Windows身份验证超时 [英] Windows Authentication Timeout
本文介绍了Windows身份验证超时的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个使用Windows集成的ASP.NET应用程序
身份验证(IIS)(而不是表单身份验证)。
当用户首先登录到应用程序,IIS会提示用户输入他们的凭据。
一旦他们被认证,他们的凭据就会保持活动状态
网页浏览器已打开。
现在,我想要身份验证到超时在3分钟内。这样,如果他们在3分钟后浏览到另一个页面,则会提示他们再次重新输入
他们的凭据。
我知道在FormsAuthentication中,你可以解除验证。某人通过
调用FormsAuthentication.SignOut();在
Global.asax中的Session_End事件中。
是否有类似于Windows集成身份验证(IIS)的内容?
(我在类似的问题中发布了一个类似的问题:
microsoft.public.dotnet.framework.aspnet.security,但未能获得
获得一个好处请原谅我交叉发布这个问题,但是
我真的只需要知道它是否可能......)
谢谢。
- 请问G.
I have an ASP.NET application that is using Windows Integrated
Authentication (IIS) (as opposed to Forms Authentication).
When the user first logs into the application, IIS prompts the user for
their credentials.
Once they are "authenticated", their credentials remain active while their
web browser is open.
Now, I want the "authentication" to "timeout" in 3 minutes. This way if
they browse to another page after 3 minutes, they are prompted to "re-enter"
their credentials again.
I know that in FormsAuthentication, you can "de-authenticate" someone by
calling "FormsAuthentication.SignOut();" in the Session_End Event in
Global.asax.
Is there anyting like that for Windows Integrated Authentication (IIS)?
(I had posted a similar question in:
microsoft.public.dotnet.framework.aspnet.security, but have not been able to
get a good response. Please excuse me for cross-posting this question, but
I really just need to know if it is even possible...)
Thanks.
-- Will G.
推荐答案
当您使用集成安全性时,会为每个请求凭据
页面。浏览器只需尝试一次旧的登录名和密码即可查看
,如果它仍然有效。让浏览器重新启动只是回复401
错误。你必须记住你发送了401,否则他们永远不会再次进入
。
- 布鲁斯(sqlwork.com)
" Will Gillen" < g_i_l_l_e_0_0_1 _ @ _ n_s_u_o_k _._ e_d_u>在消息中写道
新闻:Ov ************** @ TK2MSFTNGP14.phx.gbl ...
|我有一个使用Windows集成的ASP.NET应用程序
|身份验证(IIS)(与表单身份验证相对)。
|
|当用户首次登录应用程序时,IIS会提示用户输入
|他们的凭据。
|一旦他们被认证,他们的凭证仍然有效,而他们的
|网页浏览器是开放的。
|
|现在,我想要身份验证到超时在3分钟内。这种方式如果
|他们在3分钟后浏览到另一页,他们被提示
重新输入
|他们的凭据再次。
|
|我知道在FormsAuthentication中,您可以取消身份验证。有人通过
|调用FormsAuthentication.SignOut();在
|中的Session_End事件中Global.asax。
|
| Windows集成身份验证(IIS)是否有类似的内容?
|
| (我在帖子中发布了一个类似的问题:
| microsoft.public.dotnet.framework.aspnet.security,但是还没有能够
到
|得到一个很好的回复。请原谅我交叉发布这个问题,
但是
|我真的只需要知道它是否可能...... )
|
|谢谢。
|
| - 请问G.
|
|
when you use integrated security, the credentials are requested for each
page. the browser just kindly tries the old login and password once to see
if it still works. to get the browser to reprompt just respond with a 401
error. you will have to remember that you sent the 401, or they will never
get in again.
-- bruce (sqlwork.com)
"Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u> wrote in message
news:Ov**************@TK2MSFTNGP14.phx.gbl...
| I have an ASP.NET application that is using Windows Integrated
| Authentication (IIS) (as opposed to Forms Authentication).
|
| When the user first logs into the application, IIS prompts the user for
| their credentials.
| Once they are "authenticated", their credentials remain active while their
| web browser is open.
|
| Now, I want the "authentication" to "timeout" in 3 minutes. This way if
| they browse to another page after 3 minutes, they are prompted to
"re-enter"
| their credentials again.
|
| I know that in FormsAuthentication, you can "de-authenticate" someone by
| calling "FormsAuthentication.SignOut();" in the Session_End Event in
| Global.asax.
|
| Is there anyting like that for Windows Integrated Authentication (IIS)?
|
| (I had posted a similar question in:
| microsoft.public.dotnet.framework.aspnet.security, but have not been able
to
| get a good response. Please excuse me for cross-posting this question,
but
| I really just need to know if it is even possible...)
|
| Thanks.
|
| -- Will G.
