我正在尝试在服务器上检查身份验证是否超时,之后如果Request.IsAuthenticated = false我想将Redirect用户重定向到LoGon页面.但即使身份验证时间过期,它总是给我Request.IsAuthenticated = true,但是当应用程序第一次启动时,所有权限Request.IsAuthenticated = false.
我无法检查会话超时,因为主页永久地从服务器获取数据,我认为会话永远不会超时.
在WebConfig中:
<code>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="1" />
</authentication>
</code>
在服务器上:
<code>
public class CheckAuthorizeAndSessionAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext ctx = HttpContext.Current;
// check if session is supported
if (ctx.Request.IsAuthenticated)
{
if (ctx.Session != null)
{
// check if a new session id was generated
if (ctx.Session.IsNewSession)
{
// If it says it is a new session,but an existing cookie exists,then it must
// have timed out
string sessionCookie = ctx.Request.Headers["Cookie"];
if (null != sessionCookie)
{
FormsAuthentication.SignOut();
//const string loginUrl = System.Web.Security.FormsAuthentication.LoginUrl;// Url.Action("LogOn","Account");
//var rr = new RedirectResult(loginUrl);
//filterContext.Result = rr;
String url = FormsAuthentication.LoginUrl;
filterContext.Result = new RedirectResult(url);
}
}
}
}
else
{
ctx.Response.Redirect(@"~/Account/LogOn");
//ctx.Response.StatusCode = 302;
}
base.OnActionExecuting(filterContext);
}
}
</code>
在客户端
<code>
$(document).ready(function () {
//DELETE
$("#ModifyBlock a").live("click",function () {
var urlForGet = '';
var urlAction = '';
if ($(this).attr("id") == 'Delete') {
urlForGet = '@Url.Action("Delete","Product")';
urlAction = '@Url.Action("Delete","Product",new { id = "idClient",lockType = "typeLockClient" })';
}
if ($(this).attr("id") == 'Edit') {
urlForGet = '@Url.Action("Edit","Product")';
urlAction = '@Url.Action("Edit",lockType = "typeLockClient" })';
}
if ($(this).attr("id") == 'Detail') {
urlForGet = '@Url.Action("Detail","Product")';
urlAction = '@Url.Action("Detail",lockType = "typeLockClient" })';
}
$.ajax({
url: urlForGet,type: 'GET',data: { id: $(this).attr("alt"),lockType: $("#SelTypesLock").attr("value") },dataType: 'json',proccessData: false,contentType: 'application/json; charset=utf-8',statusCode: {
200: function (data) {
alert('200: Authenticated');
},401: function (data) {
alert('401: Unauthenticated');
},550: function (data) {
alert('550: Unauthenticated');
$("#ErrorMesage").text(xhr.responseText);
},660: function (data) {
alert('660: Redirect to Error View');
window.location.href = '@Url.Action("Error","Product")';
}
},success: function (data) {
url = urlAction;
url = url.replace("idClient",data.Id);
url = url.replace("typeLockClient",$("#SelTypesLock").attr("value"));
window.location.href = url;
},error: function (xmlHttpRequest,status,err) {
$("#ErrorMesage").text(xmlHttpRequest.responseText);
}
});
});
</code>`enter code here
解决方法
您可能将滑动过期参数设置为true.这样做是为了测量web.config中针对参数的最后一次请求的时间.
如果您的参数是1分钟,并且您进行了30秒的Ajax调用,那么您将永远不会被取消身份验证.尝试关闭滑动过期并应该工作
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。