开发者

A Problem About Shared Form Authentication Cookie On Multiple Pages

问答 作者:

In my application I use form authentication. My Authenticaton code is below:

public static void Authenticate(bool redirectToPage, ISecurityUser user, params string[] roles)
    {
        FormsAuthentication.Initialize();
        GenericIdentity id = new GenericIdentity(user.UserName);
        ExtendedPrincipal principal = new ExtendedPrincipal(id, user, roles);
        //ExtendedPrincipal principal = new ExtendedPrincipal(id, user, new string[] { "1" 开发者_Python百科});

        string compressedPrincipal = ConvertPrincipalToCompressedString(principal);

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(30), true, compressedPrincipal, FormsAuthentication.FormsCookiePath);

        string hash = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

        //cookie.HttpOnly = false;
        //cookie.Expires = DateTime.Now.AddMinutes(30);

        HttpContext.Current.Response.Cookies.Add(cookie);

        if (redirectToPage)
        {
            HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, true));
        }
    }

The user object contains FirmID and DealerID properties. After I login to application, I can replace FirmID and DealerID from the app. After changing process this code is runned:

public static void RefreshIdentitiy(ISecurityUser user)
    {
        HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
        HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

        ExtendedPrincipal principal = ConvertCompressedStringToPrincipal(ticket.UserData);
        principal.BindProperties(user);

        FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
        ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
        ticket.IsPersistent, ConvertPrincipalToCompressedString(principal), ticket.CookiePath);

        cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newticket));

        HttpContext.Current.Response.Cookies.Add(cookie);            
    }

My problem is that: When I open the app from second page, cookie of second page crushes the first page's. So FirmID and DealerID of first page is also changed.

When I open app from second page, I don't want cookie to crush another. What can I do about this issue?

you should do something like this on all your pages:

if(Request.Cookies[FormsAuthentication.FormsCookieName]!=null)
{
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

        cookie.HttpOnly = false;
        cookie.Expires = DateTime.Now.AddMinutes(30);

        HttpContext.Current.Response.Cookies.Add(cookie);
}

Edit My aim is to make sure you are not overwrite your cookies every time you go to a new page

继续阅读:asp.netauthenticationcookiesforms-authentication

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9