问题描述
认证cookie在短时间(一天左右)后似乎超时。我使用窗体身份验证,并在web.config中使用slidingExpiration =false的timeout =10080。使用该设置,cookie将在用户成功通过身份验证后大约7天过期。
Authentication cookies seem to timeout after a short period of time (a day or so). I am using Forms Authentication and have the timeout="10080" with slidingExpiration="false" in the web.config. With that setting, the cookie should expire roughly 7 days after the user is successfully authenticated.
这与IIS6通告的一样,但是当我将站点移动到IIS7时, cookie过期更快。我已经确认这个行为在多个机器上的IE和Firefox,导致我相信这是一个IIS7设置。
This worked as advertised with IIS6, but when I moved the site to IIS7, the cookie expires much quicker. I've confirmed this behavior on multiple machines with IE and Firefox, leading me to believe it's an IIS7 setting.
有一个隐藏的设置是IIS7具体相关的身份验证?
Is there a hidden setting that is IIS7 specific related to authentication? All other authentication types are disabled for the website, except for anonymous user tracking.
推荐答案
身份验证Cookie使用 machineKey
值从本地 web.config
或全局 machine.config
。如果没有明确设置这样的键,则会自动生成一个键,但它不会持久保存到磁盘 - 因此,当应用程序由于不活动而重新启动或回收时,它会改变,并且
The authentication cookie is encrypted using the machineKey
value from the local web.config
or the global machine.config
. If no such key is explicitly set, a key will be automatically generated, but it is not persisted to disk – hence, it will change whenever the application is restarted or "recycled" due to inactivity, and a new key will be created on the next hit.
解决问题与添加< machineKey>
配置部分到 web.config
,或者可能(最好?)到服务器上的 machine.config
):
Resolving the problem is as easy as adding a <machineKey>
configuration section to web.config
, or possibly (preferably?) to the machine.config
on the server (untested):
<system.web>
...
<machineKey
validationKey="..."
decryptionKey="..."
validation="SHA1"
decryption="AES"/>
...
</system.web>
,以便为您生成此部分的网站。如果您的应用程序处理机密信息,您可能需要自己创建密钥。
Google generate random machinekey for sites that can generate this section for you. If your application deals with confidential information, you might want to create the keys yourself, though.
这篇关于Asp.net形成认证cookie不遵守IIS7的超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!