subject_45990.htm

一些关于vc的问答

<p>
序号：45990 发表者：阿志 发表日期：2003-07-05 17:14:44
<br>主题：dotnet中forms验证方式的困惑，狠急
<br>内容：我的虚拟目录结构：<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;webapp0----<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|----login.aspx<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|----web.config<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; webapp1------<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|---web.config<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|---其它文件<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR><BR>就是说，目录结构是两级，并且两级目录验证方式都是forms，需要的cookie名字相同，当验证不通过的时候，都跳转到webapp/login.aspx页面。<BR><BR>这是webapp0/web.config的设置：<BR>&lt;authentication mode="Forms"&gt;<BR>&nbsp;&nbsp; &lt;forms name=".USER" loginUrl="login.aspx" /&gt;<BR>&lt;/authentication&gt;<BR>&lt;authorization&gt;<BR>&nbsp;&nbsp; &lt;deny users="?" /&gt;<BR>&lt;/authorization&gt;<BR><BR><BR>webapp0/webapp1/web.config的设置：<BR>&lt;authentication mode="Forms"&gt;<BR>&nbsp;&nbsp; &lt;forms name=".USER" loginUrl="../login.aspx" /&gt;<BR>&lt;/authentication&gt;<BR>&lt;authorization&gt;<BR>&nbsp;&nbsp; &lt;deny users="?" /&gt;<BR>&lt;/authorization&gt;<BR><BR>去年.net版本还是1.0的时候，我这样做是成功的，现在把老版本拿出来，运行，发现验证方式不行了，我怀疑是装了.net1.1造成的<BR><BR>现象是，登录login.aspx后，访问webapp0/ 目录可以，但是不能访问webapp0/webapp1/目录<BR>当访问webapp0/webapp1/目录的时候，login.aspx被调用，当登录完成后，页面却依然停留在login.aspx页面，除了刷新以外，毫无反应<BR><BR>请问高手这是怎么回事？？<BR>是不是.net1.1的版本不支持那样验证了？？
<br><a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p>
<hr size=1>
<blockquote><p>
回复者：半路出家.NET 回复日期：2003-07-05 23:25:21
<br>内容：UP
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者：阿志 回复日期：2003-07-06 09:10:56
<br>内容：&nbsp;&nbsp; 
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者：半路出家.NET 回复日期：2003-07-06 14:32:43
<br>内容：楼主，搞定了没？
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者：阿志 回复日期：2003-07-06 21:35:06
<br>内容：没有啊，很急人，软件要发布，可是没想到这个毛病，如果每个虚拟目录都要加login.aspx，岂不太麻烦了
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
<font color=red>答案被接受</font><br>回复者：雷神 回复日期：2003-07-07 09:50:40
<br>内容：阿志兄弟，我怀疑是cookie本身的问题，例如浏览器的问题。<BR>-------------------------------------------------------------------<BR>还有如果login.aspx的作用是验证和登陆的表单，建议试着做成用户控件。<BR><BR>如果没有时间了，也许你的目录结构改成这样会好些。<BR><BR> login.aspx<BR>&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp; webapp0----<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|---web.config<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|---其它文件<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp; webapp1------<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|---web.config<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|---其它文件<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<BR><BR>仅供参考。<BR>
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者：阿志 回复日期：2003-07-07 10:43:26
<br>内容：我跟踪发现，第一次访问webapp0后，产生一个名字叫作“.user”的cookie，然后访问webapp1,惊奇的发现系统的Request.Cookies.Count多了一个，——又产生一个名字叫做“.user”的cookie，太迷惑了<BR><BR>做成login控件，达不到我的目的，我的目的是，一个全套的系统，比如“erp”，里面分几个独立的子系统，都分别在erp虚拟目录下，然后几个子系统共享erp目录的login,这里的共享是说，登录一个后，别的无需登录。<BR>这样做，以前是好的，装了 .net sdk 1.1后，就不行了<BR><BR><BR>你最后的建议很好，我现在的erp目录下就一个netoa目录，别的还没做，先把erp目录删掉算了，暂时只有一个子系统，不需要共享登录
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者：阿志 回复日期：2003-07-12 21:01:11
<br>内容：问题解决，csdn有高手回复：<BR> 回复人： wang740(Aruna) ( ) 信誉：100&nbsp;&nbsp;2003-07-11 10:58:00&nbsp;&nbsp;得分:0 <BR> <BR> <BR>&nbsp;&nbsp;Hi dulao5(石笑)， 我刚刚找到这么一段，好像很有道理。我现在没法试，晚上我会试。或者你试了告诉我结果。谢谢。<BR><BR>From : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp<BR><BR>.NET Framework Developer's Guide&nbsp;&nbsp; <BR><BR>Forms Authentication Across Applications<BR>ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm. Several configuration attributes in the &lt;forms&gt; element configuration section must match for all applications participating in shared forms authentication. The directives name, protection, path, validationKey, decryptionKey, and validation in the following example must be identical (unless otherwise noted) across the applications.<BR><BR>&lt;configuration&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&lt;system.web&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;authentication&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;forms name=".ASPXAUTH" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; loginUrl="logon.aspx"&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protection="all"&nbsp;&nbsp;&lt;!