检查身份验证票证过期不影响它 [英] Check authentication ticket expiration without affecting it
问题描述
我想实现一个Web应用程序项目在我的网页,可以检查服务器使用AJAX身份验证票证过期日期/时间。
I am trying to implement a Web Application Project where my web pages can check the server for the Authentication ticket expiration date/time using AJAX.
我使用窗体身份验证与slidingExpiration。
I am using Forms Authentication with slidingExpiration.
我碰到运行的问题是我无法弄清楚如何无需重新设定它检查值。我创建了一个简单的页面 - CheckExpiration.aspx - 下面是code背后:
The problem I run across is I can't figure out how to check the value without resetting it. I created a simple page - CheckExpiration.aspx - below is the code behind:
private class AjaxResponse
{
public bool success;
public string message;
public string expirationDateTime;
public string secondsRemaining;
public string issueDate;
}
protected void Page_Load(object sender, EventArgs e)
{
AjaxResponse ar = new AjaxResponse();
JavaScriptSerializer js = new JavaScriptSerializer();
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
string expiration = id.Ticket.Expiration.ToString();
TimeSpan timeRemaining = id.Ticket.Expiration - DateTime.Now;
ar.success = true;
ar.expirationDateTime = expiration;
ar.issueDate = id.Ticket.IssueDate.ToString();
ar.secondsRemaining = timeRemaining.Minutes.ToString() + ":" + timeRemaining.Seconds.ToString();
}
else
{
ar.success = false;
ar.message = "User not authenticated";
}
string output = js.Serialize(ar);
Response.Write(js.Serialize(ar));
}
我用ajax每秒调用从母版页此页面中我的申请。过去在认证有效期的中间点,过期被复位。
I call this page from the Master page in my application using ajax every second. Past the halfway point in the authentication expiration, the expiration gets reset.
我如何prevent这种行为?有什么我可以在可能的请求的头呢?
How do I prevent this behavior? Is there anything I can do in the header of the request maybe?
推荐答案
把你CheckExpiration.aspx页在它自己的应用和部署此作为主应用程序之下的虚拟目录。在该虚拟目录,配置slidingExpiration = FALSE。您code将工作,不过,当它得到下面一半的时间,直到过期将不能再生的车票。
Put your CheckExpiration.aspx page in its own application and deploy this as a virtual directory beneath your main application. In that virtual directory, configure slidingExpiration=false. Your code will work as-is but will not regenerate the ticket when it gets below half the time until expiration.
下面是我在一个快速的本地项目做以验证它的工作原理:
Here's what I did in a quick local project to verify that it works:
- 创建一个新的Web应用程序AuthTest4并配置它的路径使用本地IIS服务器/ AuthTest4
- 推门进去IIS,改变了计算机密钥设置/ AuthTest4取消选中所有的自动生成/隔离选项,并生成自己的的machineKey。
- 创建一个空的Web应用程序ExpCheck,把你的CheckExpiration.aspx code在它
- 配置的ExpCheck Web应用程序使用本地IIS虚拟目录/ AuthTest4 / ExpCheck
- 修改如下ExpCheck应用程序的web.config中只有一节
ExpCheck web.config中。所有其他安全设置将会从父虚拟目录向下级联。
ExpCheck web.config. All other security settings will cascade down from the parent virtual directory.
<system.web>
<authentication mode="Forms">
<forms slidingExpiration="false" />
</authentication>
</system.web>
这篇关于检查身份验证票证过期不影响它的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!