我继承了一个相当复杂的项目。原始设计师创建了一个“cookie”,似乎是服务器端而不是基于客户端(尽管我可能在该部分非常错误)。他将它用于他所谓的“最低特权,单一登录”。我有下面的代码在所有的Web服务代理的他成立了:服务器Cookie?
[WebServiceBinding(Name = "ISecurityManager", Namespace = "urn:riv:apis:security:forms:ver1")]
public partial class SecurityManager : SoapHttpClientProtocol, ISecurityManager
{
public SecurityManager()
{
//Url = CookieManager.WebServiceUrl(String.Empty, ref CookieContainer);
// I’d like to replace the following code with a call like this...
CookieContainer = new System.Net.CookieContainer();
string urlSetting = ConfigurationManager.AppSettings["SecurityManager"];
if (urlSetting != null)
Url = urlSetting;
else
Trace.TraceWarning("No URL was found in application configuration file");
string cookieName = FormsAuthentication.FormsCookieName;
string cookiePath = FormsAuthentication.FormsCookiePath;
string cookieDomain = Properties.Settings.Default.CookieDomain;
HttpCookie authCookie = HttpContext.Current.Request.Cookies[cookieName];
if (null != authCookie)
CookieContainer.Add(new Uri(urlSetting), new System.Net.Cookie(cookieName, authCookie.Value, cookiePath, cookieDomain));
}
….
我也有这样的代码非常到处:
string cookieName = FormsAuthentication.FormsCookieName;
string SecurityContext.ApplicationName = HttpContext.Current.Request.Cookies[cookieName].Path;
string SecurityContext.UserName = HttpContext.Current.User.Identity.Name;
if (!string.IsNullOrEmpty(SecurityContext.UserName))
….
在所有情况下,当它获得authCookie,它出现null或SecurityContext.UserName为空。我不是一个cookie大师,这个人的代码很多都是混淆的 - 而且文档也是零。
任何人都可以使头或尾出于代码块的意图吗?
TIA