Asp.net Forms Authentication Cookie Issue

允我心安 提交于 2019-12-11 13:20:02

问题


I am running into a weird issue when publishing to a staging server in Azure. Within this deployment I have a single web application using SQL membership. When I attempt to log in via my login page I am redirected back to the login page. This is a .NET 4.0 application.

Using Firebug's network panel I can see that when I hit enter the form is posted and the response header has a set-cookie attribute for my authentication ticket. It shows up twice.

.ASPXAUTHTEST=27D254F0AEEACB.........; domain=cloudapp.net; expires=Thu, 05-Jun-2014 05:29:24 GMT; path=/; HttpOnly

When the form is posted the cookie is set and I see in Firebug that I redirected to my default URL. When I hit the default URL the cookie isn't present so I'm logged off immediately.

This is the configuration I am using.

<authentication mode="Forms">
      <forms cookieless="UseCookies" enableCrossAppRedirects="false" loginUrl="~/Default.aspx" name=".ASPXAUTHTEST" slidingExpiration="true"
        timeout="360" requireSSL="true" defaultUrl="~/Application/Index.aspx" protection="All" path="/" domain="cloudapp.net"/>
</authentication>

The weird thing is that I have the same deployment in Production and it works correctly. I have tried re-deploying the entire instance again (new VM etc). This hasn't worked. I also tried deploying to a new OS version thinking but that didn't work.

I have added some logging code to see what is happening but it leads me to the same conclusion as Firebug, the cookie is not being set in the browser. It's not browser related as I have tried Chrome and IE as well.

I recently upgraded from Azure SDK 1.6 to 2.1.

Does anyone have any suggestions?


回答1:


After further research I believe the cause can be attributed to Mozilla's Public Suffix List and the browsers that use them to restrict cookies on certain domains. The site worked on IE and Safari.

When I changed:

domain="cloudapp.net"

to

domain="{guid}.cloudapp.net"

it works for all browsers.

This StackOverflow response summarizes it.

You can also head to the Public Suffix List site.



来源:https://stackoverflow.com/questions/24049346/asp-net-forms-authentication-cookie-issue

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!