ASP.NET/IIS:注销所有用户 [英] ASP.NET/IIS: Log out all users
问题描述
在IIS上运行的ASP.NET 3.5应用程序,我如何强制所有当前登录和身份验证的用户解除认证?
In an ASP.NET 3.5 application running on IIS, how do I force a "deauthentication" of all currently logged-in and authenticated users?
IISRESET
似乎没有这样的伎俩!
iisreset
didn't seem to do the trick!
推荐答案
ASP.NET验证的设计是有弹性的一个IISRESET由于其使用cookies - 执行IISRESET将清除所有内存信息,但未来时间用户请求您网站上的一个页面,他们将派出他们的认证令牌,该令牌(如果它没有超时)仍然有效,服务器将重新验证他们的身份。
ASP.NET authentication is designed to be resilient to an IISReset due to its use of cookies - performing an IISReset will clear any in-memory information, but the next time a user asks for a page on your site, they will send their authentication token, which (if it hasn't timed out) will still be valid, and the server will re-authenticate them.
您可以编写存储应用中的Application_Start一个全局变量的开始时间,然后比较用户与该值LastActivityDate的东西重新启动后,将有效地注销用户通过(例如) - 如果它开始前的时候,那么你就可以Application_SessionStart或期间的Application_BeginRequest调用相应的注销方法。
You could write something that would effectively log out the user after a restart, by (for example) storing the application start time in a global variable in Application_Start, and then comparing the users LastActivityDate with that value - if it's before the start time, then you can call the appropriate sign-out method during Application_SessionStart or Application_BeginRequest.
这篇关于ASP.NET/IIS:注销所有用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!