ASP.NET MVC了rememberMe [英] ASP.NET MVC RememberMe
问题描述
搜索了很多之后,我没有得到任何答案,最后我只好回到你。下面我很解释我的具体问题。它太长了,所以请不要放弃读书。我在简单的语言解释了我的问题。
After searching a lot i did not get any answers and finally i had to get back to you. Below i am explaining my problem in detail. It's too long, so please don't quit reading. I have explained my problem in simple language.
我一直在开发一个asp.net MVC项目。
我使用标准ASP.NET角色和成员。
一切正常,但记得我的功能并没有在所有的工作。
我列出工作的所有细节。希望你们能帮助我解决这个问题。
I have been developing an asp.net mvc project. I am using standard ASP.NET roles and membership. Everything is working fine but the remember me functionality doesn't work at all. I am listing all the details of work. Hope you guys can help me out solve this problem.
我只是需要这样的:
我需要用户登录到Web应用程序。在登录过程中,他们可以登录使用记得我还是离不开它。
如果在用户登录记得我,我要浏览器记住他们很长一段时间,让我们说ATLEAST一年,或相当长的时间。他们这样做的方式www.dotnetspider.com,WWW。codeproject.com,www.daniweb.com和其他许多网站。
如果没有用户登录记得我,然后浏览器应该允许访问的网站约20 -30分钟,他们应该会后到期。他们的会议也应到期时,在用户登录并关闭浏览器未注销。
I need user to login to web application. During login they can either login with remember me or without it. If user logs in with remember me, i want browser to remember them for long time, let's say atleast one year or considerably long time. The way they do it in www.dotnetspider.com,www.codeproject.com,www.daniweb.com and many other sites. If user logs in without remember me, then browser should allow access to website for some 20 -30 minutes and after that their session should expire. Their session should also expire when user logs in and shuts down the browser without logging out.
注:我已成功上述功能实现,而不使用标准的asp.net角色和会员创造我自己的talbes用户和认证对我的数据库表,在我的其他项目设置的cookie和会话。但是,对于这个项目,我们从一开始就使用的标准asp.net角色和成员开始。我们认为它会工作,一切都在经过测试它的时间为构建只是没有工作。现在我们不能用自己的自定义用户表和所有的东西代替标准asp.net角色和成员现有的功能,你明白我约达灵
Note: I have succesfully implemented above functionality without using standard asp.net roles and membership by creating my own talbes for user and authenticating against my database table, setting cookie and sessions in my other projects. But for this project we starting from the beginning used standard asp.net roles and membership. We thought it will work and after everything was build at the time of testing it just didn't work. and now we cannot replace the existing functionality with standard asp.net roles and membership with my own custom user tables and all the stuff, you understand what i am taling about.
要么有某种标准的asp.net的角色和功能的成员的bug或我有标准asp.net的作用和会员错误的整个概念。我已经说了什么,我想以上。我认为这是非常简单的,合理的。
Either there is some kind of bug with standard asp.net roles and membership functionality or i have the whole concept of standard asp.net roles and membership wrong. i have stated what i want above. I think it's very simple and reasonable.
我做什么
- 登录表单输入帐号,密码并记住我字段。
- 我在web.config中设置:
<身份验证模式=表格>
<形式loginUrl =〜/帐号/登录超时=2880/>
< /认证>
-
在我的控制器动作,我有这样的:
- Login form with username,password and remember me field.
- My setting in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication> in My controller action, i have this:
FormsAuth.SignIn(用户名,与rememberMe);
FormsAuth.SignIn(userName, rememberMe);
公共无效签到(用户名字符串,布尔createPersistentCookie)
{
FormsAuthentication.SetAuthCookie(用户名,createPersistentCookie);
}
public void SignIn(string userName, bool createPersistentCookie) { FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); }
现在的问题如下:
我在上一节已经指出,我只是需要这个。
用户可以成功登录到系统中。在web.config中的超时值指定为尽可能多分钟,他们的会话存在。我也给我的web.config的样本。在我samplem如果我超时设置为5分钟,那么用户会话超时5分钟后,这是确定。但是,如果用户关闭浏览器,然后重新打开浏览器时,用户仍然可以在超时规定的时间,直到进入本网站不洛并没有晕过去了。对于超时值可调过期也工作正常。现在,如果在与系统用户登录记得我签,用户会话仍然在5分钟后过期。这是不好的行为,是不是?我的意思是说,如果在与系统用户登录记得我检查,他应该记住很长一段时间,直到他不注销系统或用户不手动删除所有来自浏览器的cookie。如果在没有系统的用户登录记得我检查是否用户关闭浏览器会话他应该在web.config中指定的超时周期值到期后也。问题是,如果用户关闭浏览器并重新打开它,他仍然可以进入该网站无需登录。
I have already stated in above section "I simply need this". user can successfully log in to the system. Their session exists for as much minutes as specified in timeout value in web.config. I have also given a sample of my web.config. In my samplem if i set the timeout to 5 minutes,then user session expires after 5 minutes, that's ok. But if user closes the browser and reopen the browser, user can still enter the website without loggin in untill time specified in "timeout" has not passed out. The sliding expiration for timeout value is also working fine. Now if user logs in to the system with remember me checked, user session still expires after 5 minutes. This is not good behaviour, is it?. I mean to say that if user logs in to the system with remember me checked he should be remembered for a long time untill he doesn't logs out of the system or user doesn't manually deletes all the cookies from the browser. If user logs in to the system without remember me checked his session should expire after the timeout period values specified in web.config and also if users closes the browser. The problem is that if user closes the browser and reopens it he can still enter the website without logging in.
我上网搜索了很多关于这个话题,但我无法得到解决。在博客文章(http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx)由斯科特谷完全相同的题目做。用户抱怨他们的意见同样的事情,UT斯达康有斯科特先生给出不容易解决。
I search internet a lot on this topic, but i could not get the solution. In the blog post(http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx) made by Scott Gu on exactly the same topic. The users are complaining about the same thing in their comments ut there is no easy solution given in by Mr. Scott.
我在以下地方阅读:
<一href=\"http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx\">http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx
http://geekswithblogs.net/vivek/archive/2006/09/14/91191.aspx
I read it at following places: http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx http://geekswithblogs.net/vivek/archive/2006/09/14/91191.aspx
我想这是用户的很多公司的问题。随着似乎从斯科特谷先生的博客文章。
I guess this is a problem of lot's of users. As seem from blog post made by Mr. Scott Gu.
您的帮助将是非常美联社preciated。
先谢谢了。
Your help will be really appreciated. Thanks in advance.
推荐答案
您想要做的是有当了rememberMe选项被选中,比当它被选中一个不同的超时。不幸的是,SetAuthCookie方法不允许您手动设置过期,所以你必须自己做。
What you want to do is have a different timeout when the RememberMe option is checked, than when it is unchecked. Unfortunately, the SetAuthCookie method does not allow you to set the expiration manually, so you'll have to do that yourself.
问题是那么,如何做到这一点?
The problem is then, how to do that?
ASP.NET MVC使用FormsAuthentication类System.Web.Security要做到这一点,因为它不是平凡的,如果你也想支持的配置设置和cookie的浏览和SSL,但我认为,如果你只是这样做:
ASP.NET MVC uses the FormsAuthentication class of System.Web.Security to do that, because it's not trivial if you also want to support the configuration settings and cookieless browsing and SSL, but I think that if you simply do this:
int timeout = rememberMe ? 525600 : 30; // Timeout in minutes, 525600 = 365 days.
var ticket = new FormsAuthenticationTicket(userName, rememberMe, timeout);
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = System.DateTime.Now.AddMinutes(timeout);// Not my line
cookie.HttpOnly = true; // cookie not available in javascript.
Response.Cookies.Add(cookie);
...你会得到你所需要的基本版本。
...you'll get a basic version of what you need.
注:我没有测试此code
这篇关于ASP.NET MVC了rememberMe的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
