有兩種方法可以解決這個問題。問題在於FedAuth Cookie標記爲安全且HTTPOnly。因此,當您從HTTPS切換到HTTP時,Cookie無法被SharePoint讀取/ _trust/
我使用的方法是修改_login目錄中的default.aspx。它可以在這裏找到C:\ Program Files文件\ Common Files文件\ Microsoft共享\ Web服務器Extensions \ 14 \模板\ identitymodel \首頁\
我取代現有的Default.aspx這個Default.aspx頁面
<%@ Assembly Name="Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="SharepointIdentity" Namespace="Microsoft.SharePoint.IdentityModel" Assembly="Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Assembly Name="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Import Namespace="Microsoft.SharePoint.WebControls" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Import Namespace="Microsoft.SharePoint" %> <%@ Assembly Name="Microsoft.Web.CommandUI, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Page Language="C#" MasterPageFile="~/_layouts/simple.master" %>
<asp:Content ID="PageHead" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">
</asp:Content>
<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<script language="C#" runat="server">
protected void Page_Load(object sender, EventArgs e)
{
string killed = "no";
if (Request.Cookies["FedAuth"] != null)
{
killed = "yes";
HttpCookie expiredCookie = new HttpCookie("FedAuth");
expiredCookie.Expires = DateTime.UtcNow.AddDays(-1);
Response.Cookies.Add(expiredCookie);
}
string returnURL = Request["ReturnUrl"].ToString();
Response.Redirect("/_trust/default.aspx?trust=SSO%20Trusted%20Provider&ReturnUrl=" + returnURL + "&cooke=" + killed);
}
</script>
</asp:Content>
沒有代碼背後。
的另一種方式接近它是一個新的cookie處理程序修改的cookie。你可以在這裏看到。 http://www.msngn.com/blog/Lists/Posts/Post.aspx?ID=5