检查身份验证票证过期不影响它 [英] Check authentication ticket expiration without affecting it

问题描述

我想实现一个Web应用程序项目在我的网页，可以检查服务器使用AJAX身份验证票证过期日期/时间。

I am trying to implement a Web Application Project where my web pages can check the server for the Authentication ticket expiration date/time using AJAX.

我使用窗体身份验证与slidingExpiration。

I am using Forms Authentication with slidingExpiration.

我碰到运行的问题是我无法弄清楚如何无需重新设定它检查值。我创建了一个简单的页面 - CheckExpiration.aspx - 下面是code背后：

The problem I run across is I can't figure out how to check the value without resetting it. I created a simple page - CheckExpiration.aspx - below is the code behind:

  private class AjaxResponse
  {
     public bool success;
     public string message;
     public string expirationDateTime;
     public string secondsRemaining;
     public string issueDate;
  }

  protected void Page_Load(object sender, EventArgs e)
  {
     AjaxResponse ar = new AjaxResponse();
     JavaScriptSerializer js = new JavaScriptSerializer();

     if (HttpContext.Current.User.Identity.IsAuthenticated)
     {
        FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
        string expiration = id.Ticket.Expiration.ToString();

        TimeSpan timeRemaining = id.Ticket.Expiration - DateTime.Now;

        ar.success = true;
        ar.expirationDateTime = expiration;
        ar.issueDate = id.Ticket.IssueDate.ToString();
        ar.secondsRemaining = timeRemaining.Minutes.ToString() + ":" + timeRemaining.Seconds.ToString();
     }
     else
     {
        ar.success = false;
        ar.message = "User not authenticated";
     }

     string output = js.Serialize(ar);
     Response.Write(js.Serialize(ar));

  }

我用ajax每秒调用从母版页此页面中我的申请。过去在认证有效期的中间点，过期被复位。

I call this page from the Master page in my application using ajax every second. Past the halfway point in the authentication expiration, the expiration gets reset.

我如何prevent这种行为？有什么我可以在可能的请求的头呢？

How do I prevent this behavior? Is there anything I can do in the header of the request maybe?

推荐答案

把你CheckExpiration.aspx页在它自己的应用和部署此作为主应用程序之下的虚拟目录。在该虚拟目录，配置slidingExpiration = FALSE。您code将工作，不过，当它得到下面一半的时间，直到过期将不能再生的车票。

Put your CheckExpiration.aspx page in its own application and deploy this as a virtual directory beneath your main application. In that virtual directory, configure slidingExpiration=false. Your code will work as-is but will not regenerate the ticket when it gets below half the time until expiration.

下面是我在一个快速的本地项目做以验证它的工作原理：

Here's what I did in a quick local project to verify that it works:

1. 创建一个新的Web应用程序AuthTest4并配置它的路径使用本地IIS服务器/ AuthTest4


2. 推门进去IIS，改变了计算机密钥设置/ AuthTest4取消选中所有的自动生成/隔离选项，并生成自己的的machineKey。


3. 创建一个空的Web应用程序ExpCheck，把你的CheckExpiration.aspx code在它


4. 配置的ExpCheck Web应用程序使用本地IIS虚拟目录/ AuthTest4 / ExpCheck


5. 修改如下ExpCheck应用程序的web.config中只有一节

ExpCheck web.config中。所有其他安全设置将会从父虚拟目录向下级联。

ExpCheck web.config. All other security settings will cascade down from the parent virtual directory.

<system.web>
  <authentication mode="Forms">
   <forms slidingExpiration="false" />
  </authentication>
</system.web>

这篇关于检查身份验证票证过期不影响它的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！