在asp.net C＃中登录时使用session [英] Using session in login in asp.net C#

问题描述

我想创建一个网站，登录后会有两个表单登录。登录后，有效用户将被重定向到登录页面后。现在像许多网站（例如，way2sms.com ..）在登录页面之后没有超过30分钟（大约）的活动时，登录后的任何请求都会导致重定向到登录页面。



我使用的是asp.net C＃和SQL server 2005.



请帮帮我..



谢谢

Hi,


I want to create an website where there will be two forms login and after login. After login , the valid user will be redirected to after login page. Now like many websites(eg. way2sms.com..) when there is no activity for more than 30 min(approx.) in after login page,any request in after login would result a redirection to login page.

I am using asp.net C# and SQL server 2005.

Please help me..

Thanks

推荐答案

有一句格言，如果您需要询问关于手动滚动自己的安全性，那么你应该'写自己的安全。它比第一次出现要复杂得多，并且很容易（即使是经验丰富的手）引入安全漏洞。



我强烈建议你看看在 http://www.asp.net/web-forms/tutorials/security [ ^ ]和在这里视频 [ ^ ]。这些教程提供了概述，并使用安全提供程序（主要通过配置设置的可插入组件）。他们专注于提供双重好处的Sql提供程序：预定义的架构可以使用捆绑工具生成表格 [ ^ ]因此您不需要自己定义表格，并且提供程序已有详细记录。使用起来比较简单。我发现它们足以满足大多数基本需求。这包括超时可以配置为绝对（例如每30分钟）或滚动（30分钟不活动）



如果你没有SQL Server数据库，不需要一个或者已经拥有不同的角色/身份验证信息存储，您可以使用其他内置提供程序之一，或者将它们子类化以完全控制信息的访问方式。例如，我有一个场景，我们需要为Web用户提供基于SQL的帐户，并且需要使用域凭据登录内部人员。我对SQL提供程序进行了细分，对于使用域的人我通过Active Directory检查了他们在代码中的信用，对于Web用户，我只返回了基类的结果。

There is a maxim that, if you need to ask about hand-rolling your owns security, you shouldn't be writing your own security. It is much more complicated than it first appears, and it is very easy (even for an experienced hand) to introduce security holes.

I strongly suggest you take a look at http://www.asp.net/web-forms/tutorials/security[^] and videos here[^]. These tutorials give an overview, and uses security providers (pluggable components set up mostly by configuaration). They focus on the Sql providers which provides a double benefit: the pre-defined schema tables can be generated using a bundled tool[^] so you don't need to define the tables yourself, and the providers are well documented & relatively simple to use. I've found them good enough for most basic needs. This includes a time-out which can be configured to be absolute (e.g. every 30 mins) or rolling (after 30 mins of inactivity)

If you don't have an SQL Server DB, don't want one or already have a different role/auth information store you can use one of the other built in providers, or subclass them to take complete control over how the information is accessed. For example I had a scenario where we needed to have both SQL-based accounts for "web users" and internal people needing to log in with their domain credentials. I sub-classed the SQL providers and, for people using domain I checked their creds in code via Active Directory, for the Web users I just returned the results of the base class.

你必须在Global.asax类文件中使用全局变量和线程概念，以便它计算时间（滴答）..并在指定的时间后用户将自动注销..



单击此链接以获取更详细的解决方案

You must use a global variable and threading concept in a Global.asax class file so that it will count the time (tick).. and after specified amount of time user will be logged out automatically..

Click this Link for more detailed solution

您必须在Global.asax类文件中使用全局变量和线程概念，以便它将计算时间（滴答）..并在指定的时间后用户将自动注销..

You must use a global variable and threading concept in a Global.asax class file so that it will count the time (tick).. and after specified amount of time user will be logged out automatically..

这篇关于在asp.net C＃中登录时使用session的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！