's the login method:

public static bool Login(int id)
        {
            try
            {
                string securityToken = UserHelper.AuthenticateUser(id);

                DateTime expiryDate = DateTime.Now.AddYears(1);
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                     1, id.ToString(), DateTime.Now, expiryDate, true,
                     securityToken, FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                cookie.Expires = expiryDate;

                HttpContext.Current.Response.Cookies.Add(cookie);

                return true;
            }
            catch
            {
                return false;
            }
        }

And the web.config:

<authentication mode="Forms">
            <forms loginUrl="~/Login.aspx" timeout="2880" slidingExpiration="true"/>
        </authentication>

解决方案

Set static machine keys in your web.config to make sure that the encryption key used in generating your ticket survives an application pool being recycled (or your website being restarted in the ASP.NET web server)?

Also see the Forms Authentication Tickets section of this MSDN library article

这篇关于为什么不.ASPAUX饼干由FormsAuthentication验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！