Asp.net mvc 3 在MVC中,客户端大多数时候都需要删除cookie
我有我的mvc项目,在我的本地机器上运行良好。然而,一旦发布到服务器上,用户就无法在试图访问网站的第二时间访问登录名。他们必须删除cookies。为什么会这样?我该怎么纠正呢 Global.asax.csAsp.net mvc 3 在MVC中,客户端大多数时候都需要删除cookie,asp.net-mvc-3,model-view-controller,web-deployment,Asp.net Mvc 3,Model View Controller,Web Deployment,我有我的mvc项目,在我的本地机器上运行良好。然而,一旦发布到服务器上,用户就无法在试图访问网站的第二时间访问登录名。他们必须删除cookies。为什么会这样?我该怎么纠正呢 Global.asax.cs FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.cookies[FormsAuthentication.FormsCookieName].Value); args.user = new MyPro
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.cookies[FormsAuthentication.FormsCookieName].Value);
args.user = new MyProject.Web.UI.Classes.UserPrincipal(GetUserFromCache(ticket.Name))
public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
if (FormsAuthentication.CookiesSupported)
{
if (null != Request.Cookies[FormsAuthentication.FormsCookieName])
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value);
args.User = new MyProject.Web.UI.Classes.UserPrincipal(GetUserFromCache(ticket.Name));
}
}
else
throw new HttpException("Cookieless Forms Authentication is not supported for this application.");
}
public void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs args)
{
string username = args.Identity.Name.Substring(args.Identity.Name.IndexOf("\\") + 1);
Myproject.API.User user = GetUserFromCache(username);
if (null == user)
throw new HttpException("User could not be found.");
args.User = new MyProject.Web.UI.Classes.UserPrincipal(user);
}
源文件:c:\Myproject\Code\MvcUI\Global.asax.cs
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.cookies[FormsAuthentication.FormsCookieName].Value);
args.user = new MyProject.Web.UI.Classes.UserPrincipal(GetUserFromCache(ticket.Name))
public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
if (FormsAuthentication.CookiesSupported)
{
if (null != Request.Cookies[FormsAuthentication.FormsCookieName])
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value);
args.User = new MyProject.Web.UI.Classes.UserPrincipal(GetUserFromCache(ticket.Name));
}
}
else
throw new HttpException("Cookieless Forms Authentication is not supported for this application.");
}
public void WindowsAuthentication_OnAuthenticate(object sender, WindowsAuthenticationEventArgs args)
{
string username = args.Identity.Name.Substring(args.Identity.Name.IndexOf("\\") + 1);
Myproject.API.User user = GetUserFromCache(username);
if (null == user)
throw new HttpException("User could not be found.");
args.User = new MyProject.Web.UI.Classes.UserPrincipal(user);
}
会计控制员
[HttpPost]
public bool LogOn(string userName, string password, string returnUrl, bool rememberMe = false)
{
MyProject.API.User user = MyProject.API.User.Load(userName);
string errorMessage = "Your user name and/or password is incorrect.";
if (null != user && user.IsValidPassword(password))
{
user.LastLoginDate = DateTime.Now;
user.Save();
FormsAuthentication.SetAuthCookie(userName, rememberMe);
return true;
}
else
throw new Exception(errorMessage);
}
web.config
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<configSections>
<section name="nhibernate" type="System.Configuration.NameValueSectionHandler, System, Version=1.0.5000.0,Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
<section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
</sectionGroup>
</configSections>
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="MvcUI.HtmlHelpers" />
<add namespace="MyProject.API" />
<add namespace="MvcUI.Models" />
</namespaces>
</pages>
</system.web.webPages.razor>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
<httpHandlers>
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
validate="false" />
</httpHandlers>
</system.web>
<nhibernate>
<add key="hibernate.connection.provider" value="NHibernate.Connection.DriverConnectionProvider"/>
<add key="hibernate.dialect" value="NHibernate.Dialect.MsSql2000Dialect"/>
<add key="hibernate.connection.driver_class" value="NHibernate.Driver.SqlClientDriver"/>
<add key="hibernate.connection.connection_string" value="Server=.\SQLEXPRESS;Database=myDatabase;User=me;Pwd=password;"/>
<add key="hibernate.show_sql" value="false"/>
</nhibernate>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
错误消息指向Gloabal.asax.cs文件,如上所示。
错误消息:
我还包含了一个生成的机器密钥,但它并没有解决问题,我假设您的用户在到达登录页面时会被重定向到某个地方,如果请求经过身份验证,那么他们在第一次成功登录后无法访问登录页面 如果是这种情况,您可能希望在第一次加载页面时,在到达登录页面时强制用户注销。例如(Razor语法,C#):
根据您的反馈,您遇到该错误的原因可能是因为您正在使用为应用程序自动生成的应用程序(也可能是在多台计算机/应用程序池中,甚至是在一个应用程序池中,该应用程序池的回收频率太高) 请务必退房。你申请了吗 我看到您没有设置
ticketCompatibilityMode
,因为.NET4已经改变了加密的工作方式
<forms
loginUrl="/Login.aspx"
timeout="2880"
ticketCompatibilityMode="Framework20"
domain="domain.com"/>
检查两个系统上的机器是否相同。确保你也应用了这个
由于修补程序修改ASP.NET中某些功能的加密/签名行为,因此将其应用于web场中的所有计算机非常重要。如果您混合使用已修补/未修补的系统,则表单身份验证、webresource.axd和scriptresource.axd请求的成功/失败取决于它们在服务器场中访问的服务器(因为它们之间使用的加密方式不同)。关于登录操作方法的GET(而不是post)。检查用户是否经过身份验证,如果是,请注销
if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
}
谢谢你们大家试着回答这个问题。事实上,他们都很有帮助。我自己解决了这个问题,在wenconfig中添加了一个machinekey,表单名也必须存在。如果没有te表单名称,即使是机器密钥也没有用您的网站正在iis6/7上运行?iis6和7都进行了测试。两个都一样。你可以发布更多的代码给我们流程上下文吗?如果没有上下文和一些真实的代码,这是不可能回答的。@Darin,你到底需要什么信息,我可以发布它们?@sra:这是一个完全不同的答案,我没有更新我的第一篇帖子,因为它实际上可能会帮助其他有类似问题的人。我在使用
Html.AntiForgeryToken()
时遇到了同样的问题(不同的例外)。cookie的加密/解密过程基于机器密钥,因此在更改服务器时,cookie无法解密。在web.config
文件中使用一个简单的机器密钥就成功了。我根本无法访问登录表单