Asp.net mvc Cookie值在Cookie过期之前过期
我有一个正在开发的asp.net MVC应用程序,我编写了一个自定义actionfilter,以便根据登录时设置的授权级别过滤某些控制器操作,并将其存储在formsauthentication cookie旁边的加密cookie中,两个cookie都设置为具有相同的过期时间,但由于某种原因,在一段空闲时间后,授权cookie值变为空,我无法调试并在act中捕获它,但它只是消失了 我的actionfilter代码如下所示:Asp.net mvc Cookie值在Cookie过期之前过期,asp.net-mvc,Asp.net Mvc,我有一个正在开发的asp.net MVC应用程序,我编写了一个自定义actionfilter,以便根据登录时设置的授权级别过滤某些控制器操作,并将其存储在formsauthentication cookie旁边的加密cookie中,两个cookie都设置为具有相同的过期时间,但由于某种原因,在一段空闲时间后,授权cookie值变为空,我无法调试并在act中捕获它,但它只是消失了 我的actionfilter代码如下所示: string usersRole = ""; if (filterCont
string usersRole = "";
if (filterContext.HttpContext.Session["role"] != null)
usersRole = filterContext.HttpContext.Session["role"].ToString();
else if (filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value != null)
{
usersRole = filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value;
filterContext.HttpContext.Session["role"] = usersRole;
}
string encryptedRole = EncryptionHelper.Encrypt(RoleToCheckFor);
if (encryptedRole == usersRole || usersRole == EncryptionHelper.Encrypt("Admin")) //if the user's role and role required match, we have success
{
//now we break down the response action based on what role was required
if (RoleToCheckFor == "Admin")
{
}
else if (RoleToCheckFor == "Tech" || RoleToCheckFor == "Admin")
{
}
else if (RoleToCheckFor == "Physician" || RoleToCheckFor == "Admin")
{
}
}
else
{
filterContext.Result = new ViewResult
{
ViewName = "NoAuth",
ViewData = filterContext.Controller.ViewData,
TempData = filterContext.Controller.TempData
};
}
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(60),
rememberMe,
roles);
string encTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
authenticationCookie.HttpOnly = true;
contextBase.Response.Cookies.Add(authenticationCookie);
我对存储角色也这样做。为什么它们并排在一起 我猜你在做这样的事情:
string usersRole = "";
if (filterContext.HttpContext.Session["role"] != null)
usersRole = filterContext.HttpContext.Session["role"].ToString();
else if (filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value != null)
{
usersRole = filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value;
filterContext.HttpContext.Session["role"] = usersRole;
}
string encryptedRole = EncryptionHelper.Encrypt(RoleToCheckFor);
if (encryptedRole == usersRole || usersRole == EncryptionHelper.Encrypt("Admin")) //if the user's role and role required match, we have success
{
//now we break down the response action based on what role was required
if (RoleToCheckFor == "Admin")
{
}
else if (RoleToCheckFor == "Tech" || RoleToCheckFor == "Admin")
{
}
else if (RoleToCheckFor == "Physician" || RoleToCheckFor == "Admin")
{
}
}
else
{
filterContext.Result = new ViewResult
{
ViewName = "NoAuth",
ViewData = filterContext.Controller.ViewData,
TempData = filterContext.Controller.TempData
};
}
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(60),
rememberMe,
roles);
string encTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
authenticationCookie.HttpOnly = true;
contextBase.Response.Cookies.Add(authenticationCookie);
如果您也在使用FormsAuthentication.SetAuthCookie
,我认为您不需要,我也不需要,那么请确保您的配置也将超时设置为60分钟,或者与上述时间相等
从cookie读取值(管道格式)(根据请求)
介意展示一下如何将角色添加到formsauth cookie中,然后检索回这些值吗?是的,这就是我所做的减去固定在cookie末尾的角色,如何从formsauth cookie中提取角色数据吗?介意分享检查用户所处角色的代码吗?@Jimmy在阅读中补充道,写作很简单,我有一个自定义身份验证服务,它将角色列表序列化为管道分隔字符串,例如两个角色的“Admin | Moderator”。@Jimmy我有一个角色枚举,我将其作为属性添加到我的customer AuthorizeAttribute中,所以最后的检查只是filterContext.HttpContext.User.IsInRole(RoleRequired.ToString())。所以,如果用户有这个角色,那么他们就在。不需要角色交叉,但在我确实需要时可以轻松扩展。发现一个可能的问题,我的应用程序正在存储会话ID cookie,该cookie在过期时似乎正在清除我的cookie值