multiple web application host under the same website on IIS (authentication mode)

第一种方式,修改forms的name

how to set the forms authentication cookie path

 assume you have already solved this issue somehow, but since I stumbled upon this question I thought I should add my few cents.

To solve the issue use different cookie names in web.config. Something like:

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_FOO"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

and

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_BAR"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

 

第二种方式,修改forms的path,并且加上domain(必须添加)  (forms的name是保持一致的)

需要注意的是,监视cookie的时候,每一个页面的cookie是独立的,需要分别用F12查看。

The name of forms keep the same, they have different path,(although the domains are the same but must set it)
<authentication mode="Forms">
<forms loginUrl="CMSPages/LISA_logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="1440" slidingExpiration="true" domain="localhost" path="/LISA_50_Dev_CMSWeb" />
</authentication>

 

<authentication mode="Forms">
<forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="1440" slidingExpiration="true" domain="localhost" path="/LISA_60_Dev_CMSWeb"/>
</authentication>

 

 

第二个方法的问题,在于限定了domain name,如果限定为localhost的话,那么会导致使用域名无法登录的问题 。因为后台不识别了。 

 

 扩展

查看单个页面的cookie

相关文章

https://weblog.west-wind.com/posts/2008/Jan/20/Forms-Authentication-and-path-in-the-forms-Tag 

https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/forms-authentication-configuration-and-advanced-topics-cs

domain

When using cookie-based authentication tickets, this setting specifies the cookie's domain value.

The default value is an empty string, which causes the browser to use the domain from which it was issued (such as www.yourdomain.com).

In this case, the cookie will not be sent when making requests to subdomains, such as admin.yourdomain.com.

If you want the cookie to be passed to all subdomains you need to customize the domain attribute setting it to yourdomain.com.

path

When using cookie-based authentication tickets, this setting specifies the cookie's path attribute.

The path attribute enables a developer to limit the scope of a cookie to a particular directory hierarchy.

The default value is /, which informs the browser to send the authentication ticket cookie to any request made to the domain.

 

作者:Chuck Lu    GitHub    
posted @   ChuckLu  阅读(379)  评论(0编辑  收藏  举报
编辑推荐:
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
历史上的今天:
2016-11-10 Zip it
2014-11-10 关于AutoResetEvent 和ManualResetEvent
2014-11-10 实时刷新winform中的某一个控件上的文字
2014-11-10 C#中的静态构造函数
点击右上角即可分享
微信分享提示