FormsAuthentication:UserData丢失(但在Cookie中) [英] FormsAuthentication: UserData lost (but in Cookie)
问题描述
- Asp.Net MVC 3
- FormsAuthentication(自定义)
- iPad MobileSafari
- iframe(同一网域)
与 formsTicket.UserData
不使用 MobileSafari (ONLY MoblieSafari),我发现, httpContext.User.Identity.Ticket.UserData
是空(在MobileSafari中,而不是其他),而且原始的FormsAuthentication HttpCookie 包含正确的值?
代码:
{
if(httpContext.User.Identity是FormsIdentity)
{
// Get表单标识从当前用户
FormsIdentity id =(FormsIdentity)httpContext.User.Identity;
//创建自定义主体实例并分配给当前用户(带缓存)
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
var cookieUserData = ticket.UserData; // not empty
var httpContextIdentiyUserData = id.Ticket.UserData; //空!
...
}
}
任何线索有用!
Lg
Warappa
PS:
因此,问题是以下内容:
当我登录并访问执行 history.back()
的网页时,会出现此错误
查看Fiddler的流量我看到,Asp.Net使用无Cookie 认证模式,因此验证 编码到网址 中。现在,当 history.back()
发生时,网址指向注销网址现在无效的身份验证信息
强制Asp.Net使用cookie的功能。 b
Lg
warappa
- Asp.Net MVC 3
- FormsAuthentication (custom)
- iPad MobileSafari
- iframe (same domain)
After struggling with formsTicket.UserData
not working with MobileSafari (ONLY MoblieSafari), I found out, that httpContext.User.Identity.Ticket.UserData
is empty (in MobileSafari, not the others) and the original FormsAuthentication HttpCookie contains the right values?!?
How can that be?!
Code:
public void UpdateContext()
{
if (httpContext.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)httpContext.User.Identity;
// Create a custom Principal Instance and assign to Current User (with caching)
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
var cookieUserData = ticket.UserData; // not empty
var httpContextIdentiyUserData = id.Ticket.UserData; // empty!
...
}
}
Any clue would be helpful!
Lg
Warappa
PS: If it matters, I use a page of my website in an iframe - same domain.
So the issue was the following:
This error arose when I logged out and accessed a page that did a history.back()
.
Looking at the traffic with Fiddler I saw, that Asp.Net used the cookieless authentication mode, so the authentication was encoded into the url. Now, when the history.back()
occurred, the url pointed to the Logout url with the now invalid authentication information... nasty bug at my side.
Forcing Asp.Net to use cookies did the trick!
Lg
warappa
这篇关于FormsAuthentication:UserData丢失(但在Cookie中)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!