1. 首页
  2. 问答
  3. Cookie值在Cookie过期之前过期

Cookie值在Cookie过期之前过期

2009-09-23 114 views
1

我有一个我正在处理的asp.net MVC应用程序,并且我编写了一个自定义actionfilter以基于在登录时设置的授权级别过滤掉某些控制器操作,并存储在加密的cookie与formsauthentication cookie一起,两个cookie被设置为具有相同的到期时间,但由于某种原因,在空闲时间之后授权cookie值变为空白,我还没有能够调试并在行为中捕获它,但它就这样消失Cookie值在Cookie过期之前过期

我actionfilter代码如下所示:

string usersRole = ""; 
if (filterContext.HttpContext.Session["role"] != null) 
usersRole = filterContext.HttpContext.Session["role"].ToString(); 
else if (filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value != null) 
{ 
usersRole = filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value; 
filterContext.HttpContext.Session["role"] = usersRole; 
} 
string encryptedRole = EncryptionHelper.Encrypt(RoleToCheckFor); 

if (encryptedRole == usersRole || usersRole == EncryptionHelper.Encrypt("Admin")) //if the user's role and role required match, we have success 
     { 
      //now we break down the response action based on what role was required 
      if (RoleToCheckFor == "Admin") 
      { 
      } 
      else if (RoleToCheckFor == "Tech" || RoleToCheckFor == "Admin") 
      { 

      } 
      else if (RoleToCheckFor == "Physician" || RoleToCheckFor == "Admin") 
      { 

      } 
     } 
     else 
     { 
      filterContext.Result = new ViewResult 
      { 
       ViewName = "NoAuth", 
       ViewData = filterContext.Controller.ViewData, 
       TempData = filterContext.Controller.TempData 
      }; 
     }

来源

2009-09-23 Jimmy

+0

读取值(管道格式)发现了一个可能的问题,我的应用程序存储它出现时期满 – Jimmy 2009-09-23 15:24:11

回答

2

我做同样的来存储角色。为什么他们并排?

我假设你正在做这样的事情:

FormsAuthenticationTicket authTicket = 
       new FormsAuthenticationTicket(1, 
              username, 
              DateTime.Now, 
              DateTime.Now.AddMinutes(60), 
              rememberMe, 
              roles); 
      string encTicket = FormsAuthentication.Encrypt(authTicket); 
      HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); 
      authenticationCookie.HttpOnly = true; 
      contextBase.Response.Cookies.Add(authenticationCookie);

如果您正在使用FormsAuthentication.SetAuthCookie还有,我不认为你需要,我不这样做,那么请确保你的配置有超时也设置为60分钟,或者等于上述时间。从饼干(如需要)

private static void ReadCookieForPrincipal() 
{ 
    string cookieName = FormsAuthentication.FormsCookieName; 
    HttpCookie authCookie = HttpContext.Current.Request.Cookies[cookieName]; 

    // If the cookie can't be found, don't issue the ticket 
    if (authCookie == null) return; 

    // Get the authentication ticket and rebuild the principal & identity 
    FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); 
    string[] roles = authTicket.UserData.Split(new Char[] { '|' }); 
    GenericIdentity userIdentity = new GenericIdentity(authTicket.Name); 
    GenericPrincipal userPrincipal = new GenericPrincipal(userIdentity, roles); 
    HttpContext.Current.User = userPrincipal; 
}

来源

2009-09-23 15:20:15 dove

+0

心示出要清理出我的Cookie值的会话ID cookie如何将角色添加到formsauth cookie中,然后检索这些值? – Jimmy 2009-09-23 15:23:39

+0

是的,即使我在做什么减去了cookie的末尾的角色,你如何将角色数据从formsauth cookie中提取出来? – Jimmy 2009-09-23 15:25:33

+0

介意分享你的代码,检查用户在哪个角色? – Jimmy 2009-09-23 15:30:15

相关问题

 相关问题