|
|
我想我理解你建议的方法。
但是,我必须做错事,因为现在我在FIRST请求期间被提示两次
。
然后超时(3分钟后)它确实重新提示我(是的,那正是我想要的那个价值)。
那么,我做错了什么导致它提示我两次在第一个
请求期间。
此代码位于我想要的页面的Page_Load()方法的顶部
保护:
如果context.Session.Item(" USEROBJ")什么都没有那么
如果context.Session.Item(" AUTH_PROMPT") = True然后
如果context.User.Identity.IsAuthenticated那么
context.Session.Add(" USEROBJ",context.User.Identity)
Else
Response.StatusCode = 401
结束如果
Else
context.Session.Add( " AUTH_PRO MPT",True)
Response.StatusCode = 401
结束如果
结束如果
布鲁斯巴克 <无*********** @ safeco.com>写在消息中
新闻:好的************** @ TK2MSFTNGP14.phx.gbl ...
I think I understand the approach you suggested.
But, I must be doing something wrong, because now I get prompted twice
during the FIRST request.
Then after the timeout (3 minutes) it does re-prompt me (YES, that''s exactly
what I was looking for).
So, what did I do wrong that causes it to prompt me twice during the First
request.
This code is at the top of the Page_Load() method of the page I want to
protect:
If context.Session.Item("USEROBJ") Is Nothing Then
If context.Session.Item("AUTH_PROMPT") = True Then
If context.User.Identity.IsAuthenticated Then
context.Session.Add("USEROBJ", context.User.Identity)
Else
Response.StatusCode = 401
End If
Else
context.Session.Add("AUTH_PROMPT", True)
Response.StatusCode = 401
End If
End If
"bruce barker" <no***********@safeco.com> wrote in message
news:Ok**************@TK2MSFTNGP14.phx.gbl...
当你使用集成安全性时,每个
页面都要求凭据。浏览器只需尝试一次旧的登录名和密码即可查看
是否仍然有效。让浏览器重新启动只是回复401
错误。你必须记住,你发送了401,否则他们将永远不会再次进入。
- 布鲁斯(sqlwork.com)
威尔吉伦 < g_i_l_l_e_0_0_1 _ @ _ n_s_u_o_k _._ e_d_u>在消息中写道
新闻:Ov ************** @ TK2MSFTNGP14.phx.gbl ...
|我有一个使用Windows集成的ASP.NET应用程序
|身份验证(IIS)(与表单身份验证相对)。
|
|当用户首次登录应用程序时,IIS会提示用户
|他们的凭据。
|一旦他们被认证,他们的凭证保持活动,而
他们的|网页浏览器是开放的。
|
|现在,我想要身份验证到超时在3分钟内。这种方式如果
|他们在3分钟后浏览到另一页,他们被提示
重新进入
|他们的凭据再次。
|
|我知道在FormsAuthentication中,您可以取消身份验证。有人通过
|调用FormsAuthentication.SignOut();在
|中的Session_End事件中Global.asax。
|
|有没有像Windows集成身份验证(IIS)那样的东西?
|
| (我在以下网址发布了一个类似的问题:
| microsoft.public.dotnet.framework.aspnet.security,但是没有得到
能够获得好的回复。请原谅我交叉发布这个问题,
但是我真的只需要知道它是否可能......)
|
|谢谢。
|
| - 请问G.
|
|
when you use integrated security, the credentials are requested for each
page. the browser just kindly tries the old login and password once to see
if it still works. to get the browser to reprompt just respond with a 401
error. you will have to remember that you sent the 401, or they will never
get in again.
-- bruce (sqlwork.com)
"Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u> wrote in message
news:Ov**************@TK2MSFTNGP14.phx.gbl...
| I have an ASP.NET application that is using Windows Integrated
| Authentication (IIS) (as opposed to Forms Authentication).
|
| When the user first logs into the application, IIS prompts the user for
| their credentials.
| Once they are "authenticated", their credentials remain active while their | web browser is open.
|
| Now, I want the "authentication" to "timeout" in 3 minutes. This way if
| they browse to another page after 3 minutes, they are prompted to
"re-enter"
| their credentials again.
|
| I know that in FormsAuthentication, you can "de-authenticate" someone by
| calling "FormsAuthentication.SignOut();" in the Session_End Event in
| Global.asax.
|
| Is there anyting like that for Windows Integrated Authentication (IIS)?
|
| (I had posted a similar question in:
| microsoft.public.dotnet.framework.aspnet.security, but have not been able to
| get a good response. Please excuse me for cross-posting this question,
but
| I really just need to know if it is even possible...)
|
| Thanks.
|
| -- Will G.
|
|
另一种方法是使用Javascript来超时在任何时候他们都会想要...
如果你对JS感兴趣,请告诉我!
" Will Gillen"写道:
Another way u could do this is to use Javascript to timeout at anytime they
u want..
If u are interested in JS let me know!
