我正在使用Cookie来传递用户身份验证信息,如this question所示。一切正常,直到我们的团队升级我们的计算机并且现在在Windows 10上。现在我的cookie在global.asax.cs的Application_PostAuthenticateRequest中找不到。
这是我的代码尝试发送cookie:
private void AddUserDataToCookies(User user)
{
var serializeModel = new WebUserSerializeModel
{
FirstName = user.Person.FirstName,
MiddleName = user.Person.MiddleName,
LastName = user.Person.LastName,
CredentialNumber = user.CredentialNumber,
Roles = user.Roles.Select(role => role.Name).ToList(),
Permissions = user.Permissions.Select(perm => perm.PrimaryKey).ToList()
};
var userData = new JavaScriptSerializer().Serialize(serializeModel);
var authTicket = new FormsAuthenticationTicket(1, user.CredentialNumber, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData);
var encryptedTicket = FormsAuthentication.Encrypt(authTicket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
Secure = true,
HttpOnly = true
};
Response.Cookies.Add(cookie);
var requestCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
}
Cookie会显示在请求Cookie中。但是当我尝试使用global.asax时,却没有。我的全球asax代码如下。
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
var cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
try
{
var authTicket = FormsAuthentication.Decrypt(cookie.Value);
if (authTicket != null)
{
var serializer = new JavaScriptSerializer();
var serializeModel = serializer.Deserialize<WebUserSerializeModel>(authTicket.UserData);
var user = new WebUser(serializeModel.FirstName, serializeModel.LastName)
{
MiddleName = serializeModel.MiddleName,
CredentialNumber = serializeModel.CredentialNumber,
Roles = serializeModel.Roles,
Permissions = serializeModel.Permissions
};
HttpContext.Current.User = user;
}
}
catch (CryptographicException ex)
{
Logger.Error("Error while decrypting cookie post authentication.", ex);
FormsAuthentication.SignOut();
HttpContext.Current.User = null;
}
}
}
有没有人有任何想法为什么更改到Windows 10可能导致此问题?我对ASP.NET和Web开发有点新手。
编辑 - 在创建我的cookie时删除Secure = true我能够让它工作。在我添加答案之前,我正在调查为什么会这样,我欢迎任何见解。
答案 0 :(得分:0)
正如我在编辑中所提到的,问题是在创建我的cookie时将Secure设置为true但我在本地运行时没有启用SSL,不像我想的那样,在我的旧工作站上。我的控制器中的代码目前看起来像:
private void AddUserDataToCookies(User user)
{
var serializeModel = new WebUserSerializeModel
{
FirstName = user.FirstName,
MiddleName = user.MiddleName,
LastName = user.LastName,
CredentialNumber = user.CredentialNumber,
Roles = user.Roles,
Permissions = user.Permissions
};
var userData = new JavaScriptSerializer().Serialize(serializeModel);
var authTicket = new FormsAuthenticationTicket(1, user.CredentialNumber, DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.Minutes), false, userData, FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(authTicket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = true
};
if (Request.IsLocal)
{
cookie.Secure = false;
}
Response.Cookies.Add(cookie);
}
离开Request.IsLocal有点难看但现在还不错,直到我们决定是否要在本地为每个人实施SSL。
至少这是一个简单的解决方法。