我创建了一个Cookie:
FormsAuthentication.SetAuthCookie(e.EmployeID.ToString(), true);
有了这个,我希望能够保持登录,直到我明确退出,但在30分钟后,我必须重新登录。
这是我的认证课程:
public static class Authorization
{
public static bool Login(string username, string password, bool persist)
{
Employee e = ResourceManager.GetEmployeeByEmail(username);
if (e == null || !ResourceManager.VerifyEmployeePassword(e.EmployeID, password))
{
return false;
}
FormsAuthentication.SetAuthCookie(e.EmployeID.ToString(), persist);
return true;
}
public static void Logout()
{
FormsAuthentication.SignOut();
}
public static string GetUserId()
{
return HttpContext.Current.User.Identity.Name;
}
public static string GetUsername()
{
return GetEmployee().EmployeEmail;
}
public static bool IsAuthenticated()
{
return HttpContext.Current.User.Identity.IsAuthenticated;
}
public static Employee GetEmployee()
{
int id = 0;
int.TryParse(GetUserId(), out id);
return ResourceManager.GetEmployee(id);
}
public static bool IsAdministrator()
{
if (!IsAuthenticated())
{
return false;
}
Employee e = GetEmployee();
if (e != null)
{
return SecurityManager.IsEmployeeAdmin((e.EmployeID));
}
return false;
}
}
}
有什么不对吗?
I have this in my web config:
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
</compilation>
<authentication mode="Forms" />
<webServices>
<protocols>
<add name="HttpGet" />
<add name="HttpPost" />
</protocols>
</webServices>
答案 0 :(得分:2)
除非另有说明,否则身份验证cookie的默认超时值为30分钟。
由于您声称在30分钟后退出,因此我建议您不另行指定。
为此,您必须在web.config文件中设置timeout元素的<form />属性。
例如: -
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="2880" />
</authentication>