110,535
社区成员
发帖
与我相关
我的任务
分享请教下asp.net forms身份验证FormsAuthenticationTicket问题
首先后台代码就这些使用了 forms身份验证
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
Response.Redirect("admin/Default.aspx");
}
protected void Button1_Click(object sender, EventArgs e)
{
string UserName = TextBox1.Text;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.MaxValue, true, "", FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName, true));
}
配置文件
<authentication mode="Forms">
<forms name="aspnet" loginUrl="Login.aspx" defaultUrl="admin/AdminDefault.aspx" timeout="30"></forms>
</authentication>
30分钟超时。
但FormsAuthenticationTicket 的isPersistent已经为true了。就是说超时的话就按照DateTime.MaxValue了。但是翻了下cookies它写的是会话结束失效。怎么会这样。。
还有。。之前是用FormsAuthentication.RedirectFromLoginPage(strUserName, Ckbset.Checked);的
RedirectFromLoginPage的第2个参数true是永久或者50年吗?为什么true了它只是按照配置文件里面30分钟。false的话更惨直接又是会话结束时失效救命啊~~~
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
Response.Redirect("admin/Default.aspx");
}
protected void Button1_Click(object sender, EventArgs e)
{
string UserName = TextBox1.Text;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.MaxValue, true, "", FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName, true));
}
配置文件
<authentication mode="Forms">
<forms name="aspnet" loginUrl="Login.aspx" defaultUrl="admin/AdminDefault.aspx" timeout="30"></forms>
</authentication>
30分钟超时。
但FormsAuthenticationTicket 的isPersistent已经为true了。就是说超时的话就按照DateTime.MaxValue了。但是翻了下cookies它写的是会话结束失效。怎么会这样。。
还有。。之前是用FormsAuthentication.RedirectFromLoginPage(strUserName, Ckbset.Checked);的
RedirectFromLoginPage的第2个参数true是永久或者50年吗?为什么true了它只是按照配置文件里面30分钟。false的话更惨直接又是会话结束时失效救命啊~~~
...全文
请发表友善的回复…
发表回复
canyangruxie 2012-08-07
- 打赏
- 举报
不好意思,说错了,问题在你的这一句:Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
你没有为HttpCookie设置expires,默认就是会话cookie!
你没有为HttpCookie设置expires,默认就是会话cookie!
canyangruxie 2012-08-07
- 打赏
- 举报
private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
Initialize();
if (userName == null)
{
userName = string.Empty;
}
if ((strCookiePath == null) || (strCookiePath.Length < 1))
{
strCookiePath = FormsCookiePath;
}
DateTime utcNow = DateTime.UtcNow;
DateTime expirationUtc = utcNow.AddMinutes((double) _Timeout);
FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
string str = Encrypt(ticket, hexEncodedTicket);
if ((str == null) || (str.Length < 1))
{
throw new HttpException(SR.GetString("Unable_to_encrypt_cookie_ticket"));
}
HttpCookie cookie = new HttpCookie(FormsCookieName, str) {
HttpOnly = true,
Path = strCookiePath,
Secure = _RequireSSL
};
if (_CookieDomain != null)
{
cookie.Domain = _CookieDomain;
}
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
return cookie;
}
以上是.net源码,一看就明白了,请看这句:
DateTime expirationUtc = utcNow.AddMinutes((double) _Timeout);
FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
虽然你给ticket设置为MaxValue,但最终用的还是Timeout设置的时间。
这只能说明微软的东西做得并不好,概念混淆,穆棱两可!
canyangruxie 2012-08-07
- 打赏
- 举报
private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
Initialize();
if (userName == null)
{
userName = string.Empty;
}
if ((strCookiePath == null) || (strCookiePath.Length < 1))
{
strCookiePath = FormsCookiePath;
}
DateTime utcNow = DateTime.UtcNow;
DateTime expirationUtc = utcNow.AddMinutes((double) _Timeout);
FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
string str = Encrypt(ticket, hexEncodedTicket);
if ((str == null) || (str.Length < 1))
{
throw new HttpException(SR.GetString("Unable_to_encrypt_cookie_ticket"));
}
HttpCookie cookie = new HttpCookie(FormsCookieName, str) {
HttpOnly = true,
Path = strCookiePath,
Secure = _RequireSSL
};
if (_CookieDomain != null)
{
cookie.Domain = _CookieDomain;
}
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
return cookie;
}
以上是用reflector显示的.net源码,一看就明白了!
