ASP.NET无效服务器FormsAuthentication端 [英] Invalidating ASP.NET FormsAuthentication server side
问题描述
我与FormsAuthentication尝试(使用ASP.NET MVC2),并且它的工作相当不错。
I am experimenting with FormsAuthentication (using ASP.NET MVC2) and it is working fairly well.
然而,一个情况下,我无法工作,如何处理正在验证服务器上的用户身份,以确保它仍然是有效的从的服务器的视角。
However, one case I can't work out how to deal with is validating the user identity on the server to ensure it is still valid from the server's perspective.
如:
- 在...用户登录得到一个cookie /票务
- 带外的用户在服务器端删除
- 用户向服务器的新请求。 HttpContext.User.Identity.Name设置为删除的用户。
我的检测的这一优良,但什么是处理它的正确方法?调用 FormsAuthentication.SignOut 在 OnAuthorization 在 OnActionExecuting 事件是太晚影响当前的要求。
I can detect this fine, but what is the correct way to handle it? Calling FormsAuthentication.SignOut in the OnAuthorization on OnActionExecuting events is too late to affect the current request.
另外我希望能够将呼叫FormsAuthentication.InvalidateUser(...),当用户被删除(或数据库重建)无效的所有门票给定(或全部)用户。但我不能找到一个API来做到这一点。
Alternatively I would like to be able to calls FormsAuthentication.InvalidateUser(...) when the user is deleted (or database recreated) to invalidate all tickets for a given (or all) users. But I can't find an API to do this.
推荐答案
在Global.asax,增加对的AuthenticateRequest 的处理程序。在这种方法中,窗体身份验证已经发生了,你可以自由地修改当前的主要别的发生之前。
In the global.asax, add an handler for AuthenticateRequest. In this method, the forms authentication has already taken place and you're free to modify the current principal before anything else happens.
protected void Application_AuthenticateRequest(object sender, EventArgs e) {
IPrincipal principal = HttpContext.Current.User;
if (!UserStillValid(principal)) {
IPrincipal anonymousPrincipal = new GenericPrincipal(new GenericIdentity(String.Empty), null);
Thread.CurrentPrincipal = anonymousPrincipal;
HttpContext.Current.User = anonymousPrincipal;
}
}
就贯彻落实 UserStillValid 方法,你就大功告成了。这也是一个自定义的交换通用的本金,如果你需要的好地方。
Just implement the UserStillValid method and you're done. It's also a good place to swap the generic principal with a custom one if you need to.
这篇关于ASP.NET无效服务器FormsAuthentication端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
