ASP.Net窗体身份验证注销用户10分钟后窗体、身份验证、用户、分钟后
我有。不管我怎么努力,用户正在10分钟后注销一个非常糟糕的问题。
I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes.
我使用ASP.Net 2.0 Server 2003 R2标准版上运行IIS 6.0上运行的所有适用的更新和.Net虚拟服务器3.5 SP1。
I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1.
该客户端的Internet Explorer 7.0
The client is Internet Explorer 7.0
下面是web.config设置:
Below are the web.config settings:
<!-- Authentication Mode -->
<authentication mode="Forms">
<forms name=".RecipeViewer" timeout="240" />
</authentication>
下面是一个用于设置授权cookie中的code:
Below is the code used to set the authorization cookie:
Private Sub SetCookie(userName)
' Use security system to set the UserID within a client-side Cookie
Dim ticket As New FormsAuthenticationTicket(1,userName, DateTime.Now, DateTime.Now.Add(Me.GetFormsAuthSettings.Forms.Timeout), True, String.Empty, FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)
cookie.HttpOnly = True
If (ticket.IsPersistent) Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
' Redirect browser back to originating page
Response.Redirect(Request.ApplicationPath)
End Sub
Private Function GetFormsAuthSettings() As System.Web.Configuration.AuthenticationSection
Return DirectCast(System.Configuration.ConfigurationManager.GetSection("system.web/authentication"), System.Web.Configuration.AuthenticationSection)
End Function
我是previously使用FormsAuthentication.SetAuthCookie以及甚至还试图在FormsAuthentication.RedirectFromLoginPage方法,但这些均具有相同的结果,这就是为什么我最后做的硬饼干实现,它是内部完成(通过观看反射镜)的FormsAuthentication类一样。
I was previously using the FormsAuthentication.SetAuthCookie as well as even trying the FormsAuthentication.RedirectFromLoginPage methods, but these both had the same result, which is why I ended up doing the hard cookie implementation that is done internally (via viewing in Reflector) that the FormsAuthentication class does.
问题是不会可重复执行在Visual Studio 2008 asp.net托管环境中或在IIS 7.0。
The issue is NOT reproduceable in the Visual Studio 2008 asp.net hosting environment or in IIS 7.0.
修改:Cookie的启用,即使托管网站已被添加为受信任的站点
EDIT: Cookies are enabled, even the hosted site has been added as a trusted site.
修改:谷歌Chrome和Firefox没有这个问题。
EDIT: Google Chrome and Firefox do not have this issue.
修改:已验证Cookie的目标机器上设置4小时后按设定(超时= 240分钟)过期
EDIT: Verified Cookie on target machine is set to expire after 4 hours as per the setting (timeout = 240 minutes).
修改:作为众议院说,每个人的所在。用户实际上并没有测试新的code碱基,并打算在pre-构思概念,即软件仍然打破。谢谢大家谁这个话题说。
EDIT: As House says, everyone lies. User did not actually test the new code base and was going on a pre-conceived notion that the software was still broken. Thank you to everyone who replied in this topic.
不关闭本作不再相关,但保持它周围,以帮助人们,因为在这个问题的一些很好的故障排除方法解决问题。
Not closing this for no longer relevant, but keeping it around to help people troubleshoot the issue as there are some really good troubleshooting techniques in this question.
推荐答案
有可能也(一直),该将machineKey未设置,从而被随机产生的每个应用程序被初始化时(这将意味着所述加密认证券将使用新的密钥进行盐腌)。
It could also (have been) that the machinekey was not set and thus being randomly generated every time the app was initialized (which would mean that the encrypted authentication ticket would be salted with a new key).
我用一个网站来为我的应用程序的一个新的machineKey,并把它贴在web.config中:
I use a site to generate a new machinekey for my apps and stick it in the web.config:
http://www.orcsweb.com/articles/aspnetmachinekey.aspx
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<machineKey validationKey='FED01BCB246D3477F5854D60388A701508AD1DF9099BD3CAC3CA4DAF55F7524B8DD3FA03133BBCA381BC1CD639730445968DFA633A97911187EF187456D692F4' decryptionKey='861E7DF7C2D04297EEFAD47FF3B95F54E87CF28D6C2753D8' validation='SHA1'/>
</system.web>
</configuration>
