问题
Visual studio 2013, Asp.net Identity 2.1.0
My log in page (generated by vs2013 by default),
(1) sometimes I can log in
(2) sometimes I fail to login. when fail to login, they staying on login page, but with "?ReturnUrl=..." at the end of url. Open two browser at the time, say one is IE and another is Chrome, then I find Chrome succeed and IE failed.
when I log in successfully, I saw this on response header by using Fiddler:
Set-Cookie: .AspNet.ApplicationCookie=MlpChRy8gmGaxxIAo9EFbGrWf4J3mm...._BqMFEFHGuu8fiCNrVvy3LzygcNxlM7snKm9-F-zYrskb4; path=/; HttpOnly
Set-Cookie: .AspNet.ExternalCookie=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: .AspNet.TwoFactorCookie=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
but when I fail to log in, I don't see these.
(3) then other times, I get this exception:
system.Web.HttpException (0x80004005): Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
but I've tried put in web.config; our system admin also guaranteed me that we are using the same machinekey on servers of our web farm.
I never have any of those above problems on my local box, it only happens on our test and beta servers. It happens very frequently on beta server; never happened on test server before, but now it happens all the time. Another developer sometimes have problem (2) on his box.
What is the problem here? I've been frustrated for several days now. I feel it's IIS issue - since it never happen on my machine (another developer can have different IIS on his box compared to mine).
回答1:
After several days of working with developer team, and system administrators checking web server settings, we finally get this to work.
This is a bug in Asp.net Identity.
To solve the problem, add a dummy session before you authenticate user. so in the Page_Load() function of Login.aspx.cs, add something like this:
Session["DummySession"] = "DummySession";
And all problem magically goes away.
The original post that gave us the idea: ASP.NET_SessionId + OWIN Cookies do not send to browser
来源:https://stackoverflow.com/questions/26520722/intermittently-fail-to-log-in-with-asp-net-identity-2