Asp.net 当使用IISExpress在VS2012中调试时,User.Identity.IsAuthenticated False
我有一个旧的ASP.NET WebForms应用程序正在尝试对用户进行身份验证。该应用程序在分段和生产中运行良好。但是,当尝试使用IISExpress进行本地调试时,它不会 在包含登录服务器控件的母版页中有一个用户控件。登录服务器控件有一个自定义模板,并在OnAuthenticate事件期间调用LoginControl\u Authenticate。在OnLoggedIn事件期间调用另一个名为LoginControl\u LoggedIn的服务器事件。以下是这两种方法的代码:Asp.net 当使用IISExpress在VS2012中调试时,User.Identity.IsAuthenticated False,asp.net,visual-studio-2012,asp.net-membership,forms-authentication,iis-express,Asp.net,Visual Studio 2012,Asp.net Membership,Forms Authentication,Iis Express,我有一个旧的ASP.NET WebForms应用程序正在尝试对用户进行身份验证。该应用程序在分段和生产中运行良好。但是,当尝试使用IISExpress进行本地调试时,它不会 在包含登录服务器控件的母版页中有一个用户控件。登录服务器控件有一个自定义模板,并在OnAuthenticate事件期间调用LoginControl\u Authenticate。在OnLoggedIn事件期间调用另一个名为LoginControl\u LoggedIn的服务器事件。以下是这两种方法的代码: Private S
Private Sub LoginControl_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs)
Response.Redirect("~/VerifyAuthentication.aspx", True)
End Sub
Private Sub LoginControl_Authenticate(ByVal sender As Object, ByVal e As AuthenticateEventArgs)
Dim loginCtrl As Login = CType(LoginContainer.FindControl("LoginControl"), Login)
Dim username As String = loginCtrl.UserName
Dim password As String = loginCtrl.Password
e.Authenticated = Membership.ValidateUser(username, password)
End Sub
然后,VerifyAuthentication.aspx页面应该验证用户并进行一些疯狂的配置文件填充。在加载页面上,第一条语句是检查User.Identity.IsAuthenticated。同样,在本地,每次都返回False。然而,在生产中,它的工作原理与预期一致。下面是此方法的一个片段:
Private Sub Page_Load(s as Object, e as EventArgs)
If (User.Identity.IsAuthenticated = False) Then
...
End If
...
End Sub
web.config的配置如下所述:
<system.web>
<machineKey validationKey="..." decryptionKey="..." validation="SHA1"/>
<authentication mode="Forms">
<forms name=".ASPXAUTH" enableCrossAppRedirects="true" timeout="600" defaultUrl="/VerifyAuthentication.aspx" loginUrl="/" protection="All" slidingExpiration="true" domain="localhost" cookieless="UseDeviceProfile" />
</authentication>
<membership defaultProvider="DefaultSqlMembershipProvider">
<providers>
<clear/>
<add name="DefaultSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="60" passwordStrengthRegularExpression=""/>
</providers>
</membership>
...
</system.web>
来自VerifyAuthentication.aspx
Request sent 42 bytes of Cookie data:
ASP.NET_SessionId=udyfmuy3xg5k3145khptvxer
Request sent 286 bytes of Cookie data:
ASP.NET_SessionId=ex03esugzcdjuk55tevnfq3o; .ASPXAUTH=A34B5A519F2357269239544D4BFAE6DA30C9681F4F2C38D9574F747940C9F27F408AF2BB4A79437DFAB30E18E157D7C7291B1A4BFB98485C93F6427C6851737E8F3C35368A11C053BB5F9E48A0535D5178F10AB9E802C7956C80565F1B2CA042DE51228EF62CAB6B9E3AC748FDA87895B1C3D190
生产
从登录名:
Response sent 278 bytes of Cookie data:
Set-Cookie: .ASPXAUTH=AE66DCD41A34991EA27494478D779955ECE7AE3195BC5FE4F19085E9DC3307AF754D540A3B04504DBE65F79F1CFB3FA57780E807D4FA4D8BBD79E09A30BBE40BE4A8D76D26EC3F4FDD335A3667770E3CF7C8D8ACDD3E08B3D5A6B4F076EE5E638B6913DA774A662D300F9E1B554147F9E50D7B65; domain=localhost; path=/; HttpOnly
Response sent 291 bytes of Cookie data:
Set-Cookie: .ASPXAUTH=A34B5A519F2357269239544D4BFAE6DA30C9681F4F2C38D9574F747940C9F27F408AF2BB4A79437DFAB30E18E157D7C7291B1A4BFB98485C93F6427C6851737E8F3C35368A11C053BB5F9E48A0535D5178F10AB9E802C7956C80565F1B2CA042DE51228EF62CAB6B9E3AC748FDA87895B1C3D190; domain=mydomain.com; path=/; HttpOnly
来自VerifyAuthentication.aspx
Request sent 42 bytes of Cookie data:
ASP.NET_SessionId=udyfmuy3xg5k3145khptvxer
Request sent 286 bytes of Cookie data:
ASP.NET_SessionId=ex03esugzcdjuk55tevnfq3o; .ASPXAUTH=A34B5A519F2357269239544D4BFAE6DA30C9681F4F2C38D9574F747940C9F27F408AF2BB4A79437DFAB30E18E157D7C7291B1A4BFB98485C93F6427C6851737E8F3C35368A11C053BB5F9E48A0535D5178F10AB9E802C7956C80565F1B2CA042DE51228EF62CAB6B9E3AC748FDA87895B1C3D190
我的猜测是,这与在cookie的域的.config中使用“localhost”有关。您是否尝试过使用Fiddler来检查往返的HTTP流量?具体来说,您需要检查服务器在登录时是否发送回
Set Cookie
HTTP头,以及当重定向到VerifyAuthentication.aspx
时,客户端是否发送回Cookie
HTTP头。您能否在上发布Set Cookie
HTTP头的响应以及请求的URL生产和测试环境?