超时在ASP.Net MVC FormsAuthentication不工作 [英] Timeout not working in ASP.Net MVC FormsAuthentication
问题描述
我使用FormsAuthentication,我有问题设置的超时值。
I'm using FormsAuthentication, I'm having problems setting the TimeOut value.
我已经看到了与此相关的一些其他职位,但他们似乎并不正好我的问题或建议没有帮助解决。
I've seen some other posts related to this, but they don't seem to be exactly my problem or the solution suggested doesn't help.
我的web.config中有以下内容:
My web.config has the following:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn"
timeout="1"
cookieless="UseCookies" />
</authentication>
我已经把一个AuthorizeAttribute上,我要保护的控制器。
I have put an AuthorizeAttribute on the controllers that I want to secure.
我可以查看.ASPXAUTH饼干(使用FireCookies),我可以看到它被设置登录后,在1分钟内到期。
I can view the .ASPXAUTH cookie (using FireCookies) and I can see that it is set to expire in 1 minute after a login.
如果我通过我的code调试我可以看到FormsAuthentication.Timeout = 1。
If I debug through my code I can see that FormsAuthentication.Timeout = 1.
不过我的票似乎并没有在1分钟内超时。不活动1分钟后,我仍然可以浏览到与AuthorizeAttribute控制器。
However my ticket doesn't seem to timeout in 1 minute. After 1 minute of inactivity I can still browse to controllers with AuthorizeAttribute.
其实我其实可以删除使用FireCookies的.ASPXAUTH饼干,我仍然可以浏览到控制器与AuthorizeAttribute。
In fact I can actually delete the .ASPXAUTH cookie using FireCookies and I can still browse to controllers with an AuthorizeAttribute.
奇怪的是不活动的很长一段时间(很抱歉没有一个确切的时间! - 我在外面吃午饭)后出现超时,我重定向
登录屏幕。
Bizarrely after being inactive for a long time (sorry don't have an exact time - I was out for lunch!) the TimeOut occurs and I am redirected to the login screen.
任何想法?
推荐答案
的我也有同样的问题。其实,这是约,因为我不能读取JavaScript中的窗体身份验证cookie,这是一段时间后,未定义。我只是想知道,如果我是通过javascript。验证的
I too had the same problem. Actually, it came about because I could not read the forms authentication cookie from javascript, it was after a while undefined. I just wanted to know if I was authenticated via javascript.
的后来我发现,机票已经过期了,但我没有得到登出(也。所以我想解决这个太)!我看到你的问题没有得到回答,所以我保留了它打开,而我的工作我的问题了半天。以下是我想出了似乎是工作。的
我的回答是基于这个答案。 http://stackoverflow.com/a/454639/511438 通过用户的斯科茨
My Answer is based on this answer. http://stackoverflow.com/a/454639/511438 by user ScottS
这是在我的ASP.NET MVC 3项目。
This is in my ASP.NET MVC 3 project.
下面是我的登录code。没有显示出来,面前的自定义用户身份验证逻辑。这只是设置了初始票据。
Here is my login code. Not shown, the custom user authentication logic before it. This just sets the initial ticket.
公共类FormsAuthenticationService:IFormsAuthentication
public void SignIn(string userName, bool createPersistentCookie, string role)
{
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, // version
userName, // user name
DateTime.Now, // created
DateTime.Now.Add(FormsAuthentication.Timeout), // expires
false, // rememberMe?
role // can be used to store roles
);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
HttpContext.Current.Response.Cookies.Add(authCookie);
}
在同一个班,但是是从Global.asax的
in the same class but a static method that is accessed from global.asax
//-- this is based on http://stackoverflow.com/questions/454616/asp-net-cookies-authentication-and-session-timeouts
internal static FormsAuthenticationTicket RefreshLoginCookie(bool retainCurrentExpiry)
{
HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null || authCookie.Value == null)
return null;
FormsAuthenticationTicket oldTicket = FormsAuthentication.Decrypt(authCookie.Value);
DateTime expiryDate = (retainCurrentExpiry ? oldTicket.Expiration : DateTime.Now.Add(FormsAuthentication.Timeout));
HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
var newTicket = new FormsAuthenticationTicket(oldTicket.Version, oldTicket.Name, oldTicket.IssueDate, expiryDate,
oldTicket.IsPersistent, oldTicket.UserData, oldTicket.CookiePath);
HttpCookie newAuthCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newTicket));
HttpContext.Current.Response.Cookies.Add(newAuthCookie);
return newTicket;
}
的Global.asax
我来定制的Ajax请求不刷新窗体身份验证票。所以,如果你坐在那里的超时时间,一个Ajax请求将您注销。改变,如果你想Ajax请求,以保持活票(针对我的javascript的cookie的问题,不是你的注销闲置的问题)。
*(提示,如果你被注销,然后登录,但回到登录页面再次,第一次登录没有也许指定查询字符串一个RETURNURL)。 *
My customization comes that ajax requests do not refresh the forms authentication ticket. So if you sit there for the timeout period, an ajax request will log you out. Change that if you want ajax requests to keep the ticket alive (addresses my javascript cookie issue, not your logout inactivity issue). *(tip, if you get logged out, then login, but come back to the login page again, the first login did not specify a returnUrl in the querystring perhaps). *
protected virtual void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null || authCookie.Value == "")
{
return;
}
bool isAjax = new HttpRequestWrapper(System.Web.HttpContext.Current.Request).IsAjaxRequest();
FormsAuthenticationTicket authTicket;
try
{
//-- THIS IS WHAT YOU WANT
authTicket = FormsAuthenticationService.RefreshLoginCookie(isAjax);
}
catch
{
return;
}
string[] roles = authTicket.UserData.Split(';');
if (Context.User != null) Context.User = new GenericPrincipal(Context.User.Identity, roles);
}
的Web.config
这里是我设置的一部分,会话超时和门票超时
Web.config here is the part where i set session timeout and ticket timeout
<configuration>
<system.web>
<sessionState mode="InProc" timeout="60" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="60" name="ProviderMvcSession" cookieless="UseCookies" />
</authentication>
这篇关于超时在ASP.Net MVC FormsAuthentication不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
