1. 首页
  2. 问答
  3. .net表单身份验证问题

.net表单身份验证问题

2011-01-13 111 views
1

我正在使用mvc.net中的自定义登录页面。我检查登录像这样:.net表单身份验证问题

public bool Login(string login, string password, bool persistent) 
{ 
    var loginEntity = this.AdminRepository.GetLogin(login, password); 
    if (loginEntity != null) 
    { 
    FormsAuthentication.SetAuthCookie(login, persistent); 

    HttpContext.Current.Session["AdminId"] = loginEntity.AdminId; 
    HttpContext.Current.Session["AdminUsername"] = loginEntity.Username; 

    return true; 
    }

然后我装点需要与过滤器属性的管理权限的任何控制器:

public override void OnActionExecuting(ActionExecutingContext filterContext) 
{ 
    var ctx = HttpContext.Current; 

    // check if session is supported 
    if (ctx.Session != null) 
    { 
    var redirectTargetDictionary = new RouteValueDictionary(); 

    // check if a new session id was generated 
    if (ctx.Session.IsNewSession) 
    { 
     // If it says it is a new session, but an existing cookie exists, then it must 
     // have timed out 
     string sessionCookie = ctx.Request.Headers["Cookie"]; 
     if (((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) || null == sessionCookie) 
     { 
      redirectTargetDictionary = new RouteValueDictionary(); 
      redirectTargetDictionary.Add("area", "Admin"); 
      redirectTargetDictionary.Add("action", "LogOn"); 
      redirectTargetDictionary.Add("controller", "Home"); 

      filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
     } 
     } else if (SessionContext.AdminId == null) { 
     redirectTargetDictionary = new RouteValueDictionary(); 
     redirectTargetDictionary.Add("area", "Admin"); 
     redirectTargetDictionary.Add("action", "LogOn"); 
     redirectTargetDictionary.Add("controller", "Home"); 

     filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
     } 
    } 
    base.OnActionExecuting(filterContext); 
}

我看到日志后我有两个饼干:

  1. ASPXAUTH(过期日期将 设置为“会话结束时”( 持续存在时为false)或(现在为 (当persist设置为true时)为30分钟
  2. 和ASP.NET_SessionId这 到期时间始终是“在 会议结束”

问: 的问题是,即使我设置为TRUE,以“坚持”选项(这将设置ASPXAUTH到期时间从现在开始30分钟 - 这很好)我关闭并重新打开浏览器后,Session [“AdminId”]始终为空。当我最初将“持续”设置为true并关闭然后重新打开浏览窗口时,如何确保我的会话(会话[“AdminId”]和会话[“AdminUsername”])从Cookie中被拉入。 谢谢

来源

2011-01-13 ShaneKm

+1

持久性的工作参数设置,如果设置为true,过期的cookie属性。你在你的web.config中设置了Expires到了什么。你有没有试过用ie来检查cookie的内容。提琴手,看看过期是否设置? – 2011-01-13 21:52:30

回答

0

,我发现我的解决方案在这里:Is it possible to use .ASPXAUTH for my own logging system?

,这就是我所做的:

public class SessionExpireFilterAttribute : ActionFilterAttribute 
{ 
    /// <summary> 
    /// Controller action filter is used to check whether the session is still active. If the session has expired filter redirects to the login screen. 
    /// </summary> 
    /// <param name="filterContext"></param> 
    public override void OnActionExecuting(ActionExecutingContext filterContext) 
    { 
     var ctx = HttpContext.Current; 

     // check if session is supported 
     if (ctx.Session != null) 
     { 
      // check if a new session id was generated 
      if (ctx.Session.IsNewSession) 
      { 
       var identity = ctx.User.Identity; 

       // If it says it is a new session, but an existing cookie exists, then it must 
       // have timed out 
       string sessionCookie = ctx.Request.Headers["Cookie"]; 
       if (((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) || null == sessionCookie) 
       { 
        var redirectTargetDictionary = new RouteValueDictionary(); 
        redirectTargetDictionary.Add("area", string.Empty); 
        redirectTargetDictionary.Add("action", "LogOn"); 
        redirectTargetDictionary.Add("controller", "User"); 

        filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
       } 

       // Authenticated user, load session info 
       else if (identity.IsAuthenticated) 
       { 
        var loginRepository = new LoginRepository(InversionOfControl.Container.Resolve<IDbContext>()); 
        IAuthenticationService authenticationService = new AuthenticationService(loginRepository); 
        authenticationService.SetLoginSession(identity.Name); 
       } 
      } 
      else if (SessionContext.LoginId == null) 
      { 
       var redirectTargetDictionary = new RouteValueDictionary(); 
       redirectTargetDictionary.Add("area", string.Empty); 
       redirectTargetDictionary.Add("action", "LogOn"); 
       redirectTargetDictionary.Add("controller", "User"); 

       filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
      } 
     } 
     base.OnActionExecuting(filterContext); 
    } 
}

来源

2011-01-14 12:12:47 ShaneKm

0

具有到期时间的cookie会写入磁盘。因此,如果cookie未过期,用户在下次打开浏览器时仍然会登录。

会话cookie仅存储在内存中,并且只要浏览器关闭就会丢失。

会话cookie是一个没有过期日期的cookie。

来源

2011-01-13 22:31:47

+0

即使我设置为true,我的ASP.NET_SessionId cookie也没有到期日期。 ? – ShaneKm 2011-01-14 07:59:59

相关问题

 相关问题