ASP.NET无效服务器FormsAuthentication端 [英] Invalidating ASP.NET FormsAuthentication server side
问题描述
我与FormsAuthentication尝试(使用ASP.NET MVC2),并且它的工作相当不错。
I am experimenting with FormsAuthentication (using ASP.NET MVC2) and it is working fairly well.
然而,一个情况下,我无法工作,如何处理正在验证服务器上的用户身份,以确保它仍然是有效的从的服务器的视角。
However, one case I can't work out how to deal with is validating the user identity on the server to ensure it is still valid from the server's perspective.
如:
- 在...用户登录得到一个cookie /票务
- 带外的用户在服务器端删除
- 用户向服务器的新请求。 HttpContext.User.Identity.Name设置为删除的用户。
我的检测的这一优良,但什么是处理它的正确方法?调用 FormsAuthentication.SignOut
在 OnAuthorization
在 OnActionExecuting
事件是太晚影响当前的要求。
I can detect this fine, but what is the correct way to handle it? Calling FormsAuthentication.SignOut
in the OnAuthorization
on OnActionExecuting
events is too late to affect the current request.
另外我希望能够将呼叫FormsAuthentication.InvalidateUser(...),当用户被删除(或数据库重建)无效的所有门票给定(或全部)用户。但我不能找到一个API来做到这一点。
Alternatively I would like to be able to calls FormsAuthentication.InvalidateUser(...) when the user is deleted (or database recreated) to invalidate all tickets for a given (or all) users. But I can't find an API to do this.
推荐答案
在Global.asax,增加对的AuthenticateRequest
的处理程序。在这种方法中,窗体身份验证已经发生了,你可以自由地修改当前的主要别的发生之前。
In the global.asax, add an handler for AuthenticateRequest
. In this method, the forms authentication has already taken place and you're free to modify the current principal before anything else happens.
protected void Application_AuthenticateRequest(object sender, EventArgs e) {
IPrincipal principal = HttpContext.Current.User;
if (!UserStillValid(principal)) {
IPrincipal anonymousPrincipal = new GenericPrincipal(new GenericIdentity(String.Empty), null);
Thread.CurrentPrincipal = anonymousPrincipal;
HttpContext.Current.User = anonymousPrincipal;
}
}
就贯彻落实 UserStillValid
方法,你就大功告成了。这也是一个自定义的交换通用的本金,如果你需要的好地方。
Just implement the UserStillValid
method and you're done. It's also a good place to swap the generic principal with a custom one if you need to.
这篇关于ASP.NET无效服务器FormsAuthentication端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!