我们有一个网站,其中几个网页以https方式传输,很少网页以http格式传输,我们已经实现了一个通用的http处理程序(ashx)用于登录和身份验证。
我们在网站中使用Forms身份验证,并在Handler中手动设置Auth cookie 我们已将access-control-allow-origin设置为支持混合的http和https
出于安全需求,我们尝试使用https协议访问处理程序并面对以下问题
在AJAX成功通话中,我们只是在javascript中刷新页面。 在第一种情况下,用户名即将到来 在第二种情况下,将存在相同的登录链接。
我不确定这里的问题是什么?并且不知道在哪里看?
请帮助我
由于
public void ProcessRequest (HttpContext context)
{
string Message = "";
try
{
string EmailId = HttpContext.Current.Request["emailid"].ToString();
string Password = HttpContext.Current.Request["Password"].ToString();
string User = "";
Entities.UserTable user = null;
UserDAL userDAL = new UserDAL();
user = userDAL.UserLogin(EmailId, Password);
if (user != null)
{
int userId = user.Id;
string roles = "User";
bool rememberUserName = true;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
user.Id.ToString(),// Username to be associated with this ticket
DateTime.Now, // Date/time ticket was issued
DateTime.Now.AddYears(20), // Date and time the cookie will expire
rememberUserName, // if user has chcked rememebr me then create persistent cookie
roles, // store the user data, in this case roles of the user
FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any.
string hashCookies = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket
cookie.Expires = DateTime.Now.AddYears(20);
HttpContext.Current.Response.Cookies.Add(cookie);
Message = "success";
}
else
{
Message = "Please check your Mailid or password.";
}
}
catch(Exception ex)
{
Message = "Please contact Support";
}
context.Response.ContentType = "text/plain";
context.Response.Write(Message);
}