我有MVC 5 Web API应用程序,它使用Asp.net身份进行身份验证和授权。这是单页面应用程序,用户可以使用电子邮件和密码登录。如果用户空闲一段时间,我必须显示会话过期弹出窗口。< / p>
我尝试在web.config中使用Session.Timeout。它不起作用,因为我的应用程序不会刷新。所有客户端都使用AJAX通信服务器。
如何根据Cookie超时显示会话过期?
public void ConfigureAuth(IAppBuilder app) {
string expireTimeConfig = WebConfigurationManager.AppSettings["ExpireTime"];
int expireTimeSpan = Convert.ToInt32(expireTimeConfig);
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "APP",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(expireTimeSpan),
SlidingExpiration = true,
Provider = new CookieAuthenticationProvider()
{
// OnValidateIdentity = MyCustomValidateIdentity, //refer to the implementation below
// OnValidateIdentity = ImpersonatingSecurityStampValidator.OnValidateIdentity<UserManager, User>(
//validateInterval: TimeSpan.FromMinutes(10),
//regenerateIdentity: (manager, user) => manager.CreateIdentityAsync(user)),
OnApplyRedirect = ctx =>
{
if (!IsApiRequest(ctx.Request))
{
ctx.Response.Redirect(ctx.RedirectUri);
}
},
OnResponseSignIn = ctx =>
{
var ticks = ctx.Options.SystemClock.UtcNow.AddHours(10).UtcTicks;
ctx.Properties.Dictionary.Add("absolute", ticks.ToString());
},
OnValidateIdentity = ctx =>
{
bool reject = true;
string value;
if (ctx.Properties.Dictionary.TryGetValue("absolute", out value))
{
long ticks;
if (Int64.TryParse(value, out ticks))
{
reject = ctx.Options.SystemClock.UtcNow.UtcTicks > ticks;
}
}
if (reject)
{
ctx.RejectIdentity();
// optionally clear cookie
ctx.OwinContext.Authentication.SignOut(ctx.Options.AuthenticationType);
}
return Task.FromResult(0);
}
},
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
if (Convert.ToBoolean(WebConfigurationManager.AppSettings["OAuth"].ToString()))
{
// Uncomment the following lines to enable logging in with third party login providers
app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions
{
ClientId = WebConfigurationManager.AppSettings["microsoftClientId"].ToString(),
ClientSecret = WebConfigurationManager.AppSettings["microsoftClientSecret"].ToString(),
Scope =
{
"wl.basic", "wl.emails"
}
});
app.UseTwitterAuthentication(
consumerKey: WebConfigurationManager.AppSettings["twitterConsumerKey"].ToString(),
consumerSecret: WebConfigurationManager.AppSettings["twitterConsumerSecret"].ToString());
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = WebConfigurationManager.AppSettings["facebookAppId"].ToString(),
AppSecret = WebConfigurationManager.AppSettings["facebookAppSecret"].ToString(),
Scope = { "email" }
});
var options = new GoogleOAuth2AuthenticationOptions
{
ClientId = WebConfigurationManager.AppSettings["googleClientId"].ToString(),
ClientSecret = WebConfigurationManager.AppSettings["googleClientSecret"].ToString(),
Provider = new GoogleOAuth2AuthenticationProvider
{
OnAuthenticated = async context =>
{
string accessToken = context.AccessToken;
// Retrieve the name of the user in Google
string googleName = context.Name;
// Retrieve the user's email address
string googleEmailAddress = context.Email;
// You can even retrieve the full JSON-serialized user
var serializedUser = context.User;
}
}
};
app.UseGoogleAuthentication(options);
app.UseLinkedInAuthentication(
clientId: WebConfigurationManager.AppSettings["linkedInClientId"].ToString(),
clientSecret: WebConfigurationManager.AppSettings["linkedInClientSecret"].ToString());
app.UseYahooAuthentication(consumerKey: WebConfigurationManager.AppSettings["yahooConsumerKey"].ToString(),
consumerSecret: WebConfigurationManager.AppSettings["yahooConsumerSecret"].ToString());
}
// app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions( ));
app.MapSignalR();
}
如何在客户端上阅读ExpireTimeSpan并显示会话超时弹出窗口?
答案 0 :(得分:0)
基本上将onload添加到调用StartTimers()的body标记中。您还可以在body标签上添加onmousemove,该标签调用ResetTimer(),以便只要页面上存在活动,就不会触发超时。如果页面上没有鼠标活动,则显示对话框,如果检测到移动,则对话框关闭,计时器重置。
示例:
as// Set timeout variables.
var timoutWarning = 60000; // Display warning in 1Mins.
var timoutNow = 120000; // Timeout in 2 mins.
var logoutUrl = 'http://www.asp.net; // URL to logout page.
var warningTimer;
var timeoutTimer;
// Start timers.
function StartTimers() {
warningTimer = setTimeout("IdleWarning()", timoutWarning);
timeoutTimer = setTimeout("IdleTimeout()", timoutNow);
}
// Reset timers.
function ResetTimers() {
clearTimeout(warningTimer);
clearTimeout(timeoutTimer);
StartTimers();
$("#timeout").dialog('close');
}
// Show idle timeout warning dialog.
function IdleWarning() {
$("#timeout").dialog({
modal: true
});
}
// Logout the user.
function IdleTimeout() {
window.location = logoutUrl;
}