如何使无Cookie FormsAuthentication与自发行的FormsAuthenticationTickets和自定义UserData一起使用...-CSDN博客

Short answer: You can't.

简短的回答：不能。

I have an application that issues FormsAuthTickets like this...

我有一个发布FormsAuthTickets这样的应用程序...

// Create the authentication ticket

//创建身份验证票证

FormsAuthenticationTicket authTicket = new

FormsAuthenticationTicket authTicket =新

FormsAuthenticationTicket(1, //version

FormsAuthenticationTicket(1， //版本

userName, // user name

userName， //用户名

DateTime.Now, //creation

DateTime.Now， //创建

DateTime.Now.AddMinutes(Timeout), //Expiration

DateTime.Now.AddMinutes(Timeout)， //到期

false, //Persistent

false ， //持久

MYPRIVATEANDVERYIMPORTANTDATA);

MYPRIVATEANDVERYIMPORTANTDATA );

// Now encrypt the ticket.

//现在加密票证。

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

字符串加密的票= FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the cookie as data.

//创建一个cookie并将加密的票证添加为该cookie作为数据。

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);

HttpCookie authCookie =新的HttpCookie(FormsAuthentication.FormsCookieName，encryptedTicket);

...that was written in .NET 1.1. (FYI - It could have just as easily been written in .NET 2.0, there's nothing special here, but I want to write this code to support (be run under) both 1.1 and 2.0.)

...是用.NET 1.1编写的。 (仅供参考-它可以很容易地在.NET 2.0中编写，这里没有什么特别的地方，但是我想编写此代码来支持(在1.1和2.0下运行)。)

The built-in ASP.NET helper functions SetAuthCookie and GetAuthCookie have been expanded to handle Cookieless formsauth in .NET 2.0. So, if I used have used these methods in 1.1 I'd get the new funcitonality when my app was run under 2.0. However, I wanted to include UserData - extra encrypted context stuff - in my FormsAuthenticatonTicket, so the only choice was to issue the cookie myself.

内置的ASP.NET帮助器函数SetAuthCookie和GetAuthCookie已扩展为处理.NET 2.0中的Cookieless Formsauth。因此，如果我在1.1中使用了这些方法，那么当我的应用程序在2.0下运行时，我将获得新的功能。但是，我想在FormsAuthenticatonTicket中包含UserData(额外的加密上下文内容)，因此唯一的选择是自己发出cookie。

For many of us, the promise of a cookieless Session AND cookieless FormsAuthentication is very exciting:

对于我们许多人而言，无cookie会话和无cookie FormsAuthentication的承诺非常令人兴奋：

If you issue your own cookie like I do, adding it to Response.Cookies yourself as I do, your ASP.NET application won't get cookieless FormsAuthentication.

如果像我一样发布自己的cookie，并将其添加到Response.Cookies中，就像我一样，您的ASP.NET应用程序将不会获得无cookie的FormsAuthentication。

The problem is, System.Web.Security.FormsAuthentication.SetAuthCookie(String, Boolean) doesn’t allow the setting of UserData. (only String.Empty is passed in on creation of the ticket)

问题是System.Web.Security.FormsAuthentication.SetAuthCookie(String，Boolean)不允许设置UserData 。 (仅在创建票证时传递String.Empty)

To be clear – if I could use SetAuthCookie and GetAuthCookie (the public static interfaces) I'd have been fine and received the new functionality. However, the UserData support is where this important scenario falls down. I thought I could roll this myself, but all the classes I need are very internal and more than a little icky.

需要明确的是–如果我可以使用SetAuthCookie和GetAuthCookie(公共静态接口)，我会很好的，并获得了新功能。但是，UserData支持是此重要方案失败的地方。我以为自己可以自己动手做，但是我需要的所有课程都是非常内部的，有些讨厌。

A Microsoft ASP.NET insider said:

一位Microsoft ASP.NET内部人士说：

There isn't an API that allows the use of UserData with cookieless tickets. Unfortunately UserData was [not included] in the cookieless forms auth implementation.

没有一个API允许将UserData与无cookie票证一起使用。 不幸的是，UserData没有包含在无cookie表单身份验证实现中。

Conclusion: If you want cookieless FormsAuthentication you must use SetAuthCookie. Full stop. Until then I will find somewhere else to store my UserData.

结论：如果需要无cookie的FormsAuthentication，则必须使用SetAuthCookie 。句号在那之前，我将在其他地方存储我的UserData。

翻译自: https://www.hanselman.com/blog/how-to-get-cookieless-formsauthentication-to-work-with-selfissued-formsauthenticationtickets-and-custom-userdata