CSharp - C# MVC4设置窗体身份验证票证中的自定义用户数据会导致窗体身份验证cookie不被设置?

  显示原文与译文双语对照的内容

我的旧版MVC4应用程序使用表单身份验证。 尝试创建以下自定义FormsAuthenticationTicket时,将在响应中返回 cookie,但不会由浏览器设置。 注意,我正在尝试在cookie中存储一个OpenID连接 id_token,依赖 FormsAuthenticationTicket 类提供的加密。


//Yes you can decode it - it's just test data


string idToken ="eyJhbGciOiJSUzI1NiIsImtpZCI6IjA1M2JjYTgzNzZmZjhlNTM5MWVkYzMxYWJkMjU5YzBjIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MDc1ODExMjcsImV4cCI6MTUwNzU4MTQyNywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjoiaW1wbGljaXQiLCJub25jZSI6IjE1MDc1ODExMjA5MDMwMDQ0MDUzNDkzNjk3ODUzMTYiLCJpYXQiOjE1MDc1ODExMjcsImF0X2hhc2giOiJVWm5SeU1pXzVyUEN6NWduYmt5c09BIiwic2lkIjoiOTExYjI1OGQ5OGNiYzRlYzVkYTFiNmFkYzhiMmRjNTUiLCJzdWIiOiIxIiwiYXV0aF90aW1lIjoxNTA3NTgxMTI3LCJpZHAiOiJsb2NhbCIsIm5hbWUiOiJ4Iiwid2Vic2l0ZSI6Imh0dHBzOi8vYWxpY2UuY29tIiwicm9sZSI6ImFkbWluIiwibW9kZWxBY2Nlc3MiOlsiMTIzNCIsIjU2NzgiXSwiY29ubmVjdGlvblN0cmluZyI6InNvbWVNb2RlbENvbm5lY3Rpb25TdHJpbmciLCJhbXIiOlsicHdkIl19.SwTIU1dP1FifCcXVNHkbIGshQiGIjfaa7UAWOrtqKb-FqMMrkvJx_Wa3W19r6NeNwc8mo2go6AFwwu_WM0TF1VJBO1pfmvX35oKgjdTTSqrSmMo5R9_rcywm5YKwVYzmvDqRjPfhZksXkIOuTIk3JOemLrKqw6VIHPyFYV6ZYSK6ZxTpxx50Yz90MmEOBDsTc0GZpQbeZmzyDkBe-iD9uVnlPN2UHz_UuMF__yfmzjGROKLpvem36TKSMa1mEJE7DVxJkexmbxQe3CVwZeIU3iPKloabSReaLCJLqINeI0ikGa4x6PbgfjiP1TPVhIP6i8zUp47lSavGgyy0XVFGtQ";



FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(


 1,


 model.UserName,


 DateTime.Now,


 DateTime.Now.AddDays(30),


 true,


 idToken,


 FormsAuthentication.FormsCookiePath);


//Encrypt the ticket.


string encTicket = FormsAuthentication.Encrypt(ticket);


this.Response.Cookies.Add(new HttpCookie("TEST", encTicket));



开始我觉得这可能是因为长度。 但是我读了一个cookie最大长度为 4096字节。 idToken 只有 983字节。

有趣的是,如果我使数据更小的( 将 idToken 更改为 684字节),所有。 这是一个正常工作的例子:


//Shortened the idToken (for the sake of the example)


string idToken ="eyJhbGciOiJSUzI1NiIsImtpZCI6IjA1M2JjYTgzNzZmZjhlNTM5MWVkYzMxYWJkMjU5YzBjIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1MDc1ODExMjcsImV4cCI6MTUwNzU4MTQyNywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjoiaW1wbGljaXQiLCJub25jZSI6IjE1MDc1ODExMjA5MDMwMDQ0MDUzNDkzNjk3ODUzMTYiLCJpYXQiOjE1MDc1ODExMjcsImF0X2hhc2giOiJVWm5SeU1pXzVyUEN6NWduYmt5c09BIiwic2lkIjoiOTExYjI1OGQ5OGNiYzRlYzVkYTFiNmFkYzhiMmRjNTUiLCJzdWIiOiIxIiwiYXV0aF90aW1lIjoxNTA3NTgxMTI3LCJpZHAiOiJsb2NhbCIsIm5hbWUiOiJ4Iiwid2Vic2l0ZSI6Imh0dHBzOi8vYWxpY2UuY29tIiwicm9sZSI6ImFkbWluIiwibW9kZWxBY2Nlc3MiOlsiMTIzNCIsIjU2NzgiXSwiY29ubmVjdGlvblN0cmluZyI6InNvbWVNb2RlbENvbm5lY3Rpb25TdHJpbmciLCJhbXIiOlsicHdkIl19.SwTIU1dP1FifCcXVNHkbIGshQiGIjfaa7UAWOrtqKb-";



FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(


 1,


 model.UserName,


 DateTime.Now,


 DateTime.Now.AddDays(30),


 true,


 idToken,


 FormsAuthentication.FormsCookiePath);


//Encrypt the ticket.


string encTicket = FormsAuthentication.Encrypt(ticket);


//Create the cookie.


this.Response.Cookies.Add(new HttpCookie("TEST", encTicket));



我正在对数据进行解密,如下所示:


HttpCookie cookie = HttpContext.Current.Request.Cookies["TEST"];


if (cookie!= null)


{


 Debug.WriteLine("Found Cookie Application_PostAuthenticateRequest");



//Get the forms authentication ticket.


 FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cookie.Value);


 if (authTicket == null)


 {


 Debug.WriteLine("auth ticket was null");


 }


 else


 {


 Debug.WriteLine("printing auth ticket");


 Debug.WriteLine(authTicket.UserData);


 }


}


else


{


 Debug.WriteLine("No Cookie Application_PostAuthenticateRequest");


}



为什么第一个示例不工作,尽管cookie处于最大限制下?

时间: 原作者:

问题是,加密之后,数据已经过大。 你必须限制放入 FormsAuthenticationTicket 中的数据量。 如果你在限制范围内,一切都会正常工作。

原作者:
...