0

在我的 mvc4 应用程序中,我为表单身份验证创建 cookie

public ActionResult Login(UserLogin user)
    {
        if (ModelState.IsValid)
        {
            bool res = System.Web.Security.Membership.ValidateUser(user.UserName, user.Password);

            if (res)
            {
                Utente utente = commonRepository.GetProfiloUtente(user.UserName);

                if (utente != null)
                {
                    Session["user"] = utente;
                }

                var serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
                string userData = serializer.Serialize(utente);

                DateTime dataLavorativa = commonRepository.GetGiornoLavorativoPrecedente(utente.IDInterno);

                Session["data_lavorativa"] = dataLavorativa;


                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
          user.UserName, DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes), true, userData,
          FormsAuthentication.FormsCookiePath);



                string encTicket = FormsAuthentication.Encrypt(ticket);

                var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
                {
                    HttpOnly = true,
                    Secure = FormsAuthentication.RequireSSL,
                    Path = FormsAuthentication.FormsCookiePath,
                    Domain = FormsAuthentication.CookieDomain
                };

                // Create the cookie.
                Response.Cookies.Add(cookie);

                return RedirectToAction("Index", "Home");
            }
            else
            {
                ModelState.AddModelError("", "Login data is incorrect!");
            }
        }
        return View("Index", user);
    }

这在 FFox 中运行良好(如果我关闭浏览器然后重新打开)没关系,在 IE 和 Chrome 中我已被重定向到登录页面......我已经检查了两者,并且所有这些都处于较低级别的安全性......并接受cookies……有什么建议吗?谢谢

4

0 回答 0