��к�

Select the product you need help with

��䢻ѭ�ҡ��Ѻ�ͧ��١��ͧ�ͧẺ��

��Ţ�� (Article ID): 910439 - ��Ե�ѳ��Ǣ�ͧ㹺��

��ԡ��ʹ٢�ͨӡѴ��Ѻ�Դ�ͺ�ͧ KB ��¤��

��ԡ��ʴ��¤��е鹩�Ѻ��ѧ��§��ҧ�ѹ

ASP .NET ʹѺʹع��§��

Ẻ��Ѻ�ͧ��١��ͧ㹡��䢻ѭ��

��͵�ͧ��˹��ç�Ѻ��ͧ��âͧ�س ��Ң��س��ǤԴ�ͧ�س��ǡѺ��Ǣ�ͷ��ʹ��лѭ�ҷ��س��ͧ��ô�㹺��ҹ��Ф��§ʹѺʹع�͹Ҥ� �س��ö�觢ͧ�ǤԴ��С��Ż�͹��Ѻ �ʹѧ��
(http://support.microsoft.com/common/survey.aspx?scid=sw;en;1176&p0=&p1=&p2=&p3=&p4=)
Ẻ�� ͡�ҡ��ѧ�ա��§��ѧẺ��ҹ��ҧ�ͧ��

��·�� | �غ��

��Һ�˹�ҹ��

�Թ�յ�͹�Ѻ��§ʹѺʹع ASP.NET ��ͧ͢�ѹ�� Jerry Orman �ѹ�ӧҹ�Ѻ Microsoft �Թ 5 �� ա��ǹ�˭�ͧ�ѹ ��ҷ��Ӥѭ�෤��շ��Ǣ�ͧ�Ѻ�� Microsoft FrontPage �� ෤��բͧ Microsoft SharePoint �� ѹ��㹻��ش��·��ӧҹ�� ǡý��ʹѺʹع�ͧ Microsoft ASP.NET ��͹��§ʹѺʹع �� ͸Ժ��Ըա��䢻ѭ��Ẻ��Ѻ�ͧ��١��ͧ� Microsoft ASP.NET

��Ѻ仴�ҹ�� | ��ʹ��

Ẻ��Ѻ�ͧ��١��ͧ㹡��䢻ѭ��

��ͤس��Ѻ�ͧ��١��ͧ�ͧẺ��ء�� ASP.NET �س�Ҩ��Ҩ��㹡��䢻ѭ�ҷ��Դ��ͼ�� ¡��¹��鹷ҧ��ѧ˹�ҡ��к� ��š��ش �� ѭ�Ҩ��Դ��ѡɳз��Ъ��س��öṺ�Ѻ �պѡ�� лѭ��㹡�èѺ�Ҿ ��Ҿ�Ǵ��㹡�ü�Ե ��ҧ�á�� ó��лѭ�� ͵�ͧ��䢻ѭ��Ẻ��蹹�� س��繵�ͧ�ѹ�֡��ŷ��Ǣ�ͧ�Ѻ�ѭ��س��ö�ӡѴ�ͺࢵŧ�ҡ ��

㹤�� Ф�ͺ �ǤԴ��ǡѺ��þ��٨��Ǩ�ԧ�ͧ�� ҨФ��ʶҹ��ó�� ա��¹��鹷ҧ��ѧ˹�ҡ��к��Ըա��Ǻ�� 觨��Ǣ�ͧ�Ѻ��¡�ѭ�� ͡�ҡ��ҨФ�ͺ��Ըա��Թ��࿫�ͧ IHttpModule ��͵�ͧ��úѹ�֡��š��Ѻ�ͧ��١��ͧ�ͧ��

�Ҿ��Ѻ�ͧ��١��ͧ�ͧẺ��

��Ѻ�ͧ��ѧ��䫵� ��Ѻ�ͧ��١��ͧ�ͧẺ�� ҧ�ء�� Ңͧ�ء�� ѵá��Ѻ�ͧ��١��ͧ�ͧ��Ѻ�� ء��ж١�觼�ҹ��ѧ��ФӢ�� ;��पѹ ��Ф��FormsAuthenticationModule decrypts ��Ҥء�� ˹��Ҷ�Ҽ��١��ͧ ��

