同一站点下的多个IIS应用程序的登录/注销问题 [英] login/logout issue for multiple IIS applications under the same site
问题描述
我在IIS7.5的同一网站下有2个应用程序。问题如下:
I have 2 applications under the same website in IIS7.5. The problem is the follow:
- 打开浏览器并登录第一个应用程序;
- 打开另一个浏览器选项卡并登录第二个应用程序;
- 第一个应用程序自动注销。
我有相同的asp.net身份验证数据库,但我创建了两个具有不同角色和不同ApplicationId的不同用户。我还在应用程序web.config文件中的成员资格提供程序配置中设置了不同的applicationName属性。
I have the same asp.net authentication DB but I created two different users with different roles and different ApplicationId. I also set different applicationName attribute in membership provider configuration in applications web.config file.
你能帮我吗?抱歉我的英文。
Can you help me please? Sorry for my English.
谢谢。
推荐答案
如果是IIS网站配置为使用基于表单的身份验证,然后问题很可能是第二次登录(不同的用户)的cookie从初始登录覆盖cookie。默认情况下,cookie名为.ASPXAUTH。您应该能够通过使用 Fiddler 等内容检查IIS返回的响应标头来验证这一点。
If the IIS website is configured to use Forms-Based Authentication, then the problem is most likely that the cookie for the 2nd login (which is a different user) is overwriting the cookie from the initial login. By default, the cookie is named ".ASPXAUTH". You should be able to verify this by inspecting the response headers returned from IIS using something like Fiddler.
您可以通过更改web.config中元素中的name属性来控制IIS用于维护会话的cookie名称。有关详细信息,请参阅此文档 。 web.config的这一部分的示例如下:
You can control the cookie name IIS uses to maintain the session by changing the "name" attribute in the element in the web.config. See this documentation for more details. An example of this portion of the web.config would be something like:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="APP1SESS" />
</authentication>
如果应用程序包含在单独的子文件夹中,那么您还可以使用路径 而不是告诉浏览器只发送该子文件夹中的请求的cookie。这里要小心,因为子文件夹中不的图像等共享资源需要公开访问。
If the applications are contained within single, separate sub-folders, then you could also use the "path" attribute instead to tell the browser to only send the cookie for requests in that sub-folder. Be careful here as any shared resources like images that are not in the sub-folder would need to be publicly accessible.
// authentication / forms 元素只能在应用程序的根级别指定。请查看此SO帖子,以便进行讨论。
The //authentication/forms element can only be specified at the root level of the application. Check this SO post for a discussion on that.
这篇关于同一站点下的多个IIS应用程序的登录/注销问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
