开发者

FormsAuthentication: UserData lost (but in Cookie)

  • Asp.Net MVC 3
  • FormsAuthentication (custom)
  • iPad MobileSafari
  • iframe (same domain)

After struggling with formsTicket.UserData not working with MobileSafari (ONLY MoblieSafari), I found out, that httpContext.User.Identity.Ticket.UserData is empty (in MobileSafari, not the others) and the original FormsAuthentication HttpCookie contains the right values?!?

How can that be?!

Code:

public void UpdateContext()
{
    if (httpContext.User.Identity is FormsIdentity)
    {
        // Get Forms Identity From Current User
        FormsIdentity id = (FormsIdentity)httpContext.User.Identity;
        // Create a custom Principal Instance and assign to Current User (with caching)
        HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthe开发者_Python百科ntication.FormsCookieName);
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

        var cookieUserData = ticket.UserData; // not empty
        var httpContextIdentiyUserData = id.Ticket.UserData; // empty!
        ...
    }
}

Any clue would be helpful!

Lg

Warappa

PS: If it matters, I use a page of my website in an iframe - same domain.


So the issue was the following:
This error arose when I logged out and accessed a page that did a history.back().

Looking at the traffic with Fiddler I saw, that Asp.Net used the cookieless authentication mode, so the authentication was encoded into the url. Now, when the history.back() occurred, the url pointed to the Logout url with the now invalid authentication information... nasty bug at my side.

Forcing Asp.Net to use cookies did the trick!

Lg
warappa

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