-- Protection must be identical.--&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; timeout="30" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; path="/" &gt;&nbsp;&nbsp; &lt;!-- Path must have a compatible scope.--&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/authentication&gt;<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;!-- Validation and decryption keys must exactly match and cannot<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; be set to "AutoGenerate". The validation algorithm must also <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; be the same. --&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;machineKey&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;validation="SHA1"<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;isolateApplications="false"<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/machineKey&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/system.web&gt;<BR>&lt;/configuration&gt;<BR>The encryption and validation keys and the encryption scheme used for cookie data must be exactly the same. If the settings do not match, cookies cannot be shared.<BR><BR>After a cookie has been issued, expiration of the cookie is tracked based on the Expires value in the cookie itself. This means that if two applications have different timeout attributes, the expiration date and time that was set when each cookie was originally issued is retained throughout the lifetime of the cookie. When a cookie is updated, the cookie's original expiration is used to compute the new expiration. The only time the configuration timeout value is used is when the cookie is initially created.<BR><BR>See Also<BR>ASP.NET Web Application Security | Simple Forms Authentication<BR><BR>Syntax based on .NET Framework version 1.1.<BR>Documentation version 1.1.0.<BR>&nbsp;&nbsp;<BR> <BR>Top <BR> <BR> 回复人： wang740(Aruna) ( ) 信誉：100&nbsp;&nbsp;2003-07-11 22:23:00&nbsp;&nbsp;得分:0 <BR> <BR> <BR>&nbsp;&nbsp;我试过了，可以了！！<BR>我做了一个project http://localhost,在下面作了另外一个http://localhost/dLogin. login.aspx置放在根下，dLogin virtual directory中没有验证文件，而是指向/login.aspx.<BR>从任何一个project验证成功后，另一个自动通过验证。用Response.Write(objUser.UserName())可以看出正确的用户名。<BR><BR>web.config in both virtual directory:<BR><BR>&lt;authentication mode="Forms"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;forms name=".ASPXAUTH" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; loginUrl="/login.aspx"&nbsp;&nbsp;&nbsp;&nbsp; <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protection="All"<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; timeout="30" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; path="/" /&gt;<BR>&lt;/authentication&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>&lt;machineKey&nbsp;&nbsp; validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;validation="SHA1" /&gt;<BR> <BR>&lt;authorization&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;deny users="?" /&gt;<BR>&lt;/authorization&gt;<BR>&nbsp;&nbsp;<BR> <BR>Top <BR> <BR> 回复人： coolmars(mars) ( ) 信誉：100&nbsp;&nbsp;2003-07-11 22:42:00&nbsp;&nbsp;得分:0 <BR> <BR> <BR>&nbsp;&nbsp;up<BR>&nbsp;&nbsp;<BR> <BR>Top <BR> <BR> 回复人： dulao5(石笑) ( ) 信誉：100&nbsp;&nbsp;2003-07-12 20:35:00&nbsp;&nbsp;得分:0 <BR> <BR> <BR>&nbsp;&nbsp;wang740，一天没来，所以没有看到你的回复，对不住<BR><BR>还没看，先回复，表示谢意再说<BR>&nbsp;&nbsp;<BR> <BR>Top <BR> <BR> 回复人： dulao5(石笑) ( ) 信誉：100&nbsp;&nbsp;2003-07-12 20:56:00&nbsp;&nbsp;得分:0 <BR> <BR> <BR>&nbsp;&nbsp;非常感谢wang740(Aruna) ，成功了，你辛苦了，让我们庆贺吧～～～～～～～～～～～<BR><BR>结论是&nbsp;&nbsp;<BR> 1. loginUrl="logon.aspx" 和loginUrl="/logon.aspx" 是不一样的，后者是绝对路经，<BR> 2. 在上一级虚拟目录下面设置如下，然后子虚拟目录无需设置，就好了<BR>&lt;authentication mode="Forms"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;forms name=".ASPXAUTH" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; loginUrl="/login.aspx"&nbsp;&nbsp;&lt;!-- 这个路径是绝对路径（除掉http://主站名剩下的）--&gt;&nbsp;&nbsp; <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protection="All"<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; timeout="30" <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; path="/" /&gt;<BR>&lt;/authentication&gt;<BR>&lt;authorization&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;deny users="?" /&gt;<BR>&lt;/authorization&gt;<BR><BR><BR>另外， chnking(kent) 网友的回复是正确地，我粗心，没有试验成功，再次致歉并表示感谢<BR><BR>&nbsp;&nbsp;<BR> <BR>Top <BR> <BR>
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>