"Will Gillen" wrote:
我想我理解你建议的方法。
但是,我一定做错了,因为现在我在FIRST请求期间被提示两次
。
然后在超时(3分钟)之后它会重新提示我(是的,那正是我正在寻找的东西)。
所以,我做错了什么导致它在第一个
请求期间提示我两次。
此代码位于我想要保护的页面的Page_Load()方法的顶部:
如果context.Session.Item(" USEROBJ")是Nothing Then
如果context.Session.Item(" AUTH_PROMPT")= True则
如果context.User.Identity。 IsAuthenticated然后
context.Session.Add(" USEROBJ",context.User.Identity)
其他
Response.StatusCode = 401
结束如果
Else
context.Ses sion.Add(" AUTH_PROMPT",True)
Response.StatusCode = 401
结束如果
" bruce barker" <无*********** @ safeco.com>在消息中写道
新闻:Ok ************** @ TK2MSFTNGP14.phx.gbl ...
I think I understand the approach you suggested.
But, I must be doing something wrong, because now I get prompted twice
during the FIRST request.
Then after the timeout (3 minutes) it does re-prompt me (YES, that''s exactly
what I was looking for).
So, what did I do wrong that causes it to prompt me twice during the First
request.
This code is at the top of the Page_Load() method of the page I want to
protect:
If context.Session.Item("USEROBJ") Is Nothing Then
If context.Session.Item("AUTH_PROMPT") = True Then
If context.User.Identity.IsAuthenticated Then
context.Session.Add("USEROBJ", context.User.Identity)
Else
Response.StatusCode = 401
End If
Else
context.Session.Add("AUTH_PROMPT", True)
Response.StatusCode = 401
End If
End If
"bruce barker" <no***********@safeco.com> wrote in message
news:Ok**************@TK2MSFTNGP14.phx.gbl...
当您使用集成安全性时,凭据是每个
页面都要求。浏览器只需尝试一次旧的登录名和密码即可查看
是否仍然有效。让浏览器重新启动只是回复401
错误。你必须记住,你发送了401,否则他们将永远不会再次进入。
- 布鲁斯(sqlwork.com)
威尔吉伦 < g_i_l_l_e_0_0_1 _ @ _ n_s_u_o_k _._ e_d_u>在消息中写道
新闻:Ov ************** @ TK2MSFTNGP14.phx.gbl ...
|我有一个使用Windows集成的ASP.NET应用程序
|身份验证(IIS)(与表单身份验证相对)。
|
|当用户首次登录应用程序时,IIS会提示用户
|他们的凭据。
|一旦他们被认证,他们的凭证保持活动,而
when you use integrated security, the credentials are requested for each
page. the browser just kindly tries the old login and password once to see
if it still works. to get the browser to reprompt just respond with a 401
error. you will have to remember that you sent the 401, or they will never
get in again.
-- bruce (sqlwork.com)
"Will Gillen" <g_i_l_l_e_0_0_1_@_n_s_u_o_k_._e_d_u> wrote in message
news:Ov**************@TK2MSFTNGP14.phx.gbl...
| I have an ASP.NET application that is using Windows Integrated
| Authentication (IIS) (as opposed to Forms Authentication).
|
| When the user first logs into the application, IIS prompts the user for
| their credentials.
| Once they are "authenticated", their credentials remain active while
他们的
|网页浏览器是开放的。
|
|现在,我想要身份验证到超时在3分钟内。这种方式如果
|他们在3分钟后浏览到另一页,他们被提示
重新进入
|他们的凭据再次。
|
|我知道在FormsAuthentication中,您可以取消身份验证。有人通过
|调用FormsAuthentication.SignOut();在
|中的Session_End事件中Global.asax。
|
|有没有像Windows集成身份验证(IIS)那样的东西?
|
| (我在以下网址发布了一个类似的问题:
| microsoft.public.dotnet.framework.aspnet.security,但还没有
| web browser is open.
|
| Now, I want the "authentication" to "timeout" in 3 minutes. This way if
| they browse to another page after 3 minutes, they are prompted to
"re-enter"
| their credentials again.
|
| I know that in FormsAuthentication, you can "de-authenticate" someone by
| calling "FormsAuthentication.SignOut();" in the Session_End Event in
| Global.asax.
|
| Is there anyting like that for Windows Integrated Authentication (IIS)?
|
| (I had posted a similar question in:
| microsoft.public.dotnet.framework.aspnet.security, but have not been
能够
到
|得到一个很好的回复。请原谅我交叉发布这个问题,
但是我真的只需要知道它是否可能......)
|
|谢谢。
|
| - 请问G.
|
|
to
| get a good response. Please excuse me for cross-posting this question,
but
| I really just need to know if it is even possible...)
|
| Thanks.
|
| -- Will G.
|
|
这篇关于Windows身份验证超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
