IIS 未在 HTTP 标头中设置 Cookie

Question

我使用的 ASP.NET 表单身份验证在网上似乎可以正常工作，但在我的 Internet Explorer、Firefox 和 Chrome 开发环境中却不行。据我所知，当请求页面时，IIS 没有发送Set-Cookie HTTP 标头：

GET http://127.0.0.1:81/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: nb-NO
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 127.0.0.1:81
DNT: 1
Connection: Keep-Alive

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 08 Oct 2014 19:24:58 GMT
Content-Length: 13322

我尝试将127.0.0.1 www.example.com 添加到\Windows\System32\drivers\etc\hosts 文件并改为访问http://www.example.com:81，但这没有任何效果。这是我的 web.config 设置：

<!-- ASP.NET forms authentication is enabled by default -->
<authentication mode="Forms">
  <!-- Set the page to redirect to when the user attempts to access a restricted resource -->
  <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>

Answer 1

如果在 ASP.NET 网页内没有发送任何 cookie，我找到了一种解决方法：总是设置一个虚拟 cookie：

/// <summary>
/// Force the browser to use cookies if none are in use. 
/// Sets an empty cookie.
/// </summary>
void ForceCookiesIfRequired()
{
    if (Request.Cookies == null || Request.Cookies.Count == 0)
    {
        // No cookies, so set a dummy blank one
        var cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, String.Empty) { Expires = DateTime.Now.AddYears(-1) };
        Response.Cookies.Add(cookie1);
    }
}

protected override void OnInit(EventArgs e)
{
    base.OnInit(e);

    // Force the use of cookies if none are sent
    ForceCookiesIfRequired();
}

我以前从未这样做过，是否有一些 Microsoft 补丁或升级损坏了 ASP.NET 表单身份验证？检查您自己的解决方案的一种方法是清除我猜的cookie。这会强制 IIS 服务器发送 Set-Cookie HTTP 标头。