问题
I am running into a weird issue when publishing to a staging server in Azure. Within this deployment I have a single web application using SQL membership. When I attempt to log in via my login page I am redirected back to the login page. This is a .NET 4.0 application.
Using Firebug's network panel I can see that when I hit enter the form is posted and the response header has a set-cookie attribute for my authentication ticket. It shows up twice.
.ASPXAUTHTEST=27D254F0AEEACB.........; domain=cloudapp.net; expires=Thu, 05-Jun-2014 05:29:24 GMT; path=/; HttpOnly
When the form is posted the cookie is set and I see in Firebug that I redirected to my default URL. When I hit the default URL the cookie isn't present so I'm logged off immediately.
This is the configuration I am using.
<authentication mode="Forms">
<forms cookieless="UseCookies" enableCrossAppRedirects="false" loginUrl="~/Default.aspx" name=".ASPXAUTHTEST" slidingExpiration="true"
timeout="360" requireSSL="true" defaultUrl="~/Application/Index.aspx" protection="All" path="/" domain="cloudapp.net"/>
</authentication>
The weird thing is that I have the same deployment in Production and it works correctly. I have tried re-deploying the entire instance again (new VM etc). This hasn't worked. I also tried deploying to a new OS version thinking but that didn't work.
I have added some logging code to see what is happening but it leads me to the same conclusion as Firebug, the cookie is not being set in the browser. It's not browser related as I have tried Chrome and IE as well.
I recently upgraded from Azure SDK 1.6 to 2.1.
Does anyone have any suggestions?
回答1:
After further research I believe the cause can be attributed to Mozilla's Public Suffix List and the browsers that use them to restrict cookies on certain domains. The site worked on IE and Safari.
When I changed:
domain="cloudapp.net"
to
domain="{guid}.cloudapp.net"
it works for all browsers.
This StackOverflow response summarizes it.
You can also head to the Public Suffix List site.
来源:https://stackoverflow.com/questions/24049346/asp-net-forms-authentication-cookie-issue