ASP.Net FormsAuthentication重定向失去重定向和Application_AuthenticateRequest的饼干 [英] ASP.Net FormsAuthentication Redirect Loses the cookie between Redirect and Application_AuthenticateRequest

查看:143
本文介绍了ASP.Net FormsAuthentication重定向失去重定向和Application_AuthenticateRequest的饼干的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个FormsAuthentication的Cookie是持久的,并在开发,测试和生产环境独立工作。我有一个可以验证用户,创建用户对象,身份验证cookie被添加到响应:

I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the user object is created, the authentication cookie is added to the response:

'Custom object to grab the TLD from the url
authCookie.Domain = myTicketModule.GetTopLevelDomain(Request.ServerVariables("HTTP_HOST"))
FormsAuthentication.SetAuthCookie(authTicket.Name, False)
Response.SetCookie(authCookie)

用户得到处理一点点检查为第一次登录,安全问题等,并随后与以下珍闻重定向:

The user gets processed a little bit to check for a first time login, security questions, etc, and is then redirected with the following tidbit:

Session.Add("ForceRedirect", "/FirstTimeLogin.aspx")
Response.Redirect("~/FirstTimeLogin.aspx", True)

通过调试中断,我可以验证Cookie集合同时拥有不相关的,我为不同的目的和formsauthentication设置cookie身份验证的cookie。然后在过程中的下一步骤在ApplicationAuthenticateRequest在Global.asax发生

With a debug break, I can verify that the cookie collection holds both a cookie not related to authentication that I set for a different purpose and the formsauthentication cookie. Then the next step in the process occurs at the ApplicationAuthenticateRequest in the global.asax:

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    Dim formsCookieName As String = myConfigurationManager.AppSettings("FormsCookieName")
    Dim authCookie As HttpCookie = Request.Cookies(formsCookieName) 

在这一点上,这一个用户authCookie什么。我拥有1.5谁不以这种方式影响其他用户。然而,对于一个用户cookie的只是消失得无影无踪。我w3wp.exe的例外,状态服务器异常和其他IIS进程有关的异常以前见过这个,但我发现在事件日志中没有例外。 w3wp.exe的是不是崩溃,状态服务器有一定的超时但他们似乎不相关(如时间戳验证),而且只发生在这一个用户在这一领域(这code用于跨2个不同的顶级域名大约是10其他子域)。

At this point, for this ONE user authCookie is nothing. I have 15,000 other users who are not impacted in this manner. However, for one user the cookie just vanishes without a trace. I've seen this before with w3wp.exe exceptions, state server exceptions and other IIS process related exceptions, but I'm getting no exceptions in the event log. w3wp.exe is not crashing, the state server has some timeouts but they appear unrelated (as verified by timestamps) and it only happens to this one user on this one domain (this code is used across 2 different TLDs with approximately 10 other subdomains).

途径之一,我调查的是,该cookie可能只是过大。我想会有的饼干进入响应大小的检查,我不认为这会影响到这种方式。任何想法,为什么请求可能倾倒的饼干吗?

One avenue I'm investigating is that the cookie might just be too large. I would think that there would be a check for the size of the cookie going into the response, and I wouldn't think it would impact it this way. Any ideas why the request might dumping the cookie?

请注意:我说过,我集也被倾倒(和它的非常小的)次级饼干

NOTE: The secondary cookie I mentioned that I set also gets dumped (and it's very tiny).

编辑 - 注:当发生这种情况的会话令牌不丢失。然而,由于身份验证Cookie丢失,被忽略,但在随后的登录代替。

EDIT-NOTE: The session token is NOT lost when this happens. However, since the authentication cookie is lost, it is ignored and replaced on a subsequent login.

推荐答案

原来,Cookie数据被倾倒入饼干这个特定的用户发生超过其加密格式允许的最大值。未加密的数据拟合,但一旦被加密在其上运行规模增长过大处理。这引起了饼干和任何cookie加入后它被从响应头丢弃。

It turns out that the cookie data being dumped into the cookie for this particular user happened to exceed the maximum allowed size in its encrypted format. Unencrypted, the data fit, but once the encryption was run on it the size grew too large to handle. This caused the cookie and any cookies added after it to be dropped from the response header.

斩波注入cookie数据的量解决该问题。

Chopping the amount of data injected into the cookie solved the issue.

这篇关于ASP.Net FormsAuthentication重定向失去重定向和Application_AuthenticateRequest的饼干的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