在ASP.NET中如何处理表单认证超时异常？ [英] How can I handle forms authentication timeout exceptions in ASP.NET?

问题描述

如果会话已过期，并且用户点击指向另一个Webform的链接，asp.net验证将自动将用户重定向到登录页面。

但是，有些情况下用户没有点击链接到其他webforms。例如：在Gridview中编辑链接，当使用带有文本框的AutoCompleteExtender，并且应用程序尝试获取信息时，并且基本上，在每次发生回发时，并且事件不会由asp.net身份验证自动处理。

处理这些异常的最佳方法是什么？

更新：我刚刚修改问题标题：表单认证超时，而不是初始会话超时。感谢您让我意识到这种差异。

更新：我刚刚创建了一个新问题，我遇到的具体问题：如何处理因过期的身份验证故障单使用的异常UpdatePanel的？。令人惊讶的是，我没有找到太多的信息。我真的非常感谢你的帮助。

解决方案

这就是为什么很多系统都包含页面上的计时器来给出大致的超时时间。这是非常困难的互动页面。你真的需要钩住ajax函数并查看返回状态码，这有点困难。
一个替代方法是使用基于以下的代码，该代码早在页面生命周期中运行，并执行ajax重定向到登录页面。否则你会试图拦截来自ajax的返回代码，在asp.net中，ajax被完成为你（即不像jQuery那样更加手动的方法），你失去了这种易于检测的功能。

$ b $ a bref = .aspxrel =nofollow noreferrer> http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspx

一个快速的黑客你可以直接在pre_init
http://forums.asp.net/t/1193501.aspx

编辑
想要的是表单认证超时，而不是会话超时。形成auth超时以与会话超时不同的规模运行。每次请求会话超时更新。在一半时间之前，形式认证机票实际上并没有被更新。所以如果你的超时设置为一个小时，并在一个请求中发送25分钟，会话重置为一个小时超时，表单验证机不会触摸，并在35分钟内到期！要解决这个问题，请同步会话超时和表单身份验证。这样，您仍然可以检查会话超时。如果你不喜欢这个，那么还是 - 做下面的，并同步超时，然后解析auth票并阅读它的超时。您可以使用FormsAuthentication.Decrypt来执行此操作 - 请参阅：

从asp.net代码后面读取表单身份验证cookie

请注意，此代码需要在登录时设置一些会话值 - 在这种情况下，它是UniqueUserId。还可以更改下面的登录页面路径以适应您的需求。

  
 protected void Application_PreRequestHandlerExecute（object sender，EventArgs e）
 {
 //仅访问会话状态如果可用
 if（Context.Handler是IRequiresSessionState || Context.Handler是IReadOnlySessionState）
 {
 //如果我们被认证，我们在这里没有一个会话..重定向到登录页面。 
 HttpCookie authenticationCookie = Request.Cookies [FormsAuthentication.FormsCookieName]; 
 if（authenticationCookie！= null）
 {
 FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt（authenticationCookie.Value）; 
 if（！authenticationTicket.Expired）
 {
 if（Session [UniqueUserId] == null）
 {
 //这意味着由于某种原因会话在认证券之前过期。强制登录
 FormsAuthentication.SignOut（）; 
 Response.Redirect（Login.aspx，true）; 
返回; 
} 
} 
} 
} 
} 
  
 

If the session has expired and the user clicks on a link to another webform, the asp.net authentication automatically redirect the user to the login page.

However, there are cases when the user does not click on links to other webforms. For example: edit link in gridviews, when using AutoCompleteExtender with textboxes and the application attempts to get the information, and basically, in every case when a postback is done and the event is not automatically handled by the asp.net authentication.

What is the best way to handle these exceptions?

UPDATE: I have just modified the question title: forms authentication timeout, instead of the initial session timeout. Thanks for making me aware of this difference.

UPDATE: I have just created a new question with the specific problem I am facing: How to handle exception due to expired authentication ticket using UpdatePanel?. Surprisingly, I have not found much information about it. I would really appreciate your help.

解决方案

This is why many systems include timers on the page to give approximate timeout times. This is tough with interactive pages. You really need to hook ajax functions and look at the return status code, which is a bit difficult. One alternative is to use code based on the following which runs early in the page lifecycle and perform an ajax redirect to a login page. Otherwise you are stuck trying to intercept the return code from ajax and in asp.net where the ajax is done 'for you' (ie not a more manual method like jQuery) you lose this ease of detection.

http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspx

for a quick hack you can try it directly in pre_init http://forums.asp.net/t/1193501.aspx

Edit what is wanted are for forms auth timeouts, not session timeouts. Forms auth timeouts operate on a different scale than session timeouts. Session timeouts update with every request. Forms auth tickets aren't actually updated until half of the time goes by. So if you have timeouts set to an hour and send in one request 25 minutes into it, the session is reset to an hour timeout, the forms auth ticket isnt touched and expires in 35 minutes! To work around this, sync up the session timeout and the forms auth ticket. This way you can still just check session timeouts. If you don't like this then still - do the below and sync up the timeouts and then parse the auth ticket and read its timeout. You can do that using FormsAuthentication.Decrypt - see:

Read form authentication cookie from asp.net code behind

Note that this code requires that upon login you set some session value - in this case its "UniqueUserId". Also change the login page path below to fit yours.

protected void Application_PreRequestHandlerExecute(object sender, EventArgs e)
        {
            //Only access session state if it is available
            if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
            {
                //If we are authenticated AND we dont have a session here.. redirect to login page.
                HttpCookie authenticationCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
                if (authenticationCookie != null)
                {
                    FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt(authenticationCookie.Value);
                    if (!authenticationTicket.Expired)
                    {
                        if (Session["UniqueUserId"] == null)
                        {
                            //This means for some reason the session expired before the authentication ticket. Force a login.
                            FormsAuthentication.SignOut();
                            Response.Redirect("Login.aspx", true);
                            return;
                        }
                    }
                }
            }
        }

这篇关于在ASP.NET中如何处理表单认证超时异常？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！