MVC Authorisation issue / repeated loggin request

I have set up a authorisation schema to handle access to subdomain sites as well as to make sure only site related data is accessible by the users.

I use 'standard' codefirst forms authorisation in which I have added property SiteId to all the methods as well as all the tables. (example is shown bellow- sorry for the length of it)

This way, users that log in in different subdomain sites can use the same user name in their subdomain.

I also use siteID in all other tables to make sure that authorised users working with ,for example, customer data are working with customer data that is related to their subdomain only.

Locally, on dev machine, it works without a problem.

However, once I placed the app to web host, I get redirected to login screen every few minutes. And once it happens on one of the sites I get redirected from all the other sites I'm logged in. (site1.myapp.com, site2.maypp.com, ....) All the sites point to the same application (site1.myapp.com)

So the questions are:

1) if anyone has an idea/experience in what may be the cause/solution for this and

2) perhaps suggestion on different (better) implementation method

Could there be something with caching that is causing the system to ask for login authorisation so often?

Following is the example of the current set up that I have:

public class User
{

    //Membership required
    [Key()]
    public virtual Guid UserId { get; set; }
    public int SiteID { get; set; }
    [Required()]
    [MaxLength(20)]
    public virtual string Username { get; set; }
    [Required()]
    [MaxLength(250)]
    [DataType(DataType.EmailAddress)]
    public virtual string Email { get; set; }
    ...

Membership provider is using the siteID is as well:

public class CodeFirstMembershipProvider : CodeFirstExtendedProvider
        {

            private string _ApplicationName;
            private int siteID = Convert.ToInt16(new AppSettings()["SiteID"]);
            ...
            ...

            public override string ExtendedValidateUser(string userNameOrEmail, string password)
            {
            ...
            ...                    
                using (DbContext context = new DbContext())
                {
                    User user = null;
                    user = context.Users.FirstOrDefault(Usr =>( Usr.Username == userNameOrEmail ) && (Usr.SiteID == siteID));
                    if (user == null)
                    {
                        user = context.Users.FirstOrDefault(Usr => (Usr.Email == userNameOrEmail ) && (Usr.SiteID == siteID));
                    } 
                    ... 
                    ...

In each controller I have:

[Authorize]
public class CustomerController : Controller
{
    int siteID = Convert.ToInt16(new AppSettings()["SiteID"]);
...

    public ViewResult Index()
    {
        var data = (from k in context.Customers
                    from ks in context.CustomerSites
                    where ((k.CustomerID == ks.CustomerID) && (ks.SiteID == siteID) && (ks.CompleteAccess == true))
                    select (k)).ToList();  
         ...           
         ...

SiteID is being cached by using AppSettings class::

/// <summary>
/// This class is used to manage the Cached AppSettings
/// from the Database
/// </summary>
public class AppSettings
{

  /// This indexer is used to retrieve AppSettings from Memory (only siteID for now)

  public string this[string Name]
  {
   get
   {
     //See if we have an AppSettings Cache Item
     if (HttpContext.Current.Cache["AppSettings"] == null)
     {
         int? SiteID = 0;
        //Look up the URL and get the Tenant/Site Info
        using (DbContext dc =
           new DbContext())
        {
           Site result =
                  dc.Sites
                  .Where(a => a.Host ==
                     HttpContext.Current.Request.Url.
                        Host.ToLower())
                  .FirstOrDefault();

           if (result != null)
           {
              SiteID = result.SiteID;               }
        }
        AppSettings.LoadAppSettings(SiteID, FirmaID);
     }

     Hashtable ht =
       (Hashtable)HttpContext.Current.Cache["AppSettings"];
     if (ht.ContainsKey(Name))
     {
        return ht[Name].ToString();
     }
     else
     {
        return string.Empty;
     }
  }

}

/// <summary>
/// This Method is used to load the app settings from the
/// database into memory
/// </summary>
public static void LoadAppSettings(int? SiteID)
{
  Hashtable ht = new Hashtable();

  //Now Load the AppSettings
  using (DbContext dc =
     new DbContext())
  {
      ht.Add("SiteID", SiteID);
  }

  //Add it into Cache (Have the Cache Expire after 3 Hour)
  HttpContext.Current.Cache.Add("AppSettings",
     ht, null,
     System.Web.Caching.Cache.NoAbsoluteExpiration,
     new TimeSpan(3, 0, 0),
     System.Web.Caching.CacheItemPriority.NotRemovable, null);
     }
  }

---

Aargh....
after many things i have tried it turned out to be, as usually, very simple issue/solution:

As this app is hosted on a shared web host I needed to add machine key in the web.config. (and this is why i couldn't reproduce this error on my development machine.)

Link to generate one is here:Machine key generator

链接地址: http://www.djcxy.com/p/33732.html

上一篇: Django CSRF。 我可以从子域名到主域名吗？

下一篇: MVC授权问题/重复登录请求