ASP.NET登录无法在Firefox和IE中正确重定向刚刚登录的用户，但可以与Chrome一起使用

本文介绍了ASP.NET登录无法在Firefox和IE中正确重定向刚刚登录的用户，但可以与Chrome一起使用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有ASP.NET应用程序，可以在开发环境中完美运行.登录可在Firefox，IE和Chrome上使用. Firefox开发环境中的请求如下所示:

I have ASP.NET application, which is perfectly works on development environment. Login works on Firefox, IE and Chrome. Requests in Firefox in development env looks like:

POST请求:

POST /MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: localhost/MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName%2f Content-Type: application/x-www-form-urlencoded Content-Length: 171 Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=bQmz8xMlE-u9e0iKr3vtXpCDqo8FpQkcgPzN3cdw2xp73M8SoV_WTwFG5IIY1JEQlHJ-ZHd8h5z_f75FO4nkEcGRhP6e9HBE64rjsGCEVV81 Connection: keep-alive Upgrade-Insecure-Requests: 1

响应:

HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /MyServiceName/ Server: Microsoft-IIS/7.5 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: .ASPXAUTH=7D3D9E88072745F5AD2B5FCE038F0A794EF6590F9877A65255A63F124CE4FC3EE0309A03F3ACE9C7C5C39E51050F4009A32558D0FE94F673D7B8D5FEA6E6E2E22BEFF862255B50DFC9B6AC2637C8F04918ECCAD0DD63B29CFCD8B4E9BA4DD898C35C7F7CA8E3BB33DA943CD4A45D80F4F24A1E9EF01829B7258C9195FC977B96; expires=Fri, 28-Sep-2018 09:05:12 GMT; path=/; HttpOnly X-Powered-By: ASP.NET Date: Fri, 28 Sep 2018 08:35:12 GMT Content-Length: 128

但是，当我将服务部署到真实服务器中时，只能使用除Chrome之外的任何浏览器登录. Firefox在真实服务器中的请求:

But when I deploy my service into real server, login in with any browser except Chrome does not work. Requests in Firefox in real server:

远程主机POST请求:

Remote host POST Request:

POST /MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName HTTP/1.1 Host: remhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: remhost/MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName Content-Type: application/x-www-form-urlencoded Content-Length: 171 Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=-JG3IFQhCVjOuL_SIf7QD0ot7Fc_Fy9lb8Lii_VkLzGKGWswkOPfG-ZQtxijlFYhDO7jAMRiRcatHWcdlBRw7RXVzkdu5864rWiLNWGHc7KSUwgtwA-W_lJHVm-EmKW9v1zEgESa0oQKZ37i9mHC6g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=nAHU2cD63KJZIjm3a8LHUYlZpQ9YChmou1E1pvMfI5xmQl2iqgbJ9x9iCuTH0lDlmAqoqFd5_bnPS3FsUVkNYwYRcLt-WJozs0kWt_jn0fM1 Connection: keep-alive Upgrade-Insecure-Requests: 1

响应:

HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /MyServiceName Server: Microsoft-IIS/7.5 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Set-Cookie: .ASPXAUTH=BD46865424CAA946E4AF046436F14C10841E64596BDF9125E721000DA2056C5613D914985ED65A1F3ADF65A322D93156559D2F4B02DFB2F3D4C8CCC5837C90CE29825E578FBA2B5E2B1F6E06DC259FC60210C1DA31A44F861476D49A6FFE318474FEE116867B58898357335914B1E8AD65DFEF8223DABDBB07D7ECBAB990D976; expires=Fri, 28-Sep-2018 07:53:36 GMT; path=/; HttpOnly Date: Fri, 28 Sep 2018 07:23:36 GMT Content-Length: 130

在Firefox上获取请求:

GET /MyServiceName HTTP/1.1 Host: remhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: remhost/MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=-JG3IFQhCVjOuL_SIf7QD0ot7Fc_Fy9lb8Lii_VkLzGKGWswkOPfG-ZQtxijlFYhDO7jAMRiRcatHWcdlBRw7RXVzkdu5864rWiLNWGHc7KSUwgtwA-W_lJHVm-EmKW9v1zEgESa0oQKZ37i9mHC6g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=nAHU2cD63KJZIjm3a8LHUYlZpQ9YChmou1E1pvMfI5xmQl2iqgbJ9x9iCuTH0lDlmAqoqFd5_bnPS3FsUVkNYwYRcLt-WJozs0kWt_jn0fM1 Connection: keep-alive Upgrade-Insecure-Requests: 1

