我有ASP.NET应用程序,在开发环境中可以完美运行。登录可在Firefox,IE和Chrome上使用。Firefox开发环境中的请求如下所示:
POST请求:
POST /MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName%2f
Content-Type: application/x-www-form-urlencoded
Content-Length: 171
Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=bQmz8xMlE-u9e0iKr3vtXpCDqo8FpQkcgPzN3cdw2xp73M8SoV_WTwFG5IIY1JEQlHJ-ZHd8h5z_f75FO4nkEcGRhP6e9HBE64rjsGCEVV81
Connection: keep-alive
Upgrade-Insecure-Requests: 1
和回应:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /MyServiceName/
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: .ASPXAUTH=7D3D9E88072745F5AD2B5FCE038F0A794EF6590F9877A65255A63F124CE4FC3EE0309A03F3ACE9C7C5C39E51050F4009A32558D0FE94F673D7B8D5FEA6E6E2E22BEFF862255B50DFC9B6AC2637C8F04918ECCAD0DD63B29CFCD8B4E9BA4DD898C35C7F7CA8E3BB33DA943CD4A45D80F4F24A1E9EF01829B7258C9195FC977B96; expires=Fri, 28-Sep-2018 09:05:12 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Fri, 28 Sep 2018 08:35:12 GMT
Content-Length: 128
但是,当我将服务部署到真实服务器中时,无法使用除Chrome之外的任何浏览器登录。Firefox在真实服务器中的请求:
远程主机POST请求:
POST /MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName HTTP/1.1
Host: remhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://remhost/MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName
Content-Type: application/x-www-form-urlencoded
Content-Length: 171
Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=-JG3IFQhCVjOuL_SIf7QD0ot7Fc_Fy9lb8Lii_VkLzGKGWswkOPfG-ZQtxijlFYhDO7jAMRiRcatHWcdlBRw7RXVzkdu5864rWiLNWGHc7KSUwgtwA-W_lJHVm-EmKW9v1zEgESa0oQKZ37i9mHC6g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=nAHU2cD63KJZIjm3a8LHUYlZpQ9YChmou1E1pvMfI5xmQl2iqgbJ9x9iCuTH0lDlmAqoqFd5_bnPS3FsUVkNYwYRcLt-WJozs0kWt_jn0fM1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
和回应:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /MyServiceName
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: .ASPXAUTH=BD46865424CAA946E4AF046436F14C10841E64596BDF9125E721000DA2056C5613D914985ED65A1F3ADF65A322D93156559D2F4B02DFB2F3D4C8CCC5837C90CE29825E578FBA2B5E2B1F6E06DC259FC60210C1DA31A44F861476D49A6FFE318474FEE116867B58898357335914B1E8AD65DFEF8223DABDBB07D7ECBAB990D976; expires=Fri, 28-Sep-2018 07:53:36 GMT; path=/; HttpOnly
Date: Fri, 28 Sep 2018 07:23:36 GMT
Content-Length: 130
Firefox上的GET请求:
GET /MyServiceName HTTP/1.1
Host: remhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://remhost/MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName
Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=-JG3IFQhCVjOuL_SIf7QD0ot7Fc_Fy9lb8Lii_VkLzGKGWswkOPfG-ZQtxijlFYhDO7jAMRiRcatHWcdlBRw7RXVzkdu5864rWiLNWGHc7KSUwgtwA-W_lJHVm-EmKW9v1zEgESa0oQKZ37i9mHC6g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=nAHU2cD63KJZIjm3a8LHUYlZpQ9YChmou1E1pvMfI5xmQl2iqgbJ9x9iCuTH0lDlmAqoqFd5_bnPS3FsUVkNYwYRcLt-WJozs0kWt_jn0fM1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
在Firefox上获取响应:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 28 Sep 2018 07:46:51 GMT
Content-Length: 170
适用于远程服务器的Google Chrome浏览器:POST登录:
curl 'http://remhost/MyServiceName/Account/Login' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Origin: http://remhost' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Save-Data: on' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'Referer: http://remhost/MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7' -H 'Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41' --data '__RequestVerificationToken=eUURMtLNSgIi4SgyID5CJZchnns9yTjK039Z1FFcA7TAQjjZ1wvblnKeseCe7UJu6zclcA3NgZ2rBZnABMGn54maEDhfe5W-kk-mjGeIGIk1&UserName=user&Password=password' --compressed
请求标头:
POST /MyServiceName/Account/Login HTTP/1.1
Host: remhost
Connection: keep-alive
Content-Length: 171
Cache-Control: max-age=0
Origin: http://remhost
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Save-Data: on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://remhost/MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F
Accept-Encoding: gzip, deflate
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41
响应头:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /MyServiceName/
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: .ASPXAUTH=33BF43D6803B985EB87EEF8AC1301B63F7A8406ADC73ACED15D3F5737AF883F49D3F64AB979E234A550D554C55B570DAF23AC8FF5A91D8517D70C2E6149341A2DD2F35CFC7B5487141A28099A927C5D971A4C954A2669A8A3E6500E0B762402A366850B5A6F1330740ADB958E43F0044D577AD4E70D517B682AFCA55F9A7482E; expires=Fri, 28-Sep-2018 07:30:09 GMT; path=/; HttpOnly
