表单身份验证和ASP.NET成员身份的奇怪行为 [英] Weird behavior for Form Authentication and ASP.NET membership
问题描述
我的网站在使用系统后大约5到7天后继续将登录用户推送到登录页面,在IIS重置后问题暂时解决,并在5到7天后又返回。
我有:
-
ASP.NET网站构建于.net framework 4.0 / c#
-
Web.config配置如下:
< 会员
defaultProvider = " AspNetSqlMembershipProvider " >
< providers >
< 清除
/>
< add
名称 = " AspNetSqlMembershipProvider "
type = " System.Web.Security.SqlMembershipProvider,System.Web,Version = 2.0.0.0,Culture = neutral,PublicKeyToken = b03f5f7f11d50a3a " ;
connectionStringName = " ; LocalSqlServer "
enablePasswordRetrieval = " false "
enablePasswordReset = " true "
requiresQuestionAndAnswer = " false "
applicationName = " / "
requiresUniqueEmail = " false "
passwordFormat = " 散列"
maxInvalidPasswordAttempts
minRequiredPasswordLength = " 3 "
minRequiredNonalphanumericCharacters = " 0 "
passwordAttemptWindow = " 10 "
passwordStrengthRegularExpression = "" />
< / 供应商 >
< / 会员 >
< roleManager
启用 = " true " >
< 供应商 >
< 清除
/>
< 添加
connectionStringName = " LocalSqlServer "
applicationName = " / "
名称 = " AspNetSqlRoleProvider "
type = " System.Web.Security.SqlRoleProvider,System.Web,Version = 2.0.0.0,Culture = neutral,PublicKeyToken = b03f5f7f11d50a3a " ; />
< / 供应商 >
< / roleManager >
< 认证
模式 = " 表格" >
< 表格
名称 = " EmsgCookie "
loginUrl = " 〜/ Pages / Login.aspx " < span style ="color:blue">
defaultUrl = " < span style ="color:blue">〜/ Pages / Index.aspx "
路径 = " / "
保护 = " 无"
timeout = " 30 "
requireSSL = " false "
slidingExpiration = " true "
无Cookie = " UseCookies "
enableCrossAppRedirects = " false " />
< p style ="margin-bottom:0in;边距:.0001pt;行高:正常; text-autospace:none">
< / 认证 >
< 授权 >
< 拒绝
用户 = " ?"
/>
< / 授权 >
< 身份
impersonate = " true "
/>
< machineKey
解密 = " 自动"
decryptionKey = " AutoGenerate "
验证 = " AES "
validationKey = " 87BB180885B7EBE60ED5E648ED4AC7A023257B65E6F401CB4C32268F778CC3AFE9372D4A1668288506943C5AF846A2FD81513DA1D25CB1D83BF3ACD77C7E7640 "
/>
< sessionState
模式 = " InProc "
cookieless = " false "
超时 = " 600 "
sessionIDManagerType = " BotDetect.Web.CustomSessionIdManager,BotDetect " />
您应该将此问题发布到
http://forums.asp.net/25.aspx/1?Security 或搜索那些论坛,如果已经有可能有帮助的话你
My web site is keep pushing the logged in users out to login page after around 5 to 7 days from using the system, where the problem resolved temporarily after making IIS-Reset and return back after another 5 to 7 days.
I have:
- ASP.NET web site built on .net framework 4.0/c#
- Web.config configuration as below:
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="3" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="LocalSqlServer" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms name="EmsgCookie" loginUrl="~/Pages/Login.aspx" defaultUrl="~/Pages/Index.aspx" path="/" protection="None" timeout="30" requireSSL="false" slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="true" />
<machineKey decryption="Auto" decryptionKey="AutoGenerate" validation="AES" validationKey="87BB180885B7EBE60ED5E648ED4AC7A023257B65E6F401CB4C32268F778CC3AFE9372D4A1668288506943C5AF846A2FD81513DA1D25CB1D83BF3ACD77C7E7640" />
<sessionState mode="InProc" cookieless="false" timeout="600" sessionIDManagerType="BotDetect.Web.CustomSessionIdManager, BotDetect" />
You should post this question to ASP.NET security forums at http://forums.asp.net/25.aspx/1?Security or search those forums if there already is something that might help you.
这篇关于表单身份验证和ASP.NET成员身份的奇怪行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!