在Firefox上获取响应:

HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /MyServiceName/Account/Login?ReturnUrl=%2fMyServiceName Server: Microsoft-IIS/7.5 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 28 Sep 2018 07:46:51 GMT Content-Length: 170

Google Chrome (用于远程服务器): POST登录:

Google Chrome for remote server: POST Login:

curl 'remhost/MyServiceName/Account/Login' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Origin: remhost' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Save-Data: on' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'Referer: remhost/MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7' -H 'Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41' --data '__RequestVerificationToken=eUURMtLNSgIi4SgyID5CJZchnns9yTjK039Z1FFcA7TAQjjZ1wvblnKeseCe7UJu6zclcA3NgZ2rBZnABMGn54maEDhfe5W-kk-mjGeIGIk1&UserName=user&Password=password' --compressed

请求标头:

POST /MyServiceName/Account/Login HTTP/1.1 Host: remhost Connection: keep-alive Content-Length: 171 Cache-Control: max-age=0 Origin: remhost Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Save-Data: on User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer: remhost/MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F Accept-Encoding: gzip, deflate Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41

响应标题:

HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: /MyServiceName/ Server: Microsoft-IIS/7.5 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Set-Cookie: .ASPXAUTH=33BF43D6803B985EB87EEF8AC1301B63F7A8406ADC73ACED15D3F5737AF883F49D3F64AB979E234A550D554C55B570DAF23AC8FF5A91D8517D70C2E6149341A2DD2F35CFC7B5487141A28099A927C5D971A4C954A2669A8A3E6500E0B762402A366850B5A6F1330740ADB958E43F0044D577AD4E70D517B682AFCA55F9A7482E; expires=Fri, 28-Sep-2018 07:30:09 GMT; path=/; HttpOnly Date: Fri, 28 Sep 2018 07:00:09 GMT Content-Length: 131

获取MyServiceName /:

curl "remhost/MyServiceName/" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Upgrade-Insecure-Requests: 1" -H "Save-Data: on" -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8" -H "Referer: remhost/MyServiceName/Account/Login?ReturnUrl=^%^2FMyServiceName^%^2F" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7" -H "Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41; .ASPXAUTH=33BF43D6803B985EB87EEF8AC1301B63F7A8406ADC73ACED15D3F5737AF883F49D3F64AB979E234A550D554C55B570DAF23AC8FF5A91D8517D70C2E6149341A2DD2F35CFC7B5487141A28099A927C5D971A4C954A2669A8A3E6500E0B762402A366850B5A6F1330740ADB958E43F0044D577AD4E70D517B682AFCA55F9A7482E" --compressed

请求标头:

GET /MyServiceName/ HTTP/1.1 Host: remhost Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Save-Data: on User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer: remhost/MyServiceName/Account/Login?ReturnUrl=%2FMyServiceName%2F Accept-Encoding: gzip, deflate Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: __RequestVerificationToken_L00yU3VwcG9ydA2=UcVwtESdo2tT8Uy1opbJpVpDdpBOTYmNXRi0dyW7ubyd529sme8yJ23vQQX4aQlM02NVTMoBowsD4Uzbpydnq_rgd8I2n-G96I5JQ9xgM2E3cnLVys9RNJtbjLwInu1XKdH2VbkqYIaxXP4mWYT-2g2; __RequestVerificationToken_L00yU3VwcG9ydF92Mg2=RANEaw7GedA6EGEajt9O9rDx3k0SPUuWm-gG-nY_GzlpJyr_odsUU3wN6BorEbAz87_yswgZDS07ihDiuUUZxIAfOFdQA2Ohn7HmrlAz1L41; .ASPXAUTH=33BF43D6803B985EB87EEF8AC1301B63F7A8406ADC73ACED15D3F5737AF883F49D3F64AB979E234A550D554C55B570DAF23AC8FF5A91D8517D70C2E6149341A2DD2F35CFC7B5487141A28099A927C5D971A4C954A2669A8A3E6500E0B762402A366850B5A6F1330740ADB958E43F0044D577AD4E70D517B682AFCA55F9A7482E

