LogIn Control的“记住我”复选框在选中时不会对用户进行身份验证

时间:2012-11-15 04:04:13

标签: asp.net session-cookies asp.net-authentication

我已在我的web.config中设置了cookie。 。

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="360" requireSSL="false" cookieless="UseCookies" name=".Mordevayne" slidingExpiration="true"/>
</authentication>

以及machinekey。

   <machineKey validationKey="80B18E7CF458B1F8A7C91E656AA89CD49904C693C5F2A90926C43E970A2B0350E7B76507BB8F1F99597F595DD64D2934A2A8B192A013E9EFA8C79046931AB6EA"
decryptionKey="3B35B60055DB752582304CB98E3B560BE39BC063BB9AF8C50F4A58DC3D612472"
validation="SHA1" decryption="AES"/>

。 。但是,当我将其上载到托管站点时,只要选中“记住我”复选框,就不会对用户进行身份验证;但是当在localhost中运行时,tt工作正常。 我想知道为什么?

顺便说一句,这是我的登录代码:

Private Sub myLogin_Authenticate(ByVal sender As Object, ByVal e As 
System.Web.UI.WebControls.AuthenticateEventArgs) Handles myLogin.Authenticate

If Membership.ValidateUser(myLogin.UserName, myLogin.Password.Trim) Then

        Dim conString = ConfigurationManager.ConnectionStrings("ApplicationServices")
        Dim strConnString As String = conString.ConnectionString
        Dim loginswitch As Int16 = 0
        Dim loginswitch2 As Int16 = 0
        'check first if banned
        Dim con7 As SqlConnection = New SqlConnection(strConnString)
        Dim query7 As String = "SELECT * from xBanUsers WHERE username=@username"
        Dim cmd7 As SqlCommand = New SqlCommand(query7, con7)
        cmd7.Parameters.AddWithValue("@username", myLogin.UserName)
        con7.Open()
        Dim rd7 As SqlDataReader = cmd7.ExecuteReader
        rd7.Read()
        If rd7("isBanned") = "yes" Then
            'then check if banEnd is over
            Dim banEnd As DateTime = rd7("banEnd")
            If banEnd > DateTime.Now Then
                Session("banDetails") = "You have been banned by <font color='red'><b>" + rd7("punisher") + "</b></font> from <i>" + rd7("dateBanned") + "</i> up to <i>" + rd7("banEnd") + "</i>.<br/><br/>"
                Session("banDetails") += "<b>Ban Reason</b>: " + rd7("banReason") + ".<br/><br />"
                Session("banDetails") += "<b>Additional Details</b>:<br/>" + rd7("banNote")
                Response.Redirect("/BanReason.aspx")
            Else
                loginswitch2 = 1
            End If

        ElseIf rd7("isBanned") = "no" Then
            loginswitch = 1
        End If
        rd7.Close()
        con7.Close()

        'read addminutes         
        Dim conInterval As SqlConnection = New SqlConnection(strConnString)
        Dim queryInterval = "SELECT * FROM settime"
        Dim cmdInterval = New SqlCommand(queryInterval, conInterval)
        conInterval.Open()
        Dim rdInterval As SqlDataReader = cmdInterval.ExecuteReader
        rdInterval.Read()
        Dim addminutes As Integer = rdInterval("addminutes")
        rdInterval.Close()
        conInterval.Close()

        'proceed log in
        If loginswitch = 1 Or loginswitch2 = 1 Then
            'MsgBox(loginswitch2)
            Dim con As SqlConnection = New SqlConnection(strConnString)
            con.Open()
            Dim query As String = "INSERT INTO loginusers(username,date,time,month,year,datetime,day,IPAddress) VALUES(@usernameX,@dateX,@timeX,@monthX,@yearX,@datetimeX,@dayX,@IPAddress)"
            Dim cmd As SqlCommand = New SqlCommand(query, con)
            cmd.Parameters.AddWithValue("@usernameX", myLogin.UserName)
            Dim xxap As DateTime = DateTime.Now()
            xxap = xxap.AddMinutes(addminutes)
            cmd.Parameters.AddWithValue("@dateX", xxap.ToString("MM/dd/yyyy"))
            cmd.Parameters.AddWithValue("@timeX", xxap.ToString("HH:mm:ss"))
            cmd.Parameters.AddWithValue("@monthX", xxap.ToString("MM"))
            cmd.Parameters.AddWithValue("@yearX", xxap.ToString("yyyy"))
            cmd.Parameters.AddWithValue("@datetimeX", xxap.ToString("MM/dd/yyyy HH:mm:ss"))
            cmd.Parameters.AddWithValue("@dayX", xxap.ToString("dd"))
            Dim strHostName As String = System.Net.Dns.GetHostName()
            Dim clientIPAddress As String = System.Net.Dns.GetHostAddresses(strHostName).GetValue(0).ToString()
            cmd.Parameters.AddWithValue("@IPAddress", clientIPAddress)
            cmd.ExecuteNonQuery()
            con.Close()
            e.Authenticated = True
        End If


    Else
        e.Authenticated = False
    End If


End Sub

1 个答案:

答案 0 :(得分:0)

当用户选中复选框时,密码将保存在cookie中。下次返回时,它会通过cookie在浏览器内存中准备好进行身份验证。
在您的情况下,可能是cookie的问题。您是指定饼干的时间还是什么?

这是一个可以帮助你的问题 How does ASP.Net Cookieless work ?