ASP.NET验证滑动到期时间定制票 [英] ASP.NET Authentication sliding expiry time on custom ticket

问题描述

我用下面的code创造我自己的身份验证票证：

I am creating my own authentication ticket using the following code:

string formsCookieStr = string.Empty;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
            1,                              // version
            username,                       // user name
            DateTime.Now,                   // issue time
            DateTime.Now.AddMinutes(30),    // expires
            false,                          // Persistence
            userRoleData                    // user data
    );
formsCookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, formsCookieStr);
HttpContext.Response.Cookies.Add(FormsCookie);

我要到期成为一个滑动过期 - 每个客户端发送一个请求，那么到期应复位到30分钟的时间。不过，我只是创造了票时，在用户首次登录。ASP.NET会自动保持滑动到期时间对我来说，还是我需要做的事情'手动'来实现滑动过期？

I want the expiration to be a sliding expiration - each time the client sends a request then the expiration should be reset to 30 mins. However, I'm only creating the ticket when the user first logs in. Will ASP.NET automatically keep sliding the expiry time for me, or do I need to do something 'manually' to implement the sliding expiration?

推荐答案

这是在形式配置 web.config中的部分。滑动过期的工作方式是，对每个请求ASP.NET引擎通过增加超时重写身份验证Cookie：

That's configured in the forms section of web.config. The way sliding expiration works is that on each request the ASP.NET engine rewrites the authentication cookie by incrementing the timeout:

<authentication mode="Forms">
  <forms 
      loginUrl="~/Account/LogOn" 
      timeout="2880" 
      slidingExpiration="true" 
  />
</authentication>

不过请注意，启用滑动过期是认为在 ASP.NET安全的做法不好的事情之一实践的。

这篇关于ASP.NET验证滑动到期时间定制票的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！