在一个网站的多个应用程序 - 会话和窗体身份验证范围 [英] Multiple applications on a single site - session and forms authentication scope

问题描述

我们正在使用ASP.NET和IIS 6.0。我认识到的应用程序，网站和虚拟目录的定义在IIS 6界限不清，并在IIS 7改变了很多不过，我坚持了IIS 6.0现在。

We're using ASP.NET and IIS 6.0. I realise that the definitions of applications, websites and virtual directories are ill-defined in IIS 6, and changed a lot in IIS 7. However, I'm stuck with IIS 6.0 for now.

我们在IIS中定义一个网站，以及一些在虚拟目录单独的子网站。

We have a single web site defined in IIS, and a number of separate sub-sites in Virtual Directories.

该计划是这样的： -

The scheme looks like this:-

http://site.example.com/site1
http://site.example.com/site2
.. etc ..

站点1，站点2，......在IIS 6.0中的虚拟目录，默认Web站点下。

site1, site2, ... are virtual directories in IIS 6.0, under the "Default Web Site".

我需要这些网站大多使用ASP.NET会话和窗体身份验证，我不想让他们在所有共享认证数据或会话信息。

I need to use ASP.NET sessions and forms authentication in most of these sites, and I don't want them to share authentication data or session information at all.

无论是目前的机制依赖于饼干。然而，默认创建的饼干使用相同的名称，并在浏览器有/的路径，这意味着该网站的Cookie会互相冲突。

Both the mechanisms currently depend on cookies. However, the cookies created by default use the same name, and have a path of "/" in the browser, meaning the sites' cookies will clash with each other.

无每个cookie更改默认的名字，我怎么能执行我的子站之间的分离？我是否需要更改IIS 6应用程序的虚拟目录？或者有没有在code某种方式来强制执行饼干更有限的范围内？

Without changing the default name for each cookie, how can I enforce separation between my sub-sites? Do I need to change the virtual directories for IIS 6 "Applications"? Or is there some way in code to enforce a more limited scope for the cookies?

先谢谢了。

推荐答案

有关窗体身份验证，可以定义在 FormsCookiePath 属性来反映每个子网站的虚拟目录。

For Forms Authentication, you can define the FormsCookiePath property to reflect the virtual directory of each sub site.

<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.formscookiepath.aspx\">http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.formscookiepath.aspx

有关会话状态，我还没有看到任何可以定义一个路径，但你可以从标准的 cookieName =ASP.NET_SessionId价值远定义不同的cookie名称。这样，每个子网站寻找出不同的会话cookie。

For Session State, I haven't seen anything that can define a path, but you can define different cookie names away from the standard cookieName="ASP.NET_SessionId" value. That way each sub site is looking out for different session cookies.

<一个href=\"http://msdn.microsoft.com/en-us/library/h6bb9cz9(v=VS.100).aspx\">http://msdn.microsoft.com/en-us/library/h6bb9cz9(v=VS.100).aspx

这篇关于在一个网站的多个应用程序 - 会话和窗体身份验证范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！