我有一個GUI,當我登錄時,我創建一個cookie並加密它。 我使用SSL。Cookie默認情況下不安全但安全的SSL
我簽入的Login.aspx頁面如果cookie是安全的,它是。 但是在轉到默認頁面之前,它會轉到Global.ascx頁面。
在這裏,它得到的cookie並解密它的默認頁面的Application_AuthenticateRequest ..
現在我知道,這是獲得相同的cookie所有其他屬性,這些屬性在登錄創建的一個匹配。 aspx頁面的安全值是「False」。
這是默認在所有其他網頁的情況。 cookie.secure的值爲false。
請幫我爲什麼會這樣,因爲我希望所有的網頁是通過SSL安全。
而且頁面被打開的HTTPS而不是http。
這裏是我的web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="copiunGUI" slidingExpiration="true" timeout="120" path="/" requireSSL="true" protection="All">
</forms>
</authentication>
<httpCookies requireSSL="true"/>
<authorization>
<deny users="?"/>
</authorization>
我global.aspx代碼
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
// Extract the forms authentication cookie
string redirectSecureUrl = Request.Url.ToString();
new GUIUtility().LogMessageToFile(redirectSecureUrl);
string cookieName = FormsAuthentication.FormsCookieName.ToString();
HttpCookie authCookie = Context.Request.Cookies[cookieName];
try
{
new GUIUtility().LogMessageToFile(cookieName + authCookie.Secure + authCookie.Name + authCookie.Expires + authCookie.Path);
}
catch (Exception)
{
//
}
if (null == authCookie)
{
try
{
new GUIUtility().LogMessageToFile("authCookie = null");
}
catch (Exception)
{
//
}
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch (Exception)
{
// Log exception details (omitted for simplicity)
return;
}
if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned a
// pipe delimited string of role names.
string[] roles = authTicket.UserData.Split(new char[] { '|' });
// Create an Identity object
FormsIdentity id = new FormsIdentity(authTicket);
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
}
在我的login.aspx頁面的代碼
// Create the authentication ticket
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
if (authCookie.Secure)
{
new GUIUtility().LogMessageToFile("The cookie is secure with SSL." + authCookie.Name + authCookie.Expires + authCookie.Path);
}
//authCookie.Secure = FormsAuthentication.RequireSSL;
// Add the cookie to the outgoing cookies collection.
HttpContext.Current.Response.Cookies.Add(authCookie);
// Redirect the user to the originally requested page
string goToPath = FormsAuthentication.GetRedirectUrl(UserName.Text, true);
new GUIUtility().LogMessageToFile(goToPath);
//here the value of gotoPath is /Default.aspx
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text,false));
所以在登錄頁面我有功能 「串goToPath = FormsAuthentication.GetRedirectUrl(UserName.Text,TRUE);」值是/Default.aspx這是一個絕對路徑...然後我重定向它..它到達global.ascx頁面,我首先檢查URL「字符串redirectSecureUrl = Request.Url.ToString();」這裏的值是 「https://Default.aspx」..所以在我無法弄清楚爲什麼cookie從安全登錄到不安全的global.aspx ...任何建議..謝謝 – user175084 2010-08-12 03:06:44