Asp.net mvc 我们可以为ASP.NET MVC 5中的角色设置个性化会话超时吗
其思想是为会话设置不同的会话超时值 ASP.NET MVC 5和ASP.NET Identity中的不同用户角色Asp.net mvc 我们可以为ASP.NET MVC 5中的角色设置个性化会话超时吗,asp.net-mvc,asp.net-mvc-5,asp.net-identity,roles,session-timeout,Asp.net Mvc,Asp.net Mvc 5,Asp.net Identity,Roles,Session Timeout,其思想是为会话设置不同的会话超时值 ASP.NET MVC 5和ASP.NET Identity中的不同用户角色 app.UseCookieAuthentication(new CookieAuthenticationOptions { // other stuff Provider = new CookieAuthenticationProvider { // this function is executed every http request an
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
// other stuff
Provider = new CookieAuthenticationProvider
{
// this function is executed every http request and executed very early in the pipeline
// and here you have access to cookie properties and other low-level stuff.
// makes sense to have the invalidation here
OnValidateIdentity = async context =>
{
// invalidate user cookie if user's security stamp have changed
var invalidateBySecirityStamp = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager));
await invalidateBySecirityStamp.Invoke(context);
// check if user is in admin role
var isAdmin = context.Identity.Claims.Any(c => c.Type == ClaimTypes.Role && c.Value == "AdminRoleName");
// check if enough time has passed to invalidate cookie
var currentUtc = DateTimeOffset.UtcNow;
if (context.Options != null && context.Options.SystemClock != null)
{
currentUtc = context.Options.SystemClock.UtcNow;
}
var issuedUtc = context.Properties.IssuedUtc;
var bootThemOut = (issuedUtc == null);
if (issuedUtc != null)
{
var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
bootThemOut = timeElapsed > TimeSpan.FromMinutes(3); // invalidate admin cookies in 3 minutes
}
if (isAdmin && bootThemOut)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
}
}
});
可以这样做吗?根据他们的角色,您可以设置超时,即
HttpContext.Current.Session.Timeout = 20;
根据前面的问题,您希望动态地执行此操作。您可以在会话中存储和更新时间,并在基本控制器的OnActionExecuting
上为每个角色设置时间
if (User.IsInRole("Admin"))
{
filterContext.HttpContext.Session.Timeout =
(int)filterContext.HttpContext.Session["AdminTimeoutThatYouSetSomewhereElseGlobally"];
}
如果您试图比普通用户更快地启动管理员,这里是我在这个in-Identity上的存根
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
// other stuff
Provider = new CookieAuthenticationProvider
{
// this function is executed every http request and executed very early in the pipeline
// and here you have access to cookie properties and other low-level stuff.
// makes sense to have the invalidation here
OnValidateIdentity = async context =>
{
// invalidate user cookie if user's security stamp have changed
var invalidateBySecirityStamp = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager));
await invalidateBySecirityStamp.Invoke(context);
// check if user is in admin role
var isAdmin = context.Identity.Claims.Any(c => c.Type == ClaimTypes.Role && c.Value == "AdminRoleName");
// check if enough time has passed to invalidate cookie
var currentUtc = DateTimeOffset.UtcNow;
if (context.Options != null && context.Options.SystemClock != null)
{
currentUtc = context.Options.SystemClock.UtcNow;
}
var issuedUtc = context.Properties.IssuedUtc;
var bootThemOut = (issuedUtc == null);
if (issuedUtc != null)
{
var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
bootThemOut = timeElapsed > TimeSpan.FromMinutes(3); // invalidate admin cookies in 3 minutes
}
if (isAdmin && bootThemOut)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
}
}
});
app.UseCookieAuthentication(新的CookieAuthenticationOptions
{
//其他东西
Provider=新CookieAuthenticationProvider
{
//此函数在每个http请求中执行,并在管道中很早就执行
//在这里,您可以访问cookie属性和其他低级内容。
//在这里进行无效宣告是有意义的
OnValidateIdentity=异步上下文=>
{
//如果用户的安全戳已更改,则使用户cookie无效
var invalidatebyscuritystamp=SecurityStampValidator.OnValidateIdentity(
validateInterval:TimeSpan.FromMinutes(30),
regenerateIdentity:(管理器,用户)=>user.GenerateUserIdentityAsync(管理器));
等待InvalidateBySecurityStamp.Invoke(上下文);
//检查用户是否处于管理员角色
var isAdmin=context.Identity.Claims.Any(c=>c.Type==ClaimTypes.Role&&c.Value==AdminRoleName);
//检查是否有足够的时间使cookie无效
var currentUtc=DateTimeOffset.UtcNow;
if(context.Options!=null&&context.Options.SystemClock!=null)
{
currentUtc=context.Options.SystemClock.UtcNow;
}
var issuedUtc=context.Properties.issuedUtc;
var bootThemOut=(issuedUtc==null);
如果(issuedUtc!=null)
{
var timeappeased=currentUtc.Subtract(issuedUtc.Value);
bootshemout=timeappeased>TimeSpan.FromMinutes(3);//在3分钟内使管理员cookie无效
}
if(isAdmin&&bootThemOut)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
}
}
});
它是否适用于ASP.NET MVC 5和ASP.NET Identity?是否适用于Mvc5。您是如何实现身份的?你有基地控制器吗?应该没问题。您对用户的检查可能不同,但会话是相同的。仅当您使用默认情况下未启用的会话时,该检查才有效,AFAIKI发现这篇文章让我更好地理解了上面的答案:ASPNET Identity Cookie身份验证超时用于Identity和MVC5:我们如何使用此解决方案实现SlidingExpiration=true
行为?我阅读了文章,一步一步说“由于用户在位置a的validateInterval之后发出了请求,因此他们将注销并再次提示输入凭据。“。如果我们不想等到validateInterval之后呢?如果用户在位置a更改密码,我希望该用户被强制立即在位置B登录。请您帮忙好吗?@CodingYoshi好的,在密码更新时,更改SecurityStamp
字段,并将validateInterval
设置为足够小,以满足您的“立即”要求。尽管我不建议将其设置为少于几秒钟。