Date: Fri, 28 Sep 2018 07:00:09 GMT
Content-Length: 131
GET MyServiceName/:
curl "http://remhost/MyServiceName/" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Upgrade-Insecure-Requests: 1" -H "Save-Data: on" -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8" -H "Referer: http://remhost/MyServiceName/Account/Login?ReturnUrl=^%^2FMyServiceName^%^2F" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7" -H "Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41; .ASPXAUTH=33BF43D6803B985EB87EEF8AC1301B63F7A8406ADC73ACED15D3F5737AF883F49D3F64AB979E234A550D554C55B570DAF23AC8FF5A91D8517D70C2E6149341A2DD2F35CFC7B5487141A28099A927C5D971A4C954A2669A8A3E6500E0B762402A366850B5A6F1330740ADB958E43F0044D577AD4E70D517B682AFCA55F9A7482E" --compressed
Request header:
GET /MyServiceName/ HTTP/1.1
Host: remhost
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Save-Data: on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://remhost/MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F
Accept-Encoding: gzip, deflate
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41; .ASPXAUTH=33BF43D6803B985EB87EEF8AC1301B63F7A8406ADC73ACED15D3F5737AF883F49D3F64AB979E234A550D554C55B570DAF23AC8FF5A91D8517D70C2E6149341A2DD2F35CFC7B5487141A28099A927C5D971A4C954A2669A8A3E6500E0B762402A366850B5A6F1330740ADB958E43F0044D577AD4E70D517B682AFCA55F9A7482E
Response header:
HTTP/1.1 200 OK
Cache-Control: private, s-maxage=0
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 28 Sep 2018 07:00:09 GMT
Content-Length: 4619
Response:
<!DOCTYPE html>
<html lang="en">
<!-- Here is my html when user logged in -->
</html>
The problem seem to be in second GET. On development env it returns status 200 OK
, and on real server 302 Found
.
Authentication is done thru ASP.NET Simple Membership.
Login POST action:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
string errorMsg = "The user name or password provided is incorrect.";
if (Roles.IsUserInRole(model.UserName, "Disabled"))
{
errorMsg = "Your account has been disabled. Contact administrator for more info.";
}
else if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, true))//persistCookie: false))
{
accountService.AddLogin(model.UserName);
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", errorMsg);
return View(model);
}
private ActionResult RedirectToLocal(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
I have checked login status from server database. The user login was done correctly, and user status is logged in, though Firefox still displays login page as if user is not logged. I think the problem is in redirection somewhere.
Any ideas why? The web.config file is same except database connection settings on both systems. it's same ISS 7.5 on both computers. So what else might be the reason?
One more interesting thing. From the same remote computer where service is run Firefox also works OK. So My problem for remote sessions only.
UPDATE: Seems I found the root cause here. But I have no idea yet how to fix it in scope of my code
If the third does not have time to finish before redirect, it might be so, that only remote sessions fail. Agree?
In web.config I have:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="30" slidingExpiration="true" />
</authentication>
From you web config <authentication mode="Forms">
, I can deduct you are using forms authentication.
Try these two things:
Set up default url in forms authentication setting like :
<authentication mode="Forms"> <forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="30" slidingExpiration="true" defaultUrl="~/Home/Index"/> </authentication>
For redirecting after authentication, instead of using return RedirectToAction("Index", "Home");
or return Redirect(returnUrl);
use FormsAuthentication.RedirectFromLoginPage
method like:
if (Membership.ValidateUser(userName, password) == true)
{
FormsAuthentication.SetAuthCookie(userName, false);
FormsAuthentication.RedirectFromLoginPage(userName, false);
}
It Redirects an authenticated user back to the originally requested URL or the default set in the config.
有关更多信息和此方法的替代,请参考:
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句