4

I have a strange issue.

I have a page with the following code.

if (!HttpContext.Current.User.Identity.IsAuthenticated)
    {
        Server.Transfer(@"~/Views/Public/Unauthorised.aspx");
        return;
    }

For some reason, with one user (and we've narrowed it down to his single machine and windows logon profile), IsAuthenticated always returns false. Even though he is logged into the website, and can navigate to other pages that require authenticated user. Except this one page.

We checked that the machine accepts all cookies and we still get the same issue. I'm not sure where to go from here... any suggestions?

4

1 回答 1

7

至少有两种已知的情况会导致这种行为。

第一种情况是您设置requireSSL="true"了身份验证会话web.config并从非安全页面调用该函数。因此,请仔细检查页面是否安全,如果您使用requireSSL="true"

Debug.Assert(Request.IsSecureConnection, "The IsAuthenticated will fail.");
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
    Server.Transfer(@"~/Views/Public/Unauthorised.aspx");
    return;
}

第二种情况,您没有domain="site.com"在 web.config 中再次设置身份验证会话,并且您尝试一次www.yoursitename.comyoursitename.com. 在这种情况下,身份验证 cookie 是不同的,它将失败。因此,请在 web.config 中设置该参数。

<authentication mode="Forms">
  <forms domain="yoursitename.com"  />
</authentication>
于 2012-12-20T14:24:04.803 回答