問(wèn)題描述
如果會(huì)話(huà)已過(guò)期并且用戶(hù)單擊指向另一個(gè) Web 表單的鏈接,asp.net 身份驗(yàn)證會(huì)自動(dòng)將用戶(hù)重定向到登錄頁(yè)面.
但是,在某些情況下,用戶(hù)不會(huì)點(diǎn)擊其他網(wǎng)絡(luò)表單的鏈接.例如:在 gridviews 中編輯鏈接,當(dāng)使用帶有文本框的 AutoCompleteExtender 并且應(yīng)用程序嘗試獲取信息時(shí),基本上,在每次回發(fā)完成并且事件不會(huì)由 asp.net 身份驗(yàn)證自動(dòng)處理的情況下.
處理這些異常的最佳方法是什么?
更新:我剛剛修改了問(wèn)題標(biāo)題:表單身份驗(yàn)證超時(shí),而不是初始會(huì)話(huà)超時(shí).感謝您讓我意識(shí)到這種差異.
更新:我剛剛針對(duì)我面臨的具體問(wèn)題創(chuàng)建了一個(gè)新問(wèn)題:如何使用 UpdatePanel 處理因身份驗(yàn)證票過(guò)期而導(dǎo)致的異常?.令人驚訝的是,我沒(méi)有找到太多關(guān)于它的信息.非常感謝您的幫助.
這就是為什么許多系統(tǒng)在頁(yè)面上包含計(jì)時(shí)器來(lái)給出近似超時(shí)時(shí)間的原因.這對(duì)于交互式頁(yè)面來(lái)說(shuō)很難.確實(shí)需要鉤住ajax函數(shù),看返回狀態(tài)碼,有點(diǎn)難.一種替代方法是使用基于以下內(nèi)容的代碼,該代碼在頁(yè)面生命周期的早期運(yùn)行并執(zhí)行 ajax 重定向到登錄頁(yè)面.否則你會(huì)被困在試圖攔截來(lái)自 ajax 的返回代碼,并且在 ajax 為你完成的 asp.net 中(即不是像 jQuery 這樣的更手動(dòng)的方法)你會(huì)失去這種檢測(cè)的便利性.
http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspxp>
為了快速破解,您可以直接在 pre_init 中嘗試http://forums.asp.net/t/1193501.aspx
編輯需要的是表單身份驗(yàn)證超時(shí),而不是會(huì)話(huà)超時(shí).表單身份驗(yàn)證超時(shí)的運(yùn)行規(guī)模與會(huì)話(huà)超時(shí)不同.會(huì)話(huà)超時(shí)隨著每個(gè)請(qǐng)求而更新.直到一半時(shí)間過(guò)去,表單身份驗(yàn)證票才會(huì)真正更新.因此,如果您將超時(shí)設(shè)置為一小時(shí)并在 25 分鐘內(nèi)發(fā)送一個(gè)請(qǐng)求,則會(huì)話(huà)將重置為一小時(shí)超時(shí),表單身份驗(yàn)證票不會(huì)被觸及并在 35 分鐘內(nèi)到期!要解決此問(wèn)題,請(qǐng)同步會(huì)話(huà)超時(shí)和表單身份驗(yàn)證票.這樣你仍然可以只檢查會(huì)話(huà)超時(shí).如果您不喜歡這樣,那么仍然 - 執(zhí)行以下操作并同步超時(shí),然后解析身份驗(yàn)證票并讀取其超時(shí).您可以使用 FormsAuthentication.Decrypt 來(lái)做到這一點(diǎn) - 請(qǐng)參閱:
從asp.net代碼后面讀取表單身份驗(yàn)證cookie
請(qǐng)注意,此代碼要求在登錄時(shí)設(shè)置一些會(huì)話(huà)值 - 在本例中為UniqueUserId".還要更改下面的登錄頁(yè)面路徑以適合您的.
<代碼>protected void Application_PreRequestHandlerExecute(對(duì)象發(fā)送者,EventArgs e){//只有在可用時(shí)才訪(fǎng)問(wèn)會(huì)話(huà)狀態(tài)if (Context.Handler 是 IRequiresSessionState || Context.Handler 是 IReadOnlySessionState){//如果我們通過(guò)了身份驗(yàn)證并且我們?cè)谶@里沒(méi)有會(huì)話(huà).. 重定向到登錄頁(yè)面.HttpCookie authenticationCookie = Request.Cookies[FormsAuthentication.FormsCookieName];if (authenticationCookie != null){FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt(authenticationCookie.Value);if (!authenticationTicket.Expired){if (Session["UniqueUserId"] == null){//這意味著由于某種原因會(huì)話(huà)在身份驗(yàn)證票證之前過(guò)期.強(qiáng)制登錄.FormsAuthentication.SignOut();Response.Redirect("Login.aspx", true);返回;}}}}}If the session has expired and the user clicks on a link to another webform, the asp.net authentication automatically redirect the user to the login page.
However, there are cases when the user does not click on links to other webforms. For example: edit link in gridviews, when using AutoCompleteExtender with textboxes and the application attempts to get the information, and basically, in every case when a postback is done and the event is not automatically handled by the asp.net authentication.
What is the best way to handle these exceptions?
UPDATE: I have just modified the question title: forms authentication timeout, instead of the initial session timeout. Thanks for making me aware of this difference.
UPDATE: I have just created a new question with the specific problem I am facing: How to handle exception due to expired authentication ticket using UpdatePanel?. Surprisingly, I have not found much information about it. I would really appreciate your help.
This is why many systems include timers on the page to give approximate timeout times. This is tough with interactive pages. You really need to hook ajax functions and look at the return status code, which is a bit difficult. One alternative is to use code based on the following which runs early in the page lifecycle and perform an ajax redirect to a login page. Otherwise you are stuck trying to intercept the return code from ajax and in asp.net where the ajax is done 'for you' (ie not a more manual method like jQuery) you lose this ease of detection.
http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspx
for a quick hack you can try it directly in pre_init http://forums.asp.net/t/1193501.aspx
Edit what is wanted are for forms auth timeouts, not session timeouts. Forms auth timeouts operate on a different scale than session timeouts. Session timeouts update with every request. Forms auth tickets aren't actually updated until half of the time goes by. So if you have timeouts set to an hour and send in one request 25 minutes into it, the session is reset to an hour timeout, the forms auth ticket isnt touched and expires in 35 minutes! To work around this, sync up the session timeout and the forms auth ticket. This way you can still just check session timeouts. If you don't like this then still - do the below and sync up the timeouts and then parse the auth ticket and read its timeout. You can do that using FormsAuthentication.Decrypt - see:
Read form authentication cookie from asp.net code behind
Note that this code requires that upon login you set some session value - in this case its "UniqueUserId". Also change the login page path below to fit yours.
protected void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
//Only access session state if it is available
if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
{
//If we are authenticated AND we dont have a session here.. redirect to login page.
HttpCookie authenticationCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authenticationCookie != null)
{
FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt(authenticationCookie.Value);
if (!authenticationTicket.Expired)
{
if (Session["UniqueUserId"] == null)
{
//This means for some reason the session expired before the authentication ticket. Force a login.
FormsAuthentication.SignOut();
Response.Redirect("Login.aspx", true);
return;
}
}
}
}
}
這篇關(guān)于如何在 ASP.NET 中處理表單身份驗(yàn)證超時(shí)異常?的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!