响应标题:

HTTP/1.1 200 OK Cache-Control: private, s-maxage=0 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 28 Sep 2018 07:00:09 GMT Content-Length: 4619

响应:

<!DOCTYPE html> <html lang="en"> <!-- Here is my html when user logged in --> </html>

问题似乎出在第二个GET中.在开发环境中，它返回状态200 OK，在实际服务器中返回状态302 Found.

The problem seem to be in second GET. On development env it returns status 200 OK, and on real server 302 Found.

通过ASP.NET简单成员身份进行身份验证.

Authentication is done thru ASP.NET Simple Membership.

登录POST操作:

[HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public ActionResult Login(LoginModel model, string returnUrl) { string errorMsg = "The user name or password provided is incorrect."; if (Roles.IsUserInRole(model.UserName, "Disabled")) { errorMsg = "Your account has been disabled. Contact administrator for more info."; } else if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, true))//persistCookie: false)) { accountService.AddLogin(model.UserName); return RedirectToLocal(returnUrl); } // If we got this far, something failed, redisplay form ModelState.AddModelError("", errorMsg); return View(model); } private ActionResult RedirectToLocal(string returnUrl) { if (Url.IsLocalUrl(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } }

我已经从服务器数据库检查了登录状态.用户登录已正确完成，并且用户状态已登录，尽管Firefox仍显示登录页面，就像未登录用户一样.我认为问题出在某个地方.

I have checked login status from server database. The user login was done correctly, and user status is logged in, though Firefox still displays login page as if user is not logged. I think the problem is in redirection somewhere.

任何想法为何?除了两个系统上的数据库连接设置之外，web.config文件都是相同的.两台计算机上都是相同的ISS 7.5.那还有什么原因呢?

Any ideas why? The web.config file is same except database connection settings on both systems. it's same ISS 7.5 on both computers. So what else might be the reason?

另外一件有趣的事情.在运行服务的同一台远程计算机上，Firefox也可以正常运行.所以我的问题仅适用于远程会话.

One more interesting thing. From the same remote computer where service is run Firefox also works OK. So My problem for remote sessions only.

更新: 似乎我找到了根本原因这里.但是我还不知道如何在我的代码范围内解决它

UPDATE: Seems I found the root cause here. But I have no idea yet how to fix it in scope of my code

如果第三个会话没有时间在重定向之前完成，则可能是这样，只有远程会话失败.同意吗?

If the third does not have time to finish before redirect, it might be so, that only remote sessions fail. Agree?

在web.config中，我有:

In web.config I have:

<authentication mode="Forms"> <forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="30" slidingExpiration="true" /> </authentication>

推荐答案

从您的Web配置<authentication mode="Forms">中，我可以推断出您正在使用表单身份验证.

From you web config <authentication mode="Forms">, I can deduct you are using forms authentication.

尝试这两件事:

在表单身份验证设置中设置默认网址，例如:

Set up default url in forms authentication setting like :

<authentication mode="Forms"> <forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="30" slidingExpiration="true" defaultUrl="~/Home/Index"/> </authentication>

<authentication mode="Forms"> <forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="30" slidingExpiration="true" defaultUrl="~/Home/Index"/> </authentication>

用于认证后的重定向，而不是使用return RedirectToAction("Index", "Home");或return Redirect(returnUrl);

For redirecting after authentication, instead of using return RedirectToAction("Index", "Home"); or return Redirect(returnUrl);

使用类似FormsAuthentication.RedirectFromLoginPage的方法:

if (Membership.ValidateUser(userName, password) == true) { FormsAuthentication.SetAuthCookie(userName, false); FormsAuthentication.RedirectFromLoginPage(userName, false); }

它将经过身份验证的用户重定向回原始请求的URL或配置中的默认设置.

It Redirects an authenticated user back to the originally requested URL or the default set in the config.

有关详细信息，请参阅覆盖此方法，请参见:

For more information & override of this method refer :

Microsoft文档