�¤��FormsAuthenticationModule ��ʨж١�� Machine.config ��FormsAuthenticationModule�Ѵ��áѺ��кǹ�� FormsAuthentication

��仹�� ¡�èҡ�� Machine.config:

<httpModule>
     �other modules�
     <add name="FormsAuthentication"
         type="System.Web.Security.FormsAuthenticationModule" />
     �other modules�
</httpModule>

��Ѻ�觢�� HTTP ��Ѻ��Ѻ�ͧ��١��ͧ��Ѻ�ͧ��١��ͧ�ͧẺ��ѡɳФ��¡Ѻ��仹��:

��͹�� HTTP ��Ѻ�� Default.aspx ��դء��Ѻ�ͧ��١��ͧẺ��ж١��
��觡�õͺʹͧ 302 (��¹��鹷ҧ) �֧ Login.aspx
��͹��觡�� POST HTTP �� Login.aspx ��к�
��觡�õͺʹͧ 302 (��¹��鹷ҧ) �֧ Default.aspx �ء��Ѻ�ͧ��١��ͧ�ͧ��
��͹�� HTTP ��Ѻ�� Default.aspx ��֧�ء��Ѻ�ͧ��١��ͧ�ͧ��

��Ѻ��ǡѺ�� С�� Ѻ�ͧ��١��ͧ�ͧẺ�� 价�� MSDN ��䫵��仹��:

http://msdn2.microsoft.com/en-us/library/7t6b43z4.aspx

(http://msdn2.microsoft.com/en-us/library/7t6b43z4.aspx)

.aspx http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentication (vs.71)

(http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentication(vs.71).aspx)

.aspx http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthenticationticket (vs.71)

(http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthenticationticket(vs.71).aspx)

��Ѻ��ǡѺ�ء��Ѻ�ͧ��١��ͧ�ͧẺ��ѹ �� ASP.NET 䫵��仹��:

http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/formsauth.aspx

(http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/formsauth.aspx)

��˵ؼŷ�� Ҩ�١��¹��鹷ҧ��ѧ˹�ҡ��к�

�ء��Ѻ�ͧ��١��ͧ�ͧ��

ʶҹ��ó��Է�� 1

�ʶҹ��ó��Թ�� ͡�͹��䫵� � �ش㴨ش˹�� ͹��觡��ͧ��ѧ�� FormsAuthenticationModule��Ѻ�ء�� س��ö ��˹��Ҷ�ҡ��ͧ�ͧ͢��Сͺ��¤ء�� ¡��Դ��ҹ�ء�� к�� Microsoft Internet Information Services (IIS) ��͵�ͧ��蹹�� ӵ��鹵͹��ҹ��:

�Դ�� IIS Microsoft Management Console (MMC)
��ԡ��䫵� ��Шҡ�� ԡ�س��ѵ�.
��ԡ ��䫵� �� Ф�ԡ �Դ��ҹ ��к�.
��Ǩ�ͺ�� ٻẺ��ѹ�֡ ��ѹ�֡�ͧ w 3 c �ٻẺ.
��ԡ �س��ѵ�.
��ԡ ��٧ �� Ф�ԡ�س��ѵ��.
�� �س��ѵ����ԡ��͡Ẻ Cookie(cs(Cookie)) ��ͧ��ͧ�� Referer (cs(Referer)) ��ͤس��͡��ͧ��ͧ��

��ѧ�ҡ�ѭ�ҹ��Դ�� ˹��͹��ա�� ѭ��з�� IP �ͧ��繵� ��ͧ��ѹ�֡ IIS �� IP �ͧ��͹�� д��ء��> ��

��˵� �س��ö��¡��ѹ�֡��¡��ѹ�֡ IIS ��͵�ͧ��ô�ǹ��Ŵ��¡��ѹ�֡ ��价��䫵��仹��ͧ Microsoft:

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07

(http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07)

