关于多页共享表单身份验证Cookie的问题

时间:2010-12-16 12:16:27

标签: c# asp.net authentication cookies forms-authentication

在我的应用程序中,我使用表单身份验证。我的Authenticaton代码如下:

public static void Authenticate(bool redirectToPage, ISecurityUser user, params string[] roles)
    {
        FormsAuthentication.Initialize();
        GenericIdentity id = new GenericIdentity(user.UserName);
        ExtendedPrincipal principal = new ExtendedPrincipal(id, user, roles);
        //ExtendedPrincipal principal = new ExtendedPrincipal(id, user, new string[] { "1" });

        string compressedPrincipal = ConvertPrincipalToCompressedString(principal);

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(30), true, compressedPrincipal, FormsAuthentication.FormsCookiePath);

        string hash = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

        //cookie.HttpOnly = false;
        //cookie.Expires = DateTime.Now.AddMinutes(30);

        HttpContext.Current.Response.Cookies.Add(cookie);

        if (redirectToPage)
        {
            HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, true));
        }
    }

用户对象包含FirmID和DealerID属性。登录到应用程序后,我可以从应用程序中替换FirmID和DealerID。更改过程后,将运行此代码:

public static void RefreshIdentitiy(ISecurityUser user)
    {
        HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
        HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

        ExtendedPrincipal principal = ConvertCompressedStringToPrincipal(ticket.UserData);
        principal.BindProperties(user);

        FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
        ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
        ticket.IsPersistent, ConvertPrincipalToCompressedString(principal), ticket.CookiePath);

        cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newticket));

        HttpContext.Current.Response.Cookies.Add(cookie);            
    }

我的问题是:当我从第二页打开应用程序时,第二页的cookie会破坏第一页。因此,第一页的FirmID和DealerID也会更改。

当我从第二页打开应用程序时,我不希望cookie粉碎另一个。我该怎么办这个问题?

1 个答案:

答案 0 :(得分:0)

你应该在你的所有页面上做这样的事情:

if(Request.Cookies[FormsAuthentication.FormsCookieName]!=null)
{
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

        cookie.HttpOnly = false;
        cookie.Expires = DateTime.Now.AddMinutes(30);

        HttpContext.Current.Response.Cookies.Add(cookie);
}

修改 我的目的是确保每次进入新页面时都不会覆盖您的cookie

相关问题
最新问题