ASP.Net表单验证在10分钟后注销用户 [英] ASP.Net Forms Authentication Logging out users after 10 minutes
问题描述
我有一个非常糟糕的问题,无论我尝试,用户是在10分钟后退出。
我使用ASP.Net 2.0运行在IIS 6.0上运行作为虚拟服务器的Server 2003 R2标准版与所有适用的更新和.Net 3.5 SP1。
客户端是Internet Explorer 7.0
以下是web.config设置:
- >
< authentication mode =Forms>
< forms name =。RecipeViewertimeout =240/>
< / authentication>
以下是用于设置授权Cookie的代码:
Private Sub SetCookie(userName)
'使用安全系统在客户端Cookie中设置UserID
Dim ticket作为新的FormsAuthenticationTicket(1,
Dim hash As String = FormsAuthentication.Encrypt(ticket)
(b)
$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName,hash)
cookie.HttpOnly = True
如果(ticket.IsPersistent)then
cookie.Expires = ticket。 Expiration
End If
Response.Cookies.Add(cookie)
'将浏览器重定向到源页面
Response.Redirect(Request.ApplicationPath)
End Sub
私有函数GetFormsAuthSettings()As System.Web.Configuration.AuthenticationSection
返回DirectCast(System.Configuration.ConfigurationManager.GetSection(system.web / authentication) ,System.Web.Configuration.AuthenticationSection)
结束函数
我以前使用FormsAuthentication .SetAuthCookie,甚至尝试FormsAuthentication.RedirectFromLoginPage方法,但是这两者有相同的结果,这就是为什么我最终做了硬内部(通过在Reflector中查看)的cookie实现,FormAuthentication类做的。 p>
问题是在Visual Studio 2008 asp.net托管环境或IIS 7.0中可重现的 NOT
编辑:启用Cookie,即使托管网站已添加为受信任的
:Google Chrome和Firefox没有此问题。 >EDIT :目标计算机上的验证Cookie设置为根据设置在4小时后过期= 240分钟)。
EDIT :As House说,每个人都在说谎。用户没有实际测试新的代码库,并且正在进行一个预先设想的软件仍然断开的概念。
不关闭此功能,不再相关,而是保留它以帮助用户解决问题,因为有一些非常好的故障排除
$ p也可以(已经)机器钥匙没有被设置,因此每次都被随机生成应用程序已初始化(这意味着加密的身份验证票证将使用新密钥进行加密)。
我使用网站为我的应用程序生成新的machinekey,并将其粘贴在web.config中:
http://www.orcsweb.com/articles/aspnetmachinekey.aspx p>
<?xml version =1.0?>
< configuration>
< appSettings />
< connectionStrings />
< system.web>
<的machineKey的validationKey ='FED01BCB246D3477F5854D60388A701508AD1DF9099BD3CAC3CA4DAF55F7524B8DD3FA03133BBCA381BC1CD639730445968DFA633A97911187EF187456D692F4decryptionKey ='861E7DF7C2D04297EEFAD47FF3B95F54E87CF28D6C2753D8'验证=SHA1/>
< /system.web>
< / configuration>
I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes.
I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1.
The client is Internet Explorer 7.0
Below are the web.config settings:
<!-- Authentication Mode -->
<authentication mode="Forms">
<forms name=".RecipeViewer" timeout="240" />
</authentication>
Below is the code used to set the authorization cookie:
Private Sub SetCookie(userName)
' Use security system to set the UserID within a client-side Cookie
Dim ticket As New FormsAuthenticationTicket(1,userName, DateTime.Now, DateTime.Now.Add(Me.GetFormsAuthSettings.Forms.Timeout), True, String.Empty, FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)
cookie.HttpOnly = True
If (ticket.IsPersistent) Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
' Redirect browser back to originating page
Response.Redirect(Request.ApplicationPath)
End Sub
Private Function GetFormsAuthSettings() As System.Web.Configuration.AuthenticationSection
Return DirectCast(System.Configuration.ConfigurationManager.GetSection("system.web/authentication"), System.Web.Configuration.AuthenticationSection)
End Function
I was previously using the FormsAuthentication.SetAuthCookie as well as even trying the FormsAuthentication.RedirectFromLoginPage methods, but these both had the same result, which is why I ended up doing the hard cookie implementation that is done internally (via viewing in Reflector) that the FormsAuthentication class does.
The issue is NOT reproduceable in the Visual Studio 2008 asp.net hosting environment or in IIS 7.0.
EDIT: Cookies are enabled, even the hosted site has been added as a trusted site.
EDIT: Google Chrome and Firefox do not have this issue.
EDIT: Verified Cookie on target machine is set to expire after 4 hours as per the setting (timeout = 240 minutes).
EDIT: As House says, everyone lies. User did not actually test the new code base and was going on a pre-conceived notion that the software was still broken. Thank you to everyone who replied in this topic.
Not closing this for no longer relevant, but keeping it around to help people troubleshoot the issue as there are some really good troubleshooting techniques in this question.
It could also (have been) that the machinekey was not set and thus being randomly generated every time the app was initialized (which would mean that the encrypted authentication ticket would be salted with a new key).
I use a site to generate a new machinekey for my apps and stick it in the web.config:
http://www.orcsweb.com/articles/aspnetmachinekey.aspx
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<machineKey validationKey='FED01BCB246D3477F5854D60388A701508AD1DF9099BD3CAC3CA4DAF55F7524B8DD3FA03133BBCA381BC1CD639730445968DFA633A97911187EF187456D692F4' decryptionKey='861E7DF7C2D04297EEFAD47FF3B95F54E87CF28D6C2753D8' validation='SHA1'/>
</system.web>
</configuration>
这篇关于ASP.Net表单验证在10分钟后注销用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
