0
我不小心跳進了cookies的世界,我試圖理解發生了什麼。我有一個使用FormsAuthentication在Visual Studio 20120/C#中開發的Web應用程序。當我第一次開發應用程序時,我創建了幾個字段來存儲身份驗證Cookie:personID,firstName和admin,字符串如下所示:777 | Jimmy | 1。從那以後,一切都運轉良好。現在我添加了第四個字段到稱爲「secBlur」的模糊結尾。當我這樣做並嘗試檢索secBlur的值時,它告訴我數組範圍超出範圍,因爲早期版本的cookie不包含此字段......這很有意義。我花了幾天的時間試圖重寫我的cookie的有效性檢查,我想我已經知道了一切。但是,當我將新的userData字符串寫入cookie時,它似乎沒有這樣做。我的代碼如下,我將嘗試通過我正在做的事情...FormsAuthentication cookie沒有設置UserData值
在我的母版頁的page_load中,我正在做的第一件事是打電話給我創建的cookie類檢查該cookie是否是正確的版本:
protected void Page_Load(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
authCookie ac = new authCookie();
ac.validate();
LoginName ct = (LoginName)loginStatus.FindControl("HeadLoginName");
if (ct != null)
{
formValues fv = new formValues();
ct.FormatString = fv.firstName;
}
}
}
我的整個cookie類如下。在Validate方法中,我正在檢查cookie的存在,然後檢查它是否是正確的版本,並且該userData存在。如果它不是正確的版本或者userData不存在,我調用getUserData方法來檢索今年的最新信息,創建一個新票據,將票據存儲到cookie中,然後保存該Cookie。我認爲保存cookie的行是問題,但我不確定。
using System;
using System.Data.SqlClient;
using System.Runtime.Remoting.Contexts;
using System.Web;
using System.Web.Security;
using System.Web.UI.WebControls;
namespace DMC.Classes
{
public class authCookie
{
public void cookiePrep(Login LoginUser)
{
string userData = "unknown|unknown";
// Concat the values into a single string to pass into the cookie
userData = getUserData(LoginUser.UserName);
// Create the cookie that contains the forms authentication ticket
HttpCookie authCookie = FormsAuthentication.GetAuthCookie(LoginUser.UserName, LoginUser.RememberMeSet);
// Get the FormsAuthenticationTicket out of the encrypted cookie
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(3,
ticket.Name,
ticket.IssueDate,
ticket.Expiration,
LoginUser.RememberMeSet,
userData,
ticket.CookiePath);
// Manually add the authCookie to the Cookies collection
authCookie.Value = FormsAuthentication.Encrypt(newTicket);
HttpContext.Current.Response.Cookies.Add(authCookie);
string redirUrl = FormsAuthentication.GetRedirectUrl(LoginUser.UserName, LoginUser.RememberMeSet);
if (redirUrl == null)
redirUrl = "../default.aspx";
HttpContext.Current.Response.Redirect(redirUrl);
}
public string getUserData(string userID)
{
string userData = "";
// Grab this user's firstname, personID, and Admin status
string mySQL = "exec get_adBasicInfo @userName";
string cf = System.Configuration.ConfigurationManager.ConnectionStrings["DistrictAssessmentDWConnectionString"].ConnectionString;
SqlConnection connection = new SqlConnection(cf);
SqlCommand command = new SqlCommand(mySQL, connection);
command.Parameters.AddWithValue("@userName", userID);
connection.Open();
SqlDataReader dr = command.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
userData = string.Concat(dr["personID"], "|", dr["firstName"], "|", dr["secBlur"]);
}
dr.Close();
return userData;
}
public void validate()
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
/**********************************************************************************************************************
* Version 3: Added the secBlur field onto the userData string to see if logged in user needs to have sensitive *
* data blurred out (0: Normal; 1: Blur Sensitive Data *
**********************************************************************************************************************/
if ((ticket.Version != 3) || (ticket.UserData == ""))
{
string userData = getUserData(ticket.Name);
FormsAuthenticationTicket newAuthTicket = new FormsAuthenticationTicket(3,
ticket.Name,
ticket.IssueDate,
ticket.Expiration,
ticket.IsPersistent,
userData,
ticket.CookiePath);
authCookie.Value = FormsAuthentication.Encrypt(newAuthTicket);
HttpContext.Current.Response.SetCookie(authCookie);
}
}
}
}
}
此時控制傳遞迴給我的母版頁的load_page功能,並嘗試通過調用我的formValues類,下面擷取Cookie中的用戶的姓:
using DMC.Classes;
using System.Web;
using System.Web.Security;
namespace DMC.Classes
{
public class formValues : System.Web.Services.WebService
{
public string firstName = getFirstName();
public string personID = getPersonID();
public string secBlur = getSecBlur();
private static string getUserDataString(int ix)
{
string retValue = "";
if (HttpContext.Current.Request.IsAuthenticated)
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
if (ticket != null)
{
string[] userData = { "" };
char[] delimiterChar = { '|' };
userData = ticket.UserData.Split(delimiterChar);
retValue = userData[ix];
}
}
}
return retValue;
}
private static string getFirstName()
{
string firstName = getUserDataString(1);
return firstName;
}
private static string getPersonID()
{
string personID = getUserDataString(0);
return personID;
}
private static string getSecBlur()
{
string secBlur = getUserDataString(2);
return secBlur;
}
}
}
在試圖getFirstName,當試圖設置retValue時,由於userData數組爲空,我在getUserDataString方法中出現錯誤。那麼有人可以告訴我我要去哪裏嗎?