��ѧ�ҡ��س��¡�âͧ��ͧ�ͨҡ��к� �� ͧ��ѧ˹�ҡ��к� �س��Һ�� ǡ��١��¹��鹷ҧ ��˹�� Фس��ͧ��ô٤Ӣ͡�͹ ��¹��鹷ҧ�Դ�� Ҥس��繢�ͤ��¡Ѻ��仹�� ͹�� ҧ��ҧ˹��觤ء��ͤء��١��͡仺��͢��ҧ��͹��

��͡��к�Ẻ��

�غ��ҧ��µ��ҧ��

�Ըա��	˹��	��õͺʹͧ	�ء��
��Ѻ	/Default.aspx	302 (��¹��鹷ҧ)	�� ء��
��Ѻ	/Login.aspx	200 (��)	�� ء��
ŧ��¡�úѭ��	/Login.aspx	302 (��¹��鹷ҧ)	�� ء��
��Ѻ	/Default.aspx	200 (��)	.ASPXAUTH
��Ѻ	/SomePage.aspx	302 (��¹��鹷ҧ)	�� .�ء�� ASPXAUTH

��ͼԴ��Ҵ��仹��ͤӢ�� ¡��ͧ��ѧ˹�Һ�䫵� ��ͧ��ASPXAUTH �ء��

�غ��ҧ��µ��ҧ��

�Ըա��	˹��	��õͺʹͧ	�ء��
��Ѻ	/SomePage.aspx	302 (��¹��鹷ҧ)	�� .�ء�� ASPXAUTH
��Ѻ	/Login.aspx	200 (��)	�� .�ء�� ASPXAUTH
ŧ��¡�úѭ��	/Login.aspx	302 (��¹��鹷ҧ)	�� .�ء�� ASPXAUTH
��Ѻ	/SomePage.aspx	200 (��)	.ASPXAUTH

��˵� �Ӣ��á�ҡ��Ҩ��Ẻ�� ء��Ѻ�ͧ��١��ͧ��Ҥس��ѧ��ҧ�ء��Ẻ�� ѹ�֡ IIS ��ʴ�੾�Фس�ء�� Ѻ㹡��ͧ�� Ӣ��á��ء��Ѻ�ͧ��١��ͧẺ��դӢ��ѧ�ҡ��ʺ�� 㹡��к�

ʶҹ��ó�� 2

�ء��Ѻ�ͧ��١��ͧẺ��͡�ҡ��Ҩ�٭��Թ�մ�ӡѴ�ͧ�ء��ͧ��繵� � Microsoft Internet Explorer ��բմ�ӡѴ�ͧ�ء�� 20 ��ѧ�ҡ��ء�� 000520 ��ҧ��͹�� ء��͹˹�Ҩж١��͡�ҡ�ͧ��͹�� š�ѹ ��ASPXAUTH �ء��ж١ź�͡ ��ж١��¹��鹷ҧ��ѧ˹�ҡ��к��ա�û��żŤӢͶѴ�

�س��ö��ʶҹ��ó��ҹ��ͧ��ѡɳ��ǡѹ �٤Ӣ��§�� ͹��¹��鹷ҧ��ѧ˹�ҡ��к� ��ҧ��ͧ��ѧྨ�� ء�� պҧ��觺ҧ��ҧ��͵�Ǩ�ͺ

��Ѻ�� ԡ��Ţ��仹��ʹٺ��㹰ҹ��ͧ Microsoft:

306070

(http://support.microsoft.com/kb/306070/ )

�մ�ӡѴ�ͧ��Ҵ ��е��Ţ�ͧ�ء�� Internet Explorer

�س��ö�� Fiddler ��ʹ��ǹ�� HTTP ��ж١��ѧ��͹�� ѧ�ҡ��س�Ѻ�Ҿ��Ѻ�觢�� Ӣ� ��ԡ�ͧ�� ԡ ��ǹ�� ��͵�ͧ��ô��Ǣ�͡�õ�駤�Ҥء�� Ҥس��ͧ�Դ�� к��º�� س��Ǣ�͡�õ�駤�Ҥء��㹡�õͺʹͧ�ͧ�� ͡�Թ��ʺ��

��͵�ͧ��ô�ǹ��Ŵ Fiddler �� Fiddler ��䫵��仹��:

http://www.fiddlertool.com/fiddler/

(http://www.fiddlertool.com/fiddler/)

ʶҹ��ó��Է�� 3

��ѧ�ҡ��ͧ�ͨҡ��͹�� ժ�鹵�ҧ � ��ö�觼š�з��͡��ŷ��Ѵ�� ͵�ͧ��õ�Ǩ�ͺ�� ػ�ó��͢�� Ҥء�� س��繵�ͧ��Ǩ�ͺ��͢��º��繵�� èѺ�Ҿ �� ͧ��ͤ��ͧ��ͧ��Ѻ�ء�� س��ͧ�� ٤Ӣͧ͢��͹�� ء��١�� С�õ�Ǩ�ͺ�� ׺�鹡�Ѻ��õ�Ǩ�ͺ�� Ѻ�ء��

��ͧ�ͧ͢��繵�

��ͤ��ͧ��Ѻ��ѧ�ҡ��Ѻ��Ѻ�ͧ �� źѵá��Ѻ�ͧ��١��ͧ�ͧ��ж١��չ��Թ ��׹�ѹ �� Ťء��͡�ҡ��͹�� ͤس��èѺ�Ҿ�ͧ��͢�� ͧ�� Netmon �س��繻��ҳ��ŷ��仨�ԧ �¼�ҹ�� ᴻ��

47 45 54 20 68 74 74 70-3a 2f 2f 6c 6f 63 61 6c   GET http://local
68 6f 73 74 2f 46 6f 72-6d 73 41 75 74 68 4c 6f   host/FormsAuthLo
67 54 65 73 74 2f 57 65-62 46 6f 72 6d 31 2e 61   gTest/WebForm1.a
73 70 78 20 48 54 54 50-2f 31 2e 31 0d 0a 41 63   spx HTTP/1.1..Ac
63 65 70 74 3a 20 69 6d-61 67 65 2f 67 69 66 2c   cept: image/gif,
�Other headers of the GET request�
63 68 65 0d 0a 43 6f 6f-6b 69 65 3a 20 2e 41 53   che..Cookie: .AS
50 58 41 55 54 48 3d 33-43 45 46 39 42 39 41 30   PXAUTH=3CEF9B9A0
43 33 37 41 44 46 36 33-45 36 42 44 33 37 42 36   C37ADF63E6BD37B6
39 43 44 41 32 35 30 30-30 46 38 30 37 32 38 46   9CDA25000F80728F
35 31 43 39 35 36 36 44-31 34 43 35 34 31 34 35   51C9566D14C54145
38 31 43 39 33 45 32 41-30 31 44 44 43 44 45 46   81C93E2A01DDCDEF
32 34 41 31 37 34 32 39-34 31 30 43 30 39 37 34   24A17429410C0974
42 33 45 43 42 30 36 34-32 32 38 45 33 35 33 39   B3ECB064228E3539
39 41 38 32 32 42 33 42-39 33 36 44 46 30 38 46   9A822B3B936DF08F
42 41 42 44 33 45 31 30-32 44 30 30 32 31 30 43   BABD3E102D00210C
32 45 31 33 39 38 30 37-39 42 32 33 35 32 39 46   2E1398079B23529F
34 46 35 44 37 34 41 3b-20 50 72 6f 66 69 6c 65   4F5D74A; Profile
3d 56 69 73 69 74 6f 72-49 64 3d 62 32 34 65 62   =VisitorId=b24eb

�ͽ��

��ͤس�١��ͧ�ͷ�� Ҷ֧�س ��ͧ��Ǩ�ͺ�� Ѻ��ǡѺ�� 繵�� Ѻ��ǡѹ �س��繵�ͧ��Ǩ�ͺ�ػ�ó�� 㹡�� ͢��͵�Ǩ�ͺ��ء��١��͡

��˵� �͡�ҡ��ѧ��Թ�ᵹ��ͧ��ǡ�ͧ ISAPI ��Ҥء��͡ ��Ҥس�׹�ѹ�� Ѻ�ء�� ء�� ѹ�֡ IIS ��Ǩ�ͺ��ǡ�ͧ ISAPI �س�Ҩ��ͧź��ǡ�ͧ��ʹ��ҡ�� ѭ��Ѻ��

�ѵá��Ѻ�ͧ��١��ͧẺ��

��˵ط�� Ѻ��¹��鹷ҧ��Ͷ�� Ẻ��Ѻ�ͧ��١��ͧ ticket �� Ѻ�ͧ��١��ͧ�ͧẺ�� ticket ��ö��ͧ�Ը� ʶҹ��ó��á�Դ��ҡ�س�� ѹ��ط��͹ ��ѹ��ó� �ѵá��Ѻ�ͧ��١��ͧ��͡�� ҧ�� س��ö��駤�ҡ��آͧ 20 �ҷ� ��м�� 䫵�� 2:00 PM ��ж١��¹��鹷ҧ��ѧ˹�ҡ��к�� 䫵��ѧ�ҡ�� 2:20 PM

��Ҥس��ᶺ��͹�ѹ�� ʶҹ��ó��Ѻ��͹�ҡ��硹�� ء��кѵ��繼��Ѿ�� Ѻ��û�Ѻ��ا��Ҽ��䫵��ѧ�ҡ��ب��ŧ��Ǥ�� ҧ�� س��駤�ҡ��آͧ 20 �ҷ� ��ᶺ��͹�� 䫵�� 2:00 PM ��м��Ѻ�ء��١��駤�� 2:20 PM ��ҹ��Ѻ��û�Ѻ��ا��Ҽ��䫵��ѧ�ҡ�� 2:10 PM ��Ҽ��䫵�� 2:09 PM, ticket ��Ѻ��ا��ͧ�ҡ��˹�觢ͧ ��ҹ ��Ҽ��ҡ��͹ҷ� 12 ��䫵�� 2: �. 21 �ѵè�� ١��¹��鹷ҧ��͡�Թ ˹��

�Ըա��˹��Ҷ֧��Դ�ͧ��õѴ�Թ��Ҩҡ��ѧ�� Ẻ�� ٨��Ǩ�ԧ�ͧ�ء��кѵâ�� Ըչ�� س��ö��ҡ�� ء��Ѻ �� IIS ��Ф�Ҥ�� س��ö��蹹�� ¡��¹ ��HttpModule�� º��Ź��任��Ź��ͧ�� س��ա�û�Ѻ��¹�鴢ͧ��ء��ͧ�س��¡�٢��ŷ��س ��繵�ͧ

��ҧ��Ṻ� Microsoft .NET Framework 1.1 ��.NET Framework 2.0 ��÷ӧҹ �� ͤԴ��繷�� ҧ��Сͺ��仹��:

FormsAuthEvents.cs: ��ʷ��ż�IHttpModule��м�ǡ��˵ء�ó�Application_BeginRequest
FormsAuthInfo.cs: ��ʷ��֧��Ťء�� decrypts �ѵá��Ѻ�ͧ��١��ͧẺ�� ͡�ҡ��ѧ��Ǩ�ͺ�ͧ��ء�� Դ�� Web.config ��㨷��Ѻ�ͧ��١��ͧ
FormsAuthConfig.cs: ��ʷ��ҹ��Ũҡ�� FormsAuthLogger.config
Log.cs: ��ѺẺ stringbuilder ��¹��͡ ��͵�ͧ��͡��
FormsAuthLogger.config: �� XML ��١��ҹ �� Log.cs �� /bin �Ѻ DLL ��ҧ�� س��ö ��駤�Ҥ͹�ԡ��仹��:
- ��ͧ�� IP: �س��ö��ͧ��èѺ�Ҿ�ͧ��Ŵ�� IP �ͧ��繵� ��Ըչ�� س��ö��੾�Ф��ͧ�ͨҡ��͹��Һ�� ǹ�Դ�ѭ�� 觪��Ŵ��Ҵ�ͧ��ѹ�֡
- ��Դ�ͧ��èѺ�Ҿ: ��кص��˹觷��кѹ�֡�� 鹤�� Ǥ��Ǣͧ ASP.NET ��س��ö�ѹ�֡��Ź�� 㴡��Һ��Һѭ�ա�кǹ��âͧ��黯Ժѵԧҹ�դ��ö㹡��¹� ��

