asp.net 'Remember me' not working anymore with forms authentication
I have two websites with self written membership providers that are hostet on the same server in the same Web in different web-applications and different application pools.
Formerly I had the problem, that I could not log on on both sites together. Thanks to Remy's pos开发者_JS百科t, this works now, I had to add the name
-attribute to the forms
element.
The authentication-attributes in the web.config file look as follows:
<authentication mode="Forms" >
<forms loginUrl="~/UserMgmt/Login.aspx" timeout="400000" slidingExpiration="true" name="NameOfTheSite"/>
</authentication>
Also have I set the cookie name for the forms authetication to different names.
Is there something else that I have to add, so that the remember-me feature works?
Update
I have observed that if I disable encryption and validation for the forms authentication-cookie, the problem is gone. If I either activate encryption, validation or both, the problem occurs newly. I know also, that it's independent of the session-cookie names (they even could be identical). Maybe this information helps someone to figure out what's going on?Update 1
Thanks to Jason Kealey for the solution to this problem. I would never had found it. In the meantime I've found the corresponding information in msdn. In How To: Configure MachineKey in ASP.NET 2.0 in the section "Web Farm Deployment Considerations" is written:If you want to isolate your application from other applications on the same server, place the <machineKey>
in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each application, but duplicate each application's keys across all servers in the farm.
The issue may be that you have validation keys that are automatically generated every time you launch the worker process. The cookie is encrypted, but when you come back a new server-side key is used and thus your cookie cannot be decrypted.
Check out the machineKey section http://msdn.microsoft.com/en-us/library/ff649308.aspx
Here is something that will generate the machineKey section for you http://www.qualitydata.com/products/aspnet-membership/help/configuration/no-machinekey.aspx
Try set the domain name to be sure that the cookie of the remember is set correctly in all cases
<forms path="/" domain="nameof.com" ...the rest
The cookie timeout is also limited by IIS and defaults to something low like 20 min. To change this:
- Open IIS Manager.
- Right click your site and select properties.
- Select the ASP.NET tab and click Edit Configuration.
- Select the Authentication tab.
- Select Enable sliding expiration.
- Set the Cookie timeout to a longer value. To set to 30 days, enter 30.00:00:00.
- Click OK and exit IIS manager.
精彩评论