FormsAuthentication.Signout问题 - 与任何已解决的cookie问题不同

时间:2015-06-17 14:47:43

标签: c# .net asp.net-mvc cookies webforms

我几天来一直在努力解决这个问题,Stack上没有答案会有所帮助。我正在尝试使用FormsAuthentication.SignOut()和任何其他方式注销,如果在URL中输入路径,它仍然允许用户进入该站点。

以下是一些供参考的登录代码:

if (adAuth.IsAuthenticated(txtDomain.Value, txtUsername.Text, txtPassword.Text))
        {
            string groups = "Member"; //adAuth.GetGroups();

            //Create the ticket, and add the groups.
            bool isCookiePersistent = chkPersist.Checked;
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
                      txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups); //"Member|" + groups);

            //Encrypt the ticket.
            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            //Create a cookie, and then add the encrypted ticket to the cookie as data.
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            if (isCookiePersistent)
                authCookie.Expires = authTicket.Expiration;

            //Add the cookie to the outgoing cookies collection.
            Response.Cookies.Add(authCookie);

            //You can redirect now.
            var redirectUrl = FormsAuthentication.GetRedirectUrl(txtUsername.Text, false);

            Response.Redirect(redirectUrl);
        }
        else
        {
            errorLabel.Text = "Authentication did not succeed. Check user name and password.";
        }

以下是我尝试退出的一些解决方案:

 Response.Cookies["adAuthCookie"].Expires = DateTime.Now.AddDays(-1);

        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetNoStore();
        Response.Cookies.Clear();

        FormsAuthentication.SignOut();
        Session.Abandon();

        HttpContext.User =
new GenericPrincipal(new GenericIdentity(string.Empty), null);

        return Redirect("~/Create/Index");

以下是我在web.config中的内容:

<authentication mode="Forms">
  <forms loginUrl="logon.aspx" defaultUrl="~/Create/Index" name="adAuthCookie" timeout="10" path="/"></forms>
</authentication>
<authorization>
  <deny users="?" />
</authorization>

这就是我在Global.asax中所拥有的:

oid Application_PostAuthenticateRequest(object sender, EventArgs e)
    {
        var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            string encTicket = authCookie.Value;

            if (!String.IsNullOrEmpty(encTicket))
            {
                var ticket = FormsAuthentication.Decrypt(encTicket);
                var id = new UserIdentity(ticket);
                var userRoles = Roles.GetRolesForUser(id.Name);
                var principal = new GenericPrincipal(id, userRoles);

                HttpContext.Current.User = principal;
            }
        }
    }

我还测试过,如果cookie持久或不持久,那并不重要。

此外,注意登录页面是aspx Web表单可能很重要,但项目的其余部分是使用MVC构建的。

这不是重复的,因为当前没有Cookie解决方案正在运行。有没有人知道会发生什么。我肯定错过了什么。谢谢!

更新

我的家庭控制器中的Index()ActionResult上方有一个[Authorize]属性。我注意到,如果我双击注销,它将完全记录用户。我现在可以使用快速修复程序来点击退出按钮上的每次点击吗?

0 个答案:

没有答案