1. 首頁
  2. 問答
  3. .net表單身份驗證問題

.net表單身份驗證問題

2011-01-13 152 views
1

我正在使用mvc.net中的自定義登錄頁面。我檢查登錄像這樣:.net表單身份驗證問題

public bool Login(string login, string password, bool persistent) 
{ 
    var loginEntity = this.AdminRepository.GetLogin(login, password); 
    if (loginEntity != null) 
    { 
    FormsAuthentication.SetAuthCookie(login, persistent); 

    HttpContext.Current.Session["AdminId"] = loginEntity.AdminId; 
    HttpContext.Current.Session["AdminUsername"] = loginEntity.Username; 

    return true; 
    }

然後我裝點需要與過濾器屬性的管理權限的任何控制器:

public override void OnActionExecuting(ActionExecutingContext filterContext) 
{ 
    var ctx = HttpContext.Current; 

    // check if session is supported 
    if (ctx.Session != null) 
    { 
    var redirectTargetDictionary = new RouteValueDictionary(); 

    // check if a new session id was generated 
    if (ctx.Session.IsNewSession) 
    { 
     // If it says it is a new session, but an existing cookie exists, then it must 
     // have timed out 
     string sessionCookie = ctx.Request.Headers["Cookie"]; 
     if (((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) || null == sessionCookie) 
     { 
      redirectTargetDictionary = new RouteValueDictionary(); 
      redirectTargetDictionary.Add("area", "Admin"); 
      redirectTargetDictionary.Add("action", "LogOn"); 
      redirectTargetDictionary.Add("controller", "Home"); 

      filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
     } 
     } else if (SessionContext.AdminId == null) { 
     redirectTargetDictionary = new RouteValueDictionary(); 
     redirectTargetDictionary.Add("area", "Admin"); 
     redirectTargetDictionary.Add("action", "LogOn"); 
     redirectTargetDictionary.Add("controller", "Home"); 

     filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
     } 
    } 
    base.OnActionExecuting(filterContext); 
}

我看到日誌後我有兩個餅乾:

  1. ASPXAUTH(過期日期將 設置爲「會話結束時」( 持續存在時爲false)或(現在爲 (當persist設置爲true時)爲30分鐘
  2. 和ASP.NET_SessionId這 到期時間始終是「在 會議結束」

問: 的問題是,即使我設置爲TRUE,以「堅持」選項(這將設置ASPXAUTH到期時間從現在開始30分鐘 - 這很好)我關閉並重新打開瀏覽器後,Session [「AdminId」]始終爲空。當我最初將「持續」設置爲true並關閉然後重新打開瀏覽窗口時,如何確保我的會話(會話[「AdminId」]和會話[「AdminUsername」])從Cookie中被拉入。 謝謝

來源

2011-01-13 ShaneKm

+1

持久性的工作參數設置,如果設置爲true,過期的cookie屬性。你在你的web.config中設置了Expires到了什麼。你有沒有試過用ie來檢查cookie的內容。提琴手,看看過期是否設置? – 2011-01-13 21:52:30

回答

0

,我發現我的解決方案在這裏:Is it possible to use .ASPXAUTH for my own logging system?

,這就是我所做的:

public class SessionExpireFilterAttribute : ActionFilterAttribute 
{ 
    /// <summary> 
    /// Controller action filter is used to check whether the session is still active. If the session has expired filter redirects to the login screen. 
    /// </summary> 
    /// <param name="filterContext"></param> 
    public override void OnActionExecuting(ActionExecutingContext filterContext) 
    { 
     var ctx = HttpContext.Current; 

     // check if session is supported 
     if (ctx.Session != null) 
     { 
      // check if a new session id was generated 
      if (ctx.Session.IsNewSession) 
      { 
       var identity = ctx.User.Identity; 

       // If it says it is a new session, but an existing cookie exists, then it must 
       // have timed out 
       string sessionCookie = ctx.Request.Headers["Cookie"]; 
       if (((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) || null == sessionCookie) 
       { 
        var redirectTargetDictionary = new RouteValueDictionary(); 
        redirectTargetDictionary.Add("area", string.Empty); 
        redirectTargetDictionary.Add("action", "LogOn"); 
        redirectTargetDictionary.Add("controller", "User"); 

        filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
       } 

       // Authenticated user, load session info 
       else if (identity.IsAuthenticated) 
       { 
        var loginRepository = new LoginRepository(InversionOfControl.Container.Resolve<IDbContext>()); 
        IAuthenticationService authenticationService = new AuthenticationService(loginRepository); 
        authenticationService.SetLoginSession(identity.Name); 
       } 
      } 
      else if (SessionContext.LoginId == null) 
      { 
       var redirectTargetDictionary = new RouteValueDictionary(); 
       redirectTargetDictionary.Add("area", string.Empty); 
       redirectTargetDictionary.Add("action", "LogOn"); 
       redirectTargetDictionary.Add("controller", "User"); 

       filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary); 
      } 
     } 
     base.OnActionExecuting(filterContext); 
    } 
}

來源

2011-01-14 12:12:47 ShaneKm

0

具有到期時間的cookie會寫入磁盤。因此,如果cookie未過期,用戶在下次打開瀏覽器時仍然會登錄。

會話cookie僅存儲在內存中,並且只要瀏覽器關閉就會丟失。

會話cookie是一個沒有過期日期的cookie。

來源

2011-01-13 22:31:47

+0

即使我設置爲true,我的ASP.NET_SessionId cookie也沒有到期日期。 ? – ShaneKm 2011-01-14 07:59:59

相關問題

 相關問題