我有一个网站,这是建立在SQL3.5和SQL Server2005,使用ASP.NET成员资格提供程序,并假设形式身份验证。
由于我的站点上的安全需求非常低,我想进行一次身份验证,然后无限期地保持登录(而不给用户选择)。
发生的情况是,用户登录,在会话期间保持登录状态,然后在下一次到达时,他们将被注销。
如何使登录持久化?
以下是技术细节,我已经尝试了许多不同的持续时间。
Try
If Membership.ValidateUser(UserName.Text, Password.Text) Then
Security.UserManager.AuthenticateUser(UserName.Text)
If FormsAuthentication.GetRedirectUrl(UserName.Text, False) = "/default.aspx" Then
Try
'Custom Logic'
Catch Ex As Exception
'Custom Error handling'
End Try
Else
FormsAuthentication.RedirectFromLoginPage(UserName.Text, True)
End If
End If
Catch ex As Exception
RaiseEvent ExceptionThrown(New ApplicationException("An error occurred trying to log the user in after account creation.", ex))
End Try
Public Shared Sub AuthenticateUser(ByVal Username As String)
Dim Expiration As DateTime = DateTime.Now.AddMonths(3)
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(Username, True, Expiration.Subtract(Expiration).TotalMinutes)
Dim EncryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
Dim AuthCookie As New HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)
AuthCookie.Expires = Expiration
HttpContext.Current.Response.Cookies.Add(AuthCookie)
End Sub
Web配置:
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="GlobalConnString"
applicationName="/"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
/>
</providers>
</membership>
<authentication mode="Forms">
<forms timeout="1439200" name="SITENAME" loginUrl="/login.aspx" />
</authentication>
编辑:以下是客户端存储的cookie信息:
Name ASP.NET_SessionId
Value r4dz1555f1pdne45n1zrlkmg
Host SITEADDRESS.com
Path /
Secure No
Expires At End Of Session
Name .ASPXAUTH
Value 648767AC72A60DBA49650A361A2FA446BA992F792055EF5B488CADC95DF495315C1C577F1C8E67E67BD937A7AB6CC5DAED85D8D64E4ED7867FC0FC395F48FED7FB631033CE441DE85223E8B3EBAE616C
Host www.SITEADDRESS.com
Path /
Secure No
Expires Tue, 09 Jun 2009 17:51:31 GMT
Name ASP.NET_SessionId
Value gn5pcymhfsnua455yp45wpej
Host www.SITEADDRESS.com
Path /
Secure No
Expires At End Of Session
Name SITENAME
Value 9610E8515F3DBC088DAC286E1F44311A20CB2BBB57C97F906F49BC878A6C6AC0B9011777402AEA130DCDC521EF4FBB3393DB310083F72EB502AE971183306C24F07F696B3695C67DD73166F1653DF52B
Host www.SITEADDRESS.com
Path /
Secure No
Expires Tue, 20 Dec 2011 06:14:10 GMT
发布于 2009-03-26 10:23:38
我认为您最好使用FormsAuthentication.SetAuthCookie
方法,而不是自己编写大量代码。
我认为您在web.config中的成员资格提供程序设置可能与您在代码中提供的设置冲突,而且您没有提供cookie名称。
尝试以下操作:
if (Membership.ValidateUser(userName, password))
{
FormsAuthentication.SetAuthCookie(userName, true); //Creates a cookie named "XXXAuth" - see settings in web.config below
}
与web.config中的以下设置配合使用:
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/SignIn.aspx" name="XXXAuth" slidingExpiration="true" timeout="432000"/>
</authentication>
<membership defaultProvider="XXXMembershipProvider">
<providers>
<clear />
<add name="XXXMembershipProvider" type="System.Web.Security.SqlMembershipProvider" applicationName="XXX" connectionStringName="XXX" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
如果您真的想创建一个不确定的登录周期,只需将身份验证块中的"timeout“值更改为更长的值即可。我相信432000 =5天。
如果您希望您的用户能够显式注销,只需调用以下方法来响应按钮单击(或其他任何操作):
FormsAuthentication.SignOut();
希望这能有所帮助。
https://stackoverflow.com/questions/682788
复制相似问题