我不小心跳进了饼干的世界,并试图了解正在发生的事情。我有一个使用FormsAuthentication在Visual Studio 20120 / C#中开发的Web应用程序。当我第一次开发应用程序时,我创建了一些字段存储在身份验证cookie中:personID,firstName和admin,字符串如下所示:777 | Jimmy | 1。从那时起,一切都运作良好。现在我在模糊的末尾添加了第四个字段“secBlur”。当我这样做并尝试检索secBlur的值时,它告诉我数组范围超出范围,因为cookie的早期版本不包含此字段......这是有意义的。我花了几天时间试图重写我的cookie的有效性检查,我以为我已经弄明白了。但是,当我将新的userData字符串写入cookie时,它似乎没有这样做。我的代码如下,我将尝试介绍我正在做的事情......
在我的母版页的page_load中,我正在做的第一件事是调用我创建的cookie类来检查cookie是否是正确的版本:
protected void Page_Load(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
authCookie ac = new authCookie();
ac.validate();
LoginName ct = (LoginName)loginStatus.FindControl("HeadLoginName");
if (ct != null)
{
formValues fv = new formValues();
ct.FormatString = fv.firstName;
}
}
}
我的整个cookie课程如下。在Validate方法中,我正在检查cookie是否存在,然后检查它是否是正确的版本并且userData存在。如果它不是正确的版本或userData不存在,我调用getUserData方法来检索今年的最新信息,创建新票证,将票证存储到cookie中,然后保存cookie。我认为保存cookie的行是问题,但我不确定。
using System;
using System.Data.SqlClient;
using System.Runtime.Remoting.Contexts;
using System.Web;
using System.Web.Security;
using System.Web.UI.WebControls;
namespace DMC.Classes
{
public class authCookie
{
public void cookiePrep(Login LoginUser)
{
string userData = "unknown|unknown";
// Concat the values into a single string to pass into the cookie
userData = getUserData(LoginUser.UserName);
// Create the cookie that contains the forms authentication ticket
HttpCookie authCookie = FormsAuthentication.GetAuthCookie(LoginUser.UserName, LoginUser.RememberMeSet);
// Get the FormsAuthenticationTicket out of the encrypted cookie
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(3,
ticket.Name,
ticket.IssueDate,
ticket.Expiration,
LoginUser.RememberMeSet,
userData,
ticket.CookiePath);
// Manually add the authCookie to the Cookies collection
authCookie.Value = FormsAuthentication.Encrypt(newTicket);
HttpContext.Current.Response.Cookies.Add(authCookie);
string redirUrl = FormsAuthentication.GetRedirectUrl(LoginUser.UserName, LoginUser.RememberMeSet);
if (redirUrl == null)
redirUrl = "../default.aspx";
HttpContext.Current.Response.Redirect(redirUrl);
}
public string getUserData(string userID)
{
string userData = "";
// Grab this user's firstname, personID, and Admin status
string mySQL = "exec get_adBasicInfo @userName";
string cf = System.Configuration.ConfigurationManager.ConnectionStrings["DistrictAssessmentDWConnectionString"].ConnectionString;
SqlConnection connection = new SqlConnection(cf);
SqlCommand command = new SqlCommand(mySQL, connection);
command.Parameters.AddWithValue("@userName", userID);
connection.Open();
SqlDataReader dr = command.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
userData = string.Concat(dr["personID"], "|", dr["firstName"], "|", dr["secBlur"]);
}
dr.Close();
return userData;
}
public void validate()
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
/**********************************************************************************************************************
* Version 3: Added the secBlur field onto the userData string to see if logged in user needs to have sensitive *
* data blurred out (0: Normal; 1: Blur Sensitive Data *
**********************************************************************************************************************/
if ((ticket.Version != 3) || (ticket.UserData == ""))
{
string userData = getUserData(ticket.Name);
FormsAuthenticationTicket newAuthTicket = new FormsAuthenticationTicket(3,
ticket.Name,
ticket.IssueDate,
ticket.Expiration,
ticket.IsPersistent,
userData,
ticket.CookiePath);
authCookie.Value = FormsAuthentication.Encrypt(newAuthTicket);
HttpContext.Current.Response.SetCookie(authCookie);
}
}
}
}
}
此时控件传回我的母版页的load_page函数,并尝试通过调用我的formValues类从cookie中检索用户的firstName:
using DMC.Classes;
using System.Web;
using System.Web.Security;
namespace DMC.Classes
{
public class formValues : System.Web.Services.WebService
{
public string firstName = getFirstName();
public string personID = getPersonID();
public string secBlur = getSecBlur();
private static string getUserDataString(int ix)
{
string retValue = "";
if (HttpContext.Current.Request.IsAuthenticated)
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
if (ticket != null)
{
string[] userData = { "" };
char[] delimiterChar = { '|' };
userData = ticket.UserData.Split(delimiterChar);
retValue = userData[ix];
}
}
}
return retValue;
}
private static string getFirstName()
{
string firstName = getUserDataString(1);
return firstName;
}
private static string getPersonID()
{
string personID = getUserDataString(0);
return personID;
}
private static string getSecBlur()
{
string secBlur = getUserDataString(2);
return secBlur;
}
}
}
在尝试getFirstName时,我在尝试设置retValue时在getUserDataString方法中遇到错误,因为userData数组为空。那么有人可以告诉我哪里出错了吗?
答案 0 :(得分:0)
在我的authCookie课程中,我改变了:
HttpContext.Current.Response.SetCookie(authCookie);
到
HttpContext.Current.Response.Add(authCookie);
我不喜欢这个,因为从我读到的,如果cookie已经存在,这不会覆盖cookie,它只会创建一个副本。但我一直在玩,这是唯一似乎有用的东西。如果有人有更好的解决方案,请分享!!