在具有基于表单的身份验证的应用程序，我有以下验证事件处理程序标准ASP.NET登录控件。

On an application that has form based authentication, I have a standard ASP.NET Login control with the following Authenticate event handler.

void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
    if (Security.AuthenticateUser(Login.UserName, Login.Password))
    {
        e.Authenticated = true;
        RedirectFromLoginPage(Login.UserName);
    }
    else
    {
        e.Authenticated = false;
    }
}

在RedirectFromLoginPage功能是这样的：

The RedirectFromLoginPage function goes like this :

private void RedirectFromLoginPage(String username)
{
    String returnUrl = GetReturnUrl();
    FormsAuthentication.SetAuthCookie(username, true, "/");
    Response.Redirect(returnUrl, true);
}

这工作正常，在99％的情况下。不过，我有时会收到来自人谁不能登录的电话支持服务，他们将进入他们的凭据，得到重定向到主页（这是当一切工作正常会发生什么），但他们不会被登录。

This works fine in 99% of cases. However, I sometimes get support calls from people who can't log in. They will enter their credentials, get redirected back to the home page (which is what happens when everything works fine) but they won't be logged in.

搞清楚它可能是一个cookie的问题，我试图通过设置我的隐私选项阻止所有Cookie来重现问题在我的环境，我能够重现问题。该SetAuthCookie函数被调用，而是在下一个页面加载 HttpContext.Current.User.Identity.IsAuthenticated 返回false。

Figuring it might be a cookie problem, I tried to reproduce the problem in my environment by setting my privacy options to "Block All Cookies" and I was able to reproduce the problem. The SetAuthCookie function is called, but on the next page load HttpContext.Current.User.Identity.IsAuthenticated returns false.

在我的web.config中，身份验证设置像这样：

In my web.config, the authentication is set like so :

<authentication mode="Forms">
  <forms loginUrl="..." timeout="180" cookieless="AutoDetect"/>
</authentication>

阅读有关自动检测和SetAuthCookie MSDN上的文档，我得到的：

Reading the documentation on MSDN about AutoDetect and SetAuthCookie, I got that :

自动检测指定饼干   使用时，如果设备简档支撑   曲奇饼;否则，cookie不是   used.For桌面浏览器是   已知支持Cookie，一个探测   机构将被用于尝试使用   饼干，当启用。如果设备   不支持cookie，没有探测   机构将被使用。

AutoDetect Specifies that cookies are used, if the device profile supports cookies; otherwise, cookies are not used.For desktop browsers that are known to support cookies, a probing mechanism will be used to try to use cookies, when enabled. If a device does not support cookies, no probing mechanism will be used.

FormsAuthentication.SetAuthCookie：   创建身份验证票   所提供的用户名，然后将它   的Cookies集合   对此，使用附送的饼干   路径，或使用URL，如果你是   使用Cookie的身份验证。

FormsAuthentication.SetAuthCookie : Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, using the supplied cookie path, or using the URL if you are using cookieless authentication.

我想到了，在我的情况下，就对已使用Cookie的身份验证，但它不是（我重定向后看不到的查询字​​符串反正东西）。

I would of thought that in my scenario, cookieless authentication would of been used but it isn't (I don't see anything in the QueryString after the redirect anyway).

如果我设置的RedirectFromLoginPage功能，断点和测试一些价值我得到：

If I set a breakpoint in the RedirectFromLoginPage function and test some values I get :

bool cookieSupport = Request.Browser.Cookies; //"true"
bool redirectWithCookies = Request.Browser.SupportsRedirectWithCookie; //"true"
HttpCookieMode currentMode = FormsAuthentication.CookieMode; //"AutoDetect"

我不知道，如果Request.Browser.Cookies意味着这里是真还是假。浏览器不支持cookies，但他们都阻挡......

I'm not sure if the Request.Browser.Cookies is meant to be true or not here. The browser does support cookies, but they are all blocked...

不管怎样，我得遥控器一台机器，问题就发生在几分钟。隐私设置被设定为介质，它应该一直是能够接受cookies。这是一个标准的Win7 / IE8设置。我尝试添加该网站用户的信任区域，通过HTTPS登录，但没有奏效。其他问题的设置是相似的（没有什么突出的机器和用户告诉我，他们已经在其他网站上没有问题）

Anyway, I got to remote for a few minutes on a machine where the problem was happening. The privacy settings were set to medium so it should of been able to accept cookies. It was a standard Win7 / IE8 setup. I tried adding the website to the user's trusted zone, to login via https but it didn't work. Other problem setups were similar (nothing really stands out with the machines and the users tell me they have no problems on other websites)

那么，我做错了什么？

推荐答案

一个类似的问题发生了我。但它仅适用于Internet Explorer 8的一些研究之后，我想通了IE8的运行在默认情况下cookiless模式。所以，我在web.config中改变了这一行： ＆LT;形式loginUrl =...超时=180无Cookie =自动检测/＆GT; 来 ＆LT;形式loginUrl =...超时=180无Cookie =UseUri/＆GT; ，并能正常工作。

A similar problem occured for me. But it was only for Internet Explorer 8. After some research, I figured that IE8 runs on cookiless mode by default. So, I changed this line in web.config: <forms loginUrl="..." timeout="180" cookieless="AutoDetect"/> to <forms loginUrl="..." timeout="180" cookieless="UseUri"/>, and it works fine.