C# 读取cookie以自动登录
我在有人登录时存储cookies,如下所示:C# 读取cookie以自动登录,c#,asp.net,cookies,C#,Asp.net,Cookies,我在有人登录时存储cookies,如下所示: List<User> listUser; //returns 1 user foreach(User u in listUser) { HttpCookie cookieNickname = new HttpCookie("UserNickname"); cookieNickname.Value = u.Nickname.ToString(); cookieNickname.Expires = DateTime.MaxV
List<User> listUser;
//returns 1 user
foreach(User u in listUser)
{
HttpCookie cookieNickname = new HttpCookie("UserNickname");
cookieNickname.Value = u.Nickname.ToString();
cookieNickname.Expires = DateTime.MaxValue;
Response.Cookies.Add(cookieNickname);
HttpCookie cookiePassword = new HttpCookie("UserPassword");
cookiePassword.Value = u.Password;
cookiePassword.Expires = DateTime.MaxValue;
Response.Cookies.Add(cookiePassword);
}
列表列表用户;
//返回1个用户
foreach(listUser中的用户u)
{
HttpCookie cookieNickname=新的HttpCookie(“用户昵称”);
cookieNickname.Value=u.昵称.ToString();
Expires=DateTime.MaxValue;
Response.Cookies.Add(cookieNickname);
HttpCookie cookiePassword=新的HttpCookie(“用户密码”);
cookiePassword.Value=u.密码;
cookiePassword.Expires=DateTime.MaxValue;
Response.Cookies.Add(cookiePassword);
}
List<User> cookieLoggedInUser;
if (Request.Cookies["UserNickname"] != null && Request.Cookies["UserPassword"] != null)
{
//returns 1 user
cookieLoggedInUser = Database.SignIn(Request.Cookies["UserNickname"].ToString(), Request.Cookies["UserPassword"].ToString());
if (cookieLoggedInUser.Count > 0)
{
foreach (User u in cookieLoggedInUser)
{
lblFirstName.Text = u.FirstName;
lblLastName.Text = u.LastName;
}
}
}
列出cookieLoggedInUser;
if(Request.Cookies[“user昵称”]!=null和Request.Cookies[“UserPassword”]!=null)
{
//返回1个用户
cookieLoggedInUser=Database.SignIn(Request.Cookies[“user昵称”].ToString(),Request.Cookies[“UserPassword”].ToString());
如果(cookieLoggedInUser.Count>0)
{
foreach(cookieLoggedInUser中的用户u)
{
lblFirstName.Text=u.FirstName;
lblLastName.Text=u.LastName;
}
}
}
为什么会发生这种情况?我不建议您采用其他方法进行实验,因为它有很大的安全风险 要使您当前的解决方案正常工作,请检查您是否在使用cookie的同一域中创建cookie
如果不是这样,浏览器将不会向其他域发送Cookie。我不建议您在其他域中使用这种方法进行测试,因为它有很大的安全风险 要使您当前的解决方案正常工作,请检查您是否在使用cookie的同一域中创建cookie
如果不是这样,浏览器将不会向其他域发送cookie。您可以使用以下技术使登录cookie永久化:
protected void Login1_OnLoggedIn(object sender, EventArgs e)
{
CheckBox Remember = (CheckBox)((Login)sender).FindControl("Remember");
if (Remember.Checked)
{
FormsAuthenticationTicket t = new FormsAuthenticationTicket(2, Login1.UserName, DateTime.Now, DateTime.Now.AddYears(5), true, "");
string data = FormsAuthentication.Encrypt(t);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, data);
authCookie.HttpOnly = true;
authCookie.Domain = "";
authCookie.Expires = t.Expiration;
Response.Cookies.Remove("FORMAUTH");
Response.Cookies.Add(authCookie);
Response.Redirect(Request.QueryString["ReturnUrl"]);
}
}
Response.Cookies.Remove(“FORMAUTH”)的行<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/Login.aspx" name="FORMAUTH"/>
</authentication>
OnLoggedIn这比您建议的替代方案(在cookie中存储未加密的密码)安全得多。您可以使用以下技术使登录cookie永久化:
protected void Login1_OnLoggedIn(object sender, EventArgs e)
{
CheckBox Remember = (CheckBox)((Login)sender).FindControl("Remember");
if (Remember.Checked)
{
FormsAuthenticationTicket t = new FormsAuthenticationTicket(2, Login1.UserName, DateTime.Now, DateTime.Now.AddYears(5), true, "");
string data = FormsAuthentication.Encrypt(t);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, data);
authCookie.HttpOnly = true;
authCookie.Domain = "";
authCookie.Expires = t.Expiration;
Response.Cookies.Remove("FORMAUTH");
Response.Cookies.Add(authCookie);
Response.Redirect(Request.QueryString["ReturnUrl"]);
}
}
Response.Cookies.Remove(“FORMAUTH”)的行<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/Login.aspx" name="FORMAUTH"/>
</authentication>
OnLoggedIn这比您建议的替代方案(将未加密的密码存储在cookie中)安全得多.但是我如何在页面加载时读取cookie以从登录的人获取数据?如果您使用asp.net成员身份,您只需检查
请求。I已验证Request.IsAuthenticated