在asp.net中没有任何理由退出

时间:2012-12-10 14:43:41

标签: asp.net asp.net-membership membership-provider

我用asp.net创建一个网站,它运行正常。但有时它会在没有任何理由的情况下将用户从帐户中删除。我在网络配置中提到会话和网络表单超时。但它又发生了。 而且我的会议数据也不算太多。例如一个字!(期刊x)。 任何身体可以帮助我吗?...我变得困惑! 这是我的网络配置:

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <appSettings>
    <add key="ChartImageHandler" value="storage=session;timeout=5;" />
  </appSettings>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />


    <handlers>
      <remove name="ChartImageHandler" />
      <add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST"
        path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </handlers>
  </system.webServer>
  <system.net>

    <mailSettings>
      <smtp from="waag@waag.ir">
        <network host="mail.waag.ir" port="25" userName="*****" password="*****"/>
      </smtp>
    </mailSettings>
  </system.net>
  <connectionStrings>

    <!--<add name="dbconn" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
        <add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>-->


    <add name="dbconn" connectionString="Password=****;Persist Security Info=True;User ID=****;Initial Catalog=esfahanhost_****;Data Source=174.142.4.132" providerName="System.Data.SqlClient" />

    <remove name="LocalSqlServer"/>

    <add name="LocalSqlServer" connectionString="Password=****;Persist Security Info=True;User ID=****;Initial Catalog=esfahanhost_****;Data Source=174.142.4.132" providerName="System.Data.SqlClient" />


  </connectionStrings>
  <system.web>





    <httpHandlers>
      <add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
        validate="false" />
    </httpHandlers>
    <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">

      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="dbconn"
           enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
           maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
           applicationName="/" />

      </providers>
    </membership>


    <sessionState mode="InProc" timeout="30"/>
    <roleManager enabled="true"/>
    <authentication mode="Forms">  
      <forms timeout="30" slidingExpiration="true" name="AC7.ASPXAUTH" />
    </authentication>

      <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
        <assemblies>

          <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
          <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        </assemblies>
      </compilation>
      <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false">
          <controls>
              <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting"
                  assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          </controls>

      </pages>

  </system.web>

</configuration>

1 个答案:

答案 0 :(得分:0)

登录信息存储在一个cookie上,如果您没有在web.config上设置cookie,那么从www.domain.com移动到domain.com,cookie就不起作用了并可以退出。

因此,请将表单标记上的domain设置为(不要放置www):

<authentication mode="Forms">  
  <forms domain="yoursitename.com" timeout="30" slidingExpiration="true" name="AC7.ASPXAUTH" />
</authentication>

还在roleManager标记和Cookie标记上设置

更多阅读:
Can some hacker steal the cookie from a user and login with that name on a web site?
Multiple applications using same login database logging each other out

相关问题
最新问题