永久登录mvc.net
[英]Permanent login in mvc.net
问题描述
I am working on permanent login in MVC.net application, i have tried using IsPersistent = true in FormAuthantication, but if i restart iis then it logs out the uses below is the code which is responsible for loging in. 
我正在MVC.net应用程序中进行永久登录,我曾尝试在FormAuthantication中使用IsPersistent = true,但是如果我重新启动iis,则它注销了以下用于登录的代码。
public void SetLoginData(UserLoginInfo userLoginInfo)
{
HttpContext .Current.Session[SessionUserEmailIdKey] = userLoginInfo.Email;
HttpContext.Current.Session[SessionWelcomeNameKey] = userLoginInfo.FirstName;
HttpContext.Current.Session[SessionWelcomeRegistrationIdