我几天来一直在努力解决这个问题,Stack上没有答案会有所帮助。我正在尝试使用FormsAuthentication.SignOut()和任何其他方式注销,如果在URL中输入路径,它仍然允许用户进入该站点。
以下是一些供参考的登录代码:
if (adAuth.IsAuthenticated(txtDomain.Value, txtUsername.Text, txtPassword.Text))
{
string groups = "Member"; //adAuth.GetGroups();
//Create the ticket, and add the groups.
bool isCookiePersistent = chkPersist.Checked;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups); //"Member|" + groups);
//Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (isCookiePersistent)
authCookie.Expires = authTicket.Expiration;
//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
//You can redirect now.
var redirectUrl = FormsAuthentication.GetRedirectUrl(txtUsername.Text, false);
Response.Redirect(redirectUrl);
}
else
{
errorLabel.Text = "Authentication did not succeed. Check user name and password.";
}
以下是我尝试退出的一些解决方案:
Response.Cookies["adAuthCookie"].Expires = DateTime.Now.AddDays(-1);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Response.Cookies.Clear();
FormsAuthentication.SignOut();
Session.Abandon();
HttpContext.User =
new GenericPrincipal(new GenericIdentity(string.Empty), null);
return Redirect("~/Create/Index");
以下是我在web.config中的内容:
<authentication mode="Forms">
<forms loginUrl="logon.aspx" defaultUrl="~/Create/Index" name="adAuthCookie" timeout="10" path="/"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
这就是我在Global.asax中所拥有的:
oid Application_PostAuthenticateRequest(object sender, EventArgs e)
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
string encTicket = authCookie.Value;
if (!String.IsNullOrEmpty(encTicket))
{
var ticket = FormsAuthentication.Decrypt(encTicket);
var id = new UserIdentity(ticket);
var userRoles = Roles.GetRolesForUser(id.Name);
var principal = new GenericPrincipal(id, userRoles);
HttpContext.Current.User = principal;
}
}
}
我还测试过,如果cookie持久或不持久,那并不重要。
此外,注意登录页面是aspx Web表单可能很重要,但项目的其余部分是使用MVC构建的。
这不是重复的,因为当前没有Cookie解决方案正在运行。有没有人知道会发生什么。我肯定错过了什么。谢谢!
更新
我的家庭控制器中的Index()ActionResult上方有一个[Authorize]属性。我注意到,如果我双击注销,它将完全记录用户。我现在可以使用快速修复程序来点击退出按钮上的每次点击吗?