如何注销多个MembershipUsers不属于当前用户？ [英] How to log off multiple MembershipUsers that are not the current user?

问题描述

我使用的MembershipProvider，它是默认的MVC2项目的一部分。

I'm using the MembershipProvider that is part of the MVC2 default project.

我希望能够采取用户名列表，以及日志如果需要，用户离开，并摧毁他们的会话。我似乎来最接近的是这样的：

I'd like to be able to take a list of user names, and log the users off, and destroy their session if needed. The closest I can seem to come is this:

foreach(string userName in UserNames)
{
    MembershipProvider MembershipProvider = new MembershipProvider();
    MembershipUser membershipUser = MembershipProvider.GetUser(userName, true);
    Session.Abandon();
    FormsAuthentication.SignOut();
}

我想我需要使用相关的用户会话和/或signout方法我想退出，但我不确定如果这些会。

I think I need to use a session and/or signout method related the user I want to log out, but I am unsure where those would be.

什么是做到这一点的正确方法？

What is the proper way to do this?

推荐答案

这竟然是不相关这么多的的MembershipProvider，但对FormsService。我最终的解决方案竟然是一种贴在这里的其他两个答案的混合。

This turned out to not be related so much to the MembershipProvider, but to the FormsService. My final solution turned out to be a sort of hybrid of the two other answers posted here.

我结束了创建在登录操作帐户控制我自己的FormsAuthenticationTicket。我生成用于用户的认证会话的唯一标识符，并且该标识符保存到数据库中。我还增加了用户的ID在auth票可靠查找的一部分的UserData。默认情况下，身份验证票仅含自己的用户名。 。然后的FormsAuthenticationTicket存储在成功后，用户的cookie登录

I ended up creating my own FormsAuthenticationTicket in the Account controller in the LogOn action. I generate a unique identifier for the user's authenticated session, and save that identifier to the database. I also added the user's ID to the UserData part of the auth ticket for reliable lookup. By default the auth ticket only contained their user name. The FormsAuthenticationTicket is then stored in a cookie upon successful user log on.

基本上所有的取代了FormsService.SignIn（model.UserName，model.RememberMe）;

Basically all of that replaced the FormsService.SignIn(model.UserName, model.RememberMe);

我在Global.asax添加公共无效Application_ReleaseRequestState（对象发件人，EventArgs参数）。我不知道如果这被认为是扩大功能还是什么，因为它不似乎是一个覆盖。内部Application_ReleaseRequestState它从cookie获取用户的FormsAuthenticationTicket。然后，它解密在auth票，以及来自票的的UserData部获取用户的用户ID。然后询问数据库，如果在auth的车票仍然有效。如果票是无效的，它会将用户的cookie到期。

I also added public void Application_ReleaseRequestState(object sender, EventArgs args) in the Global.asax. I'm not sure if this is considered expanding a function or what, as it does not appear to be an override. Inside of Application_ReleaseRequestState it gets the user's FormsAuthenticationTicket from a cookie. It then decrypts the auth ticket, and gets the user's UserID from the UserData portion of the ticket. Then it asks the database if the auth ticket is still valid. If the ticket is not valid, it sets the user's cookie to expire.

要强制用户注销，我可以改变自己的身份验证票证过期日期在数据库中，或切换禁止位为他们的权威性门票在数据库中。当Application_ReleaseRequestState询问数据库，如果他们的身份验证票是有效无论哪种方式，他们不会。因此，他们的cookies将设置在该检查提出后用户点击下一页到期。

To force users to log off, I can either change their auth ticket expiration dates in the database, or toggle the disable bit for their auth tickets in the database. Either way when Application_ReleaseRequestState asks the database if their auth tickets are valid, they won't be. Thus their cookies will get set to expire upon the next page the user hits after this check was made.

这篇关于如何注销多个MembershipUsers不属于当前用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！