��˵� �ѹ��ա��§��ǹ��Ŵ��Ѻ��ʷ��㹵�� FormsAuthLogger.zip

�ѹ�Ъ��͡��鹷��ѡ��:

��ҧ��ʷ��ż��Թ��࿫��ѺIHttpModule
public class FormsAuthEvents : IHttpModule { �code� }
��¤��˵ء�ó�س��ͧ��ô� 㹵��ҧ�� ҡ��ѧ��˵ء�ó�Application_BeginRequest �Ըչ��ö��Ǩ�ͺ��ͧ�� д�� Ẻ��ء��Ѻ�ͧ��١��ͧ��͡FormsAuthenticationTicket��Ҥء��
public void Init(HttpApplication application) { //Wire up the BeginRequest event application.BeginRequest += (new EventHandler(this.Application_BeginRequest)); }

��˵ء�ó�Application_BeginRequest

private void Application_BeginRequest(Object source, EventArgs e)
{	
   �code to log the ticket�
}

�֧��Ťء��Ѻ�ͧ��١��ͧẺ�� жʹ��Ѻ�� ѧ��
��ҡ��к� �ѹ�Т��й��к��仹�� ŢͧẺ�� 觨Ъ��س�Ѵ��ͧ�س ��š��Ѻ�ͧ��١��ͧ��ѧ��ѹ�֡ IIS ��Ҩ��:
- �ѹ: ͹حҵ��س��͡��ͧ�� 㹡��ҹ
- RequestType: �ʴ��ҡ��ͧ�� Ѻ ŧ��¡�úѭ��
- URL: �ʴ��ٻẺ�ͧ ��ͧ�͹Ӥ�һѭ��
- �ӡ��ҧ�ԧ
- ClientIP: ��ǡ㹤Ӣ��к� ��繵�

��Ѻ仴�ҹ�� | ��ʹ��

�� س��ö�觤��Դ��Ǣ�ͷ��س��ͧ�� Ѻ��èѴ�� ͹Ҥ�� 㹰ҹ��ͧ�� ʹѧ��

(http://support.microsoft.com/common/survey.aspx?scid=sw;en;1176&p0=&p1=&p2=&p3=&p4=)

Ẻ��

��Ѻ仴�ҹ�� | ��ʹ��

�س��ѵ�

��Ţ�� (Article ID): 910439 - ��Ǥ��ش��: 30 ��Ҥ� 2556 - Revision: 3.0

��Ѻ

Microsoft ASP.NET 1.1
Microsoft ASP.NET 1.0
Microsoft ASP.NET 2.0

kbtshoot kbiis kbcode kbasp kbmt KB910439 KbMtth

��¤��

��Ӥѭ: ��«Ϳ��Ŵ��¤��ͧ Microsoft ᷹��繹ѡ�ŷ��繺ؤ�� Microsoft �պ��¹ѡ��к��Ŵ��¤�� س��ö��Ҷ֧��㹰ҹ��ͧ�� Ңͧ�س�ͧ ��ҧ�á�� Ŵ��¤��Ҩ�բ�ͺ��ͧ ��Ҩ�բ�ͼԴ��Ҵ㹤��Ѿ�� ٻẺ��ҡó� ��ǡѺ�óշ��ǵ�ҧ�ҵԾٴ�Դ��;ٴ��Ңͧ�س Microsoft ��ǹ�Ѻ�Դ�ͺ��ͤ��Ҵ��͹ ��Դ��Ҵ��ͤ��·��Դ�ҡ��ҼԴ��Ҵ ��͡��麷�Ţͧ�١�� Microsoft �ա�û�Ѻ��ا�Ϳ��Ŵ��¤��繻�Ш�

��仹��繩�Ѻ��ѧ��ɢͧ��:910439

(http://support.microsoft.com/kb/910439/en-us/ )

��Ѻ仴�ҹ�� | ��ʹ��