ASP.NET/IIS：注销所有用户 [英] ASP.NET/IIS: Log out all users

问题描述

在IIS上运行的ASP.NET 3.5应用程序，我如何强制所有当前登录和身份验证的用户解除认证？

In an ASP.NET 3.5 application running on IIS, how do I force a "deauthentication" of all currently logged-in and authenticated users?

IISRESET 似乎没有这样的伎俩！

iisreset didn't seem to do the trick!

推荐答案

ASP.NET验证的设计是有弹性的一个IISRESET由于其使用cookies - 执行IISRESET将清除所有内存信息，但未来时间用户请求您网站上的一个页面，他们将派出他们的认证令牌，该令牌（如果它没有超时）仍然有效，服务器将重新验证他们的身份。

ASP.NET authentication is designed to be resilient to an IISReset due to its use of cookies - performing an IISReset will clear any in-memory information, but the next time a user asks for a page on your site, they will send their authentication token, which (if it hasn't timed out) will still be valid, and the server will re-authenticate them.

您可以编写存储应用中的Application_Start一个全局变量的开始时间，然后比较用户与该值LastActivityDate的东西重新启动后，将有效地注销用户通过（例如） - 如果它开始前的时候，那么你就可以Application_SessionStart或期间的Application_BeginRequest调用相应的注销方法。

You could write something that would effectively log out the user after a restart, by (for example) storing the application start time in a global variable in Application_Start, and then comparing the users LastActivityDate with that value - if it's before the start time, then you can call the appropriate sign-out method during Application_SessionStart or Application_BeginRequest.

这篇关于ASP.NET/IIS：注销所有用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！