Asp.net mvc .net表单身份验证问题
我正在mvc.net中开发一个自定义登录页面。我会像这样检查登录:Asp.net mvc .net表单身份验证问题,asp.net-mvc,form-authentication,Asp.net Mvc,Form Authentication,我正在mvc.net中开发一个自定义登录页面。我会像这样检查登录: public bool Login(string login, string password, bool persistent) { var loginEntity = this.AdminRepository.GetLogin(login, password); if (loginEntity != null) { FormsAuthentication.SetAuthCookie(login, pers
public bool Login(string login, string password, bool persistent)
{
var loginEntity = this.AdminRepository.GetLogin(login, password);
if (loginEntity != null)
{
FormsAuthentication.SetAuthCookie(login, persistent);
HttpContext.Current.Session["AdminId"] = loginEntity.AdminId;
HttpContext.Current.Session["AdminUsername"] = loginEntity.Username;
return true;
}
然后,我用过滤器属性装饰任何需要管理员访问权限的控制器:
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var ctx = HttpContext.Current;
// check if session is supported
if (ctx.Session != null)
{
var redirectTargetDictionary = new RouteValueDictionary();
// check if a new session id was generated
if (ctx.Session.IsNewSession)
{
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out
string sessionCookie = ctx.Request.Headers["Cookie"];
if (((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) || null == sessionCookie)
{
redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("area", "Admin");
redirectTargetDictionary.Add("action", "LogOn");
redirectTargetDictionary.Add("controller", "Home");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
} else if (SessionContext.AdminId == null) {
redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("area", "Admin");
redirectTargetDictionary.Add("action", "LogOn");
redirectTargetDictionary.Add("controller", "Home");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
}
base.OnActionExecuting(filterContext);
}
我看到登录后我有两个cookie:
谢谢具有过期时间的cookie将被写入磁盘。因此,如果cookie未过期,用户下次打开浏览器时仍将登录 会话cookie仅存储在内存中,并且在浏览器关闭后立即丢失 会话cookie是一种没有过期日期的cookie。我在这里找到了解决方案: 这就是我所做的:
public class SessionExpireFilterAttribute : ActionFilterAttribute
{
/// <summary>
/// Controller action filter is used to check whether the session is still active. If the session has expired filter redirects to the login screen.
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var ctx = HttpContext.Current;
// check if session is supported
if (ctx.Session != null)
{
// check if a new session id was generated
if (ctx.Session.IsNewSession)
{
var identity = ctx.User.Identity;
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out
string sessionCookie = ctx.Request.Headers["Cookie"];
if (((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) || null == sessionCookie)
{
var redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("area", string.Empty);
redirectTargetDictionary.Add("action", "LogOn");
redirectTargetDictionary.Add("controller", "User");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
// Authenticated user, load session info
else if (identity.IsAuthenticated)
{
var loginRepository = new LoginRepository(InversionOfControl.Container.Resolve<IDbContext>());
IAuthenticationService authenticationService = new AuthenticationService(loginRepository);
authenticationService.SetLoginSession(identity.Name);
}
}
else if (SessionContext.LoginId == null)
{
var redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("area", string.Empty);
redirectTargetDictionary.Add("action", "LogOn");
redirectTargetDictionary.Add("controller", "User");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
}
base.OnActionExecuting(filterContext);
}
}
公共类SessionExpireFilterAttribute:ActionFilterAttribute
{
///
///控制器操作筛选器用于检查会话是否仍处于活动状态。如果会话已过期,筛选器将重定向到登录屏幕。
///
///
公共覆盖无效OnActionExecuting(ActionExecutingContext filterContext)
{
var ctx=HttpContext.Current;
//检查是否支持会话
如果(ctx.Session!=null)
{
//检查是否生成了新的会话id
if(ctx.Session.IsNewSession)
{
var identity=ctx.User.identity;
//如果它说这是一个新会话,但存在一个现有cookie,那么它必须
//超时
字符串sessioncokie=ctx.Request.Headers[“Cookie”];
if(((null!=sessionokie)&&(sessionokie.IndexOf(“ASP.NET_SessionId”)>=0))| | null==sessionokie)
{
var redirectTargetDictionary=新的RouteValueDictionary();
redirectTargetDictionary.Add(“area”,string.Empty);
redirectTargetDictionary.Add(“操作”、“登录”);
redirectTargetDictionary.Add(“控制器”、“用户”);
filterContext.Result=新的RedirectToRouteResult(redirectTargetDictionary);
}
//已验证的用户,加载会话信息
else if(身份验证)
{
var loginRepository=新的loginRepository(InversionOfControl.Container.Resolve());
IAAuthenticationService authenticationService=新的authenticationService(loginRepository);
authenticationService.SetLoginSession(identity.Name);
}
}
else if(SessionContext.LoginId==null)
{
var redirectTargetDictionary=新的RouteValueDictionary();
redirectTargetDictionary.Add(“area”,string.Empty);
redirectTargetDictionary.Add(“操作”、“登录”);
redirectTargetDictionary.Add(“控制器”、“用户”);
filterContext.Result=新的RedirectToRouteResult(redirectTargetDictionary);
}
}
base.OnActionExecuting(filterContext);
}
}
persistent参数通过将cookie的Expires属性设置为true来工作。您在web.config中将Expires设置为什么。您是否尝试使用ie.Fiddler检查cookie的内容以查看是否设置了Expires?即使我将Persisted设置为true,我的ASP.NET_SessionId cookie也没有过期日期。?如果o不设置,默认值为30分钟是的,可以,但如何从cookie中提取会话内容。请参阅上面编辑的问题。谢谢