保持登录窗口+表单登录

Question

我想在我的ASP.NET应用程序中实现Facebook和GMail的功能。

我使用窗口和窗体登录的组合，所有这一切都工作得很好。

我有一个登录页面，其中有下面的代码：

public const int LOGON32_LOGON_INTERACTIVE = 2; 
    public const int LOGON32_PROVIDER_DEFAULT = 0; 

    IntPtr token; 
    IntPtr tokenDuplicate; 

    [DllImport("advapi32.dll", SetLastError = true)] 
    public static extern int LogonUserA(String lpszUserName, 
     String lpszDomain, 
     String lpszPassword, 
     int dwLogonType, 
     int dwLogonProvider, 
     ref IntPtr phToken); 
    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
    public static extern int DuplicateToken(IntPtr hToken, 
     int impersonationLevel, 
     ref IntPtr hNewToken); 

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
    public static extern bool RevertToSelf(); 

    [DllImport("kernel32.dll", CharSet = CharSet.Auto)] 
    public static extern bool CloseHandle(IntPtr handle); 


protected void LoginButton_Click(object sender, EventArgs e) 
     { 
if (LogonUserA(userName, Domain.Text, Password.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) == 0) 
      { 
       BadCredentials.Visible = true; 
       BadCredentials.Text = "Not A Valid User"; 
       Global.logger.Info("LogonUserA failed with GetLastWin32Error code =" + Marshal.GetLastWin32Error()); 
       return; 
      } 
      Global.logger.Info("LogonUserA is sucessful"); 


       if (DuplicateToken(token, 2, ref tokenDuplicate) == 0) 
       { 
        BadCredentials.Visible = true; 
        BadCredentials.Text = "Internal Error: DuplicateToken failed"; 
        return; 
       } 

Session["TokenDuplicate"] = tokenDuplicate; 
      if (new GUIUtility().impersonateValidUser(Session) == false) 
      { 
       BadCredentials.Visible = true; 
       BadCredentials.Text = "Impersonation failed"; 
       return; 
      } 

if (GUIUtility.IsUserPartOfWindowsGroup(compUsrNameForEncryption, adminGroupName) == true) 
      { 
       // The user is Instance Admin 

       BadCredentials.Visible = false; 


      } 
// Create the authentication ticket 
     FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,       // version 
             UserName.Text,   // user name 
             DateTime.Now,    // creation 
             DateTime.Now.AddMinutes(60),// Expiration 
             false,      // Persistent 
             role);   // User data 

     // Now encrypt the ticket. 
     string encryptedTicket = FormsAuthentication.Encrypt(authTicket); 

     // Create a cookie and add the encrypted ticket to the 
     // cookie as data. 
     HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);    

     //authCookie.Secure = FormsAuthentication.RequireSSL; 

     // Add the cookie to the outgoing cookies collection. 
     HttpContext.Current.Response.Cookies.Add(authCookie); 
     //Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false)); 
     Response.Redirect("~/Default.aspx"); 
     // Company Admin has logged on 

} 

这是有关于我的web.config这可能是有用的：

<authentication mode="Forms"> 
     <forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="GUI" slidingExpiration="true" timeout="30" path="/"> 
     </forms> 
    </authentication> 
    <authorization> 
     <deny users="?"/> 
     <allow users="*"/> 
    </authorization> 

<sessionState mode="InProc" cookieless="false" timeout="30"/> 

    <!-- 
     The <customErrors> section enables configuration 
     of what to do if/when an unhandled error occurs 
     during the execution of a request. Specifically, 
     it enables developers to configure html error pages 
     to be displayed in place of a error stack trace. 
    --> 
    <customErrors mode="On" defaultRedirect="~/Login.aspx"> 
     <error statusCode="403" redirect="NoAccess.htm" /> 
     <error statusCode="404" redirect="FileNotFound.htm" /> 
    </customErrors> 

这段代码在我的世界。 ascx：

protected void Application_BeginRequest(object sender, EventArgs e) 
    { 

     try 
     { 
      string cookieName = FormsAuthentication.FormsCookieName.ToString(); 
      HttpCookie authCookie = Context.Request.Cookies[cookieName]; 
      if (null != authCookie) 
      { 
       authCookie.Secure = true; 
      } 
     } 
     catch (Exception ex) 
     { 
      Global.logger.Error("Application_BeginRequest: Exception: " + ex); 
     } 
    } 

    protected void Application_AuthenticateRequest(object sender, EventArgs e) 
    { 
     // Extract the forms authentication cookie 

     string redirectSecureUrl = Request.Url.ToString(); 

     string cookieName = FormsAuthentication.FormsCookieName.ToString(); 
     HttpCookie authCookie = Context.Request.Cookies[cookieName]; 


     if (null == authCookie) 
     { 

      // There is no authentication cookie. 
      return; 
     } 

     FormsAuthenticationTicket authTicket = null; 
     try 
     { 
      authTicket = FormsAuthentication.Decrypt(authCookie.Value); 
     } 
     catch (Exception ex) 
     { 
      Global.logger.Error("Application_AuthenticateRequest: Exception: " + ex); 

      return; 
     } 

     if (null == authTicket) 
     { 
      // Cookie failed to decrypt. 
      return; 
     } 

     // When the ticket was created, the UserData property was assigned a 
     // pipe delimited string of role names. 
     string[] roles = authTicket.UserData.Split(new char[] { '|' }); 

     // Create an Identity object 
     FormsIdentity id = new FormsIdentity(authTicket); 

     // This principal will flow throughout the request. 
     GenericPrincipal principal = new GenericPrincipal(id, roles); 
     // Attach the new principal object to the current HttpContext object 
     Context.User = principal; 
    } 

如果我让持久cookie为true而不是false，会发生什么？

谢谢。

Answer 1

仅供参考...

如果你使用真正的一个cookie具有固定到期日将被创建，而不是仅会话cookie的。 Cookie &因此认证票据将在浏览器关闭后存活。

Simon