ASP.NET：为什么是空的FormsAuthenticationTicket认证超时后？ [英] ASP.NET: Why is FormsAuthenticationTicket null after authentication timeout?

问题描述

我实施每previous问题和矿山<答案的一个认证超时检测机​​制href=\"http://stackoverflow.com/questions/4402141/asp-net-how-to-detect-authentication-timeout\">here.我实现了使用的AuthenticateRequest事件来运行code捕捉认证周期是否已过期的HTTP模块。在code要做到这一点如下：

I'm implementing an authentication timeout detection mechanism per a previous question and answer of mine here. I've implemented an HTTP module that uses the AuthenticateRequest event to run code to capture whether the authentication period has expired. The code to do this is below:

public class AuthenticationModule : IHttpModule
{
    #region IHttpModule Members
    void IHttpModule.Dispose() { }
    void IHttpModule.Init(HttpApplication application)
    {
        application.AuthenticateRequest += new EventHandler(this.context_AuthenticateRequest);
    }
    #endregion


    /// <summary>
    /// Inspect the auth request...
    /// </summary>
    /// <remarks>See "How To Implement IPrincipal" in MSDN</remarks>
    private void context_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpApplication a = (HttpApplication)sender;
        HttpContext context = a.Context;

        // Extract the forms authentication cookie
        string cookieName = FormsAuthentication.FormsCookieName;
        HttpCookie authCookie = context.Request.Cookies[cookieName]; // no longer a forms cookie in this array once timeout has expired

        if (authCookie != null)
        {
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            DateTime expirationTime = authTicket.Expiration;
            // check if previously authenticated session is now dead
            if (authTicket != null && authTicket.Expired)
            {
                // send them a Response indicating that they've expired.
            }
        }
    }
}

的问题是，一旦认证期满（我将其设置为1分钟，以测试），不再有一个形式的Cookie（参见code注释）。这意味着身份验证Cookie将是无效的，我不会让它过去在我的code中的空检查。但是，有一个方便的过期属性一说的FormsAuthenticationTicket我觉得我应该检查，看看是否期已结束。但我怎么走到这一步如果cookie就不再出现？它是合理的假设，如果有不再是一个形式的cookie的认证期已过？

The problem is that, once the authentication period has expired (I set it to 1 min to test), there is no longer a forms cookie (see comment in code). This means that the authentication cookie will be null, and I won't make it past the null check in my code. But there's a convenient "Expired" property for a FormsAuthenticationTicket that I feel like I should be checking to see if the period is expired. But how do I get that far if the cookie is no longer there? Is it reasonable to assume the authentication period has expired if there's no longer a forms cookie?

任何帮助将是pciated这个AP $ P $。

Any help would be appreciated on this.

推荐答案

此行​​为是由System.Web.Security.FormsAuthenticationModule控制。这个模块检查票已过期并且在这种情况下，删除该cookie。

This behavior is controlled by the System.Web.Security.FormsAuthenticationModule. This module checks if the ticket is expired and in this case remove the cookie.

另请注意，此模块检查slidingExpiration选项，如果需要更新票证。

Note also that this module checks slidingExpiration option and if required renew the ticket.

所以，回到你的问题：

它是合理的假设，如果有不再是一个形式的cookie的认证期已过？

Is it reasonable to assume the authentication period has expired if there's no longer a forms cookie?

我想回应是肯定的。

这篇关于ASP.NET：为什么是空的FormsAuthenticationTicket认证超时后？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！