如何在setInterval ajax Web服务调用中停止ASP.net表单身份验证/会话的续订? [英] How do I stop ASP.net forms authentication / session from renewing in setInterval ajax web service call?

问题描述

我有一个编写的控件，该控件具有javascript组件和Web服务组件.我遇到的问题是javascript设置为:

I have a control that i've written that has a javascript component and a web service component. The problem i'm having is that the javascript is set to do:

setInterval(this._checkAlertsHandler, this._messageCheckInterval * 1000);

这将调用一个函数，该函数将进行如下所示的网络服务调用:

This calls a function which makes a webservice call like so:

Alert.SiteAlertService.GetAlerts(this._receivedAlertsHandler, this._errorReceivedAlertsHandler);

因此，这是使用Web服务javascript代理方法来访问Web服务.问题在于我们的应用程序具有表单身份验证和超时值，因此，如果用户空闲时间过长，则会将其注销.

So this is using the web service javascript proxy methods to access the web service. The issue is that our application has forms authentication and a timeout value, so if the user is idle for too long it will log them out.

我的Web服务调用显然将包含会话和表单身份验证密钥的cookie发送到Web服务.然后，asp.net Web服务自动更新会话和表单身份验证.每次javascript命中Web服务时，它基本上都能使用户保持生命.我不希望出现这种情况，这应该只是为了避免这种情况，因此，即使此js攻击了Web服务以检查是否有新消息，如果用户没有对我们的应用程序进行回发(并且实际上是空闲的)，它将仍将其注销.这没有发生:(

My webservice call apparently sends the cookie which includes the session and the forms authentication key to the web service. The asp.net webservice then automatically renews the session AND the forms authentication. Everytime the javascript hits the web service it basically keeps the user alive. I do not want this behavior, this should just circumvent that, so that even though this js is hitting the web service to check for new messages, if the user hasn't done a postback on our application (and is effectively idle) it will still log them out. This isn't happening :(

我想发生的是，对Web服务的此间隔调用不会续订任何身份验证(我可以通过使用带有用户会话ID的字典键/值的应用程序级变量来解决会话续订问题，所以我不必须使用任何会话级变量).

What i would like to happen is this interval call to the web service does not renew any authentication (the session renewal i can get around by using an application level variable with dictionary key/value for the users session id, so i dont have to use any session level variables).

我该如何做/更改我的Web服务/或使控件按我希望的方式工作?

How do i do this / change my web service / or control to work like the way i want it?

推荐答案

我也在研究不同的方法.我这样做的一种方法是将其添加到Ajax服务端点:

I'm working on different approaches to this as well. One way I'm doing it is by adding this to the Ajax service endpoint:

// Hide the cookie so this call doesn't extend the user's ticket
HttpContext ctx = HttpContext.Current;
ctx.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

通过这种方式，您可以否定Auth Ticket续订，因为更新后的cookie永远不会使其返回客户端.

This way you can negate an Auth Ticket renewal, sine the updated cookie will never make it back to the client.

如果您有多个要排除的Ajax端点，则可以实现一个模块来识别这些端点，并包含从响应中删除cookie的代码.

If you have multiple Ajax endpoints that you want to exclude, a module can be implemented to identify those endpoints and include the code to remove the cookie from the response.

这篇关于如何在setInterval ajax Web服务调用中停止ASP.net表单身份验证/会话的续订?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！