表单身份验证故障单到期检查

时间:2011-01-27 04:49:33

标签: c# asp.net authentication session-timeout

我有一个asp.net应用程序,当我在用户登录时,我正在使用FormAuthentication Ticket ....我想检查FormAuthentication Ticket是否已过期。

其实我有两个场景

  1. 我想检查用户是否经过身份验证或尝试直接访问该网页而无需登录(在这种情况下,我想重定向“Default.aspx”

  2. 如果用户已经过签名和身份验证但发生了超时(在这种情况下,我想重定向到“sexpired.aspx”页面,用户将收到通知“您的会话已过期,请再次登录”链接到“Default.aspx”,它会重定向回到返回网址。请相应地建议和建议解决方案。

    3. 目前我正在每个页面上执行此操作,我认为当Cookie过期时,当用户尝试加载重定向回“Default.aspx”的页面时,User.Identity.IsAuthenticated = false也会导致超时。

    好的,这是我在登录表单代码后面的更新问题:

    protected void LoginButton_Click(object sender, EventArgs e)
{
   if (AuthenticateUser("SPOINT", txtUsername.Text, txtPassword.Text))
   {
        //Fetch the role
        Database db = DatabaseFactory.CreateDatabase();

        //Create Command object
        DbCommand cmd = db.GetStoredProcCommand("Users");

        db.AddInParameter(cmd, "@userid", System.Data.DbType.String, 20);
        db.SetParameterValue(cmd, "@userid", txtUsername.Text);

        db.AddInParameter(cmd, "@fname", System.Data.DbType.String, 80);
        db.SetParameterValue(cmd, "@fname", null);

        db.AddInParameter(cmd, "@lname", System.Data.DbType.String, 80);
        db.SetParameterValue(cmd, "@lname", null);

        db.AddInParameter(cmd, "@phone", System.Data.DbType.String, 50);
        db.SetParameterValue(cmd, "@phone", null);

        db.AddInParameter(cmd, "@mobile", System.Data.DbType.String, 50);
        db.SetParameterValue(cmd, "@mobile", null);

        db.AddInParameter(cmd, "@email", System.Data.DbType.String, 100);
        db.SetParameterValue(cmd, "@email", null);

        db.AddInParameter(cmd, "@uroleids", System.Data.DbType.String, 50);
        db.SetParameterValue(cmd, "@uroleids", null);

        db.AddInParameter(cmd, "@uroles", System.Data.DbType.String, 500);
        db.SetParameterValue(cmd, "@uroles", null);

        db.AddInParameter(cmd, "@umenu", System.Data.DbType.Int16);
        db.SetParameterValue(cmd, "@umenu", null);

        db.AddInParameter(cmd, "@ustatus", System.Data.DbType.String, 1);
        db.SetParameterValue(cmd, "@ustatus", null);

        db.AddInParameter(cmd, "@reqType", System.Data.DbType.String, 1);
        db.SetParameterValue(cmd, "@reqType", "R");

        db.AddOutParameter(cmd, "@retval", DbType.Int16, 2);

        IDataReader reader = db.ExecuteReader(cmd);

        System.Collections.ArrayList roleList = new System.Collections.ArrayList();
        if (reader.Read())
        {
            roleList.Add(reader[0]);
            string myRoles = (string)roleList[0];
            //Read user name
            string uname = (string)reader[1];
            //Read User menu ID
            int menuID = Convert.ToInt16(reader[2]);

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now,
            DateTime.Now.AddMinutes(30), true, myRoles, FormsAuthentication.FormsCookiePath);

            //Read user full name in session variable which will be shared across the whole application
            Session["uid"] = txtUsername.Text;
            Session["ufullname"] = uname; //myname; //uname;
            Session["branch"] = 1;

            //For security reasons we may hash the cookies
            string hashCookies = FormsAuthentication.Encrypt(ticket);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);

            // add the cookie to user browser
            Response.Cookies.Add(cookie);

            //Constructing Menu according to User Role
            string x = buildmenu(menuID);

            Globals.menuString = null;
            Globals.menuString = x;

            string returnURL = "~/Main.aspx";

            //Close reader object to avoid Connection Pooling troubles
            reader.Close();

            if (Request.QueryString["rUrl"] != null)
                Response.Redirect(Request.QueryString["rUrl"]);
            else
                Response.Redirect(returnURL);
        }
        else
        {
            //Validation Error here...
            lblError.Text = "Incorrect UserID/Password entered...";
            return;
        }
    }
    else
    {
        lblError.Text = "Incorrect UserID/Password entered...";
        return;
   }
}

    这是我的代码,我正在检查形成身份验证票据

    if (!HttpContext.Current.User.Identity.IsAuthenticated || !HttpContext.Current.User.IsInRole("Maker"))
    Response.Redirect("~/Default.aspx");

2 个答案:

答案 0 :(得分:0)

如果没有您的登录/验证码,很难确定您的设置方式。

您应该做的第一件事是将会话/ cookie超时设置为会话到期时间+ 1分钟(例如21分钟)

然后你可以写一个HttpModule来检查超时和重定向

public class ExpireModule : IHttpModule {

    public virtual void Init(HttpApplication app) {
        app.PostAuthenticateRequest += new EventHandler(app_PostAuthenticateRequest);
    }

    private void app_PostAuthenticateRequest(object sender, EventArgs e) {
        //check ticket
        //if old, kill login, redirect to session timeout page
    }
}

或者在共享基页(如果有的话)中做同样的事情

通过使会话超时21分钟,您可以使用所有标准身份验证代码

答案 1 :(得分:0)

要设置默认页面在用户未获得授权时打开,请设置loginUrl

另外,请不要忘记检查slidingExpiration是否设置为false

<forms
    name=".ASPXFORMSAUTH"
    loginUrl="Default.aspx"
    defaultUrl="Default.aspx"
    slidingExpiration="true"
    timeout="30" />

MSDN

要检查超时是否结束,请使用Global.asax事件Application_BeginRequest

public class Global : HttpApplication
{   
    protected virtual void Application_BeginRequest(object sender, EventArgs e)
    {
        if (!his.User.Identity.IsAuthenticated)
            this.Response.Redirect("Timeout.aspx");
    }    
}
相关问题
最新问题