如何处理在ASP.NET窗体身份验证超时异常？ [英] How can I handle forms authentication timeout exceptions in ASP.NET?

问题描述

如果会话已过期，用户点击一个链接到另一个网络表单中，asp.net验证自动将用户重定向到登录页面。

If the session has expired and the user clicks on a link to another webform, the asp.net authentication automatically redirect the user to the login page.

然而，有些时候用户不点击链接到其他web表单的情况下。例如：在GridView的编辑链接，使用AutoCompleteExtender时文本框和应用程序试图得到的信息，基本上，在任何情况下，当一回发完成，而该事件不会自动asp.net认证处理。

However, there are cases when the user does not click on links to other webforms. For example: edit link in gridviews, when using AutoCompleteExtender with textboxes and the application attempts to get the information, and basically, in every case when a postback is done and the event is not automatically handled by the asp.net authentication.

什么是处理这些异常的最好方法是什么？

What is the best way to handle these exceptions?

更新：我刚才修改的问题题：窗体身份验证超时，而不是初始的会话超时。谢谢你让我知道这种差异。

UPDATE: I have just modified the question title: forms authentication timeout, instead of the initial session timeout. Thanks for making me aware of this difference.

更新：我刚刚创建与我面临的具体问题提供了新的问题：<一href="http://stackoverflow.com/questions/7597854/due-to-expired-authentication-ticket-i-am-getting-error-sys-webforms-pagerequest">Due过期身份验证票证我得到错误：Sys.WebForms.PageRequestManagerServerErrorException 12031（通过的UpdatePanel）。出人意料的是，我还没有找到关于它的信息。我真的AP preciate你的帮助。

UPDATE: I have just created a new question with the specific problem I am facing: Due to expired authentication ticket I am getting Error: Sys.WebForms.PageRequestManagerServerErrorException 12031 (using UpdatePanel). Surprisingly, I have not found much information about it. I would really appreciate your help.

推荐答案

这就是为什么许多系统包括页面上的计时器给近似的超时时间。这是一个艰难的交互式网页。你真的需要挂钩AJAX功能，并期待在返回状态code，这是一个有点困难。 一个替代方案是使用基于这在页面生命周期的早期运行以下code和执行一个Ajax重定向到登录页面。否则，你被卡住试图从阿贾克斯和asp.net拦截返回code其中阿贾克斯完成'你'（即不是一个更手动方法像jQuery），你失去了这个方便的检测。

This is why many systems include timers on the page to give approximate timeout times. This is tough with interactive pages. You really need to hook ajax functions and look at the return status code, which is a bit difficult. One alternative is to use code based on the following which runs early in the page lifecycle and perform an ajax redirect to a login page. Otherwise you are stuck trying to intercept the return code from ajax and in asp.net where the ajax is done 'for you' (ie not a more manual method like jQuery) you lose this ease of detection.

<一个href="http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspx">http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspx

对于一个快速的黑客，你可以尝试直接在pre_init http://forums.asp.net/t/1193501.aspx

for a quick hack you can try it directly in pre_init http://forums.asp.net/t/1193501.aspx

修改 什么都想对窗体身份验证超时，没有会话超时。窗体身份验证超时在不同的规模比会话超时工作。会话超时每个请求更新。窗体身份验证票证实际上并没有更新，直到一半的时间的流逝。所以，如果你有设置为一个小时25分钟发送一个请求到它超时，会话被重置为一个小时的超时，心不是感动，并在35分钟内到期的窗体身份验证票！要解决此问题，同步建立会话超时和窗体身份验证票证。这样，你仍然可以只检查会话超时。如果你不喜欢这种话还是 - 做以下并同步了超时，然后解析身份验证票证并读取其超时。你可以做到这一点使用FormsAuthentication.Decrypt - 见：

Edit what is wanted are for forms auth timeouts, not session timeouts. Forms auth timeouts operate on a different scale than session timeouts. Session timeouts update with every request. Forms auth tickets aren't actually updated until half of the time goes by. So if you have timeouts set to an hour and send in one request 25 minutes into it, the session is reset to an hour timeout, the forms auth ticket isnt touched and expires in 35 minutes! To work around this, sync up the session timeout and the forms auth ticket. This way you can still just check session timeouts. If you don't like this then still - do the below and sync up the timeouts and then parse the auth ticket and read its timeout. You can do that using FormsAuthentication.Decrypt - see:

<一个href="http://stackoverflow.com/questions/7220184/read-form-authentication-cookie-from-asp-net-$c$c-behind">Read从asp.net code形式的身份验证Cookie背后

请注意，此code的需要的是在登录时设置的一些会议的价值 - 在这种情况下，它的UniqueUserId。同时改变下面的登录页面的路径，以适应你的。

Note that this code requires that upon login you set some session value - in this case its "UniqueUserId". Also change the login page path below to fit yours.

protected void Application_PreRequestHandlerExecute(object sender, EventArgs e)
        {
            //Only access session state if it is available
            if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
            {
                //If we are authenticated AND we dont have a session here.. redirect to login page.
                HttpCookie authenticationCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
                if (authenticationCookie != null)
                {
                    FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt(authenticationCookie.Value);
                    if (!authenticationTicket.Expired)
                    {
                        if (Session["UniqueUserId"] == null)
                        {
                            //This means for some reason the session expired before the authentication ticket. Force a login.
                            FormsAuthentication.SignOut();
                            Response.Redirect("Login.aspx", true);
                            return;
                        }
                    }
                }
            }
        }

这篇关于如何处理在ASP.NET窗体身份验证超时异常？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！