MVC 2身份验证。 cookie更快失去验证

时间:2012-03-16 17:17:50

标签: asp.net-mvc-2 cookies

转换MVC后,MVC 2我遇到身份验证问题。在这个项目中使用了标准会员资格。

[HandleError]
public class AccountController : Controller
{
    private readonly IServiceFactory _modelFactory;

    public AccountController(IServiceFactory _modelFactory)
    {
        this._modelFactory = _modelFactory;
    }


    public ActionResult LogOn()
    {
        return View();
    }

    [HttpPost]
    public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl)
    {
        if (!this.ValidateLogOn(userName, password))
        {
            return View();
        }

        FormsAuthentication.RedirectFromLoginPage(userName, rememberMe);
        //FormsAuthentication.SetAuthCookie(userName, rememberMe);
        if (!String.IsNullOrEmpty(returnUrl))
        {
            return Redirect(returnUrl);
        }

        return RedirectToAction(ControllerNaming.Action<AdminController>(x => x.Dashboard()), ControllerNaming.Name<AdminController>());
    }

    public ActionResult LogOff()
    {
        FormsAuthentication.SignOut();

        return RedirectToAction(ControllerNaming.Action<HomeController>(x => x.Default()), ControllerNaming.Name<HomeController>());
    }


    protected override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.User.Identity is WindowsIdentity)
        {
            throw new InvalidOperationException("Windows authentication is not supported.");
        }
    }

    #region Validation Methods

    private bool ValidateLogOn(string userName, string password)
    {
        if (String.IsNullOrEmpty(userName))
        {
            ModelState.AddModelError("username", "You must specify a username.");
        }
        if (String.IsNullOrEmpty(password))
        {
            ModelState.AddModelError("password", "You must specify a password.");
        }
        if (!this.IsValidateUserNameAndPassword(userName, password))
        {
            ModelState.AddModelError("password", "Password is not valid.");
            Thread.Sleep(5000);
        }

        return ModelState.IsValid;
    }

    private bool IsValidateUserNameAndPassword(string userName, string password)
    {
        IUser user = this._modelFactory.UserService.Login(userName, password);

        return user.IsValid;
    }

    #endregion
}

并设置

<authentication mode="Forms">
  <forms cookieless="UseCookies" loginUrl="~/Account/LogOn" slidingExpiration="true" timeout="3000" />
</authentication>

我检查浏览,我看到了身份验证cookie。但是如果我在页面上没什么可做的话,应用程序想要在1-5分钟后再次登录

sessionState 

<sessionState timeout="150" ></sessionState>

但我有一个有趣的事实。此应用程序在本地IIS中正常工作。但当我搬到Hosting时,我遇到了这个问题。

0 个答案:

没有答案
相关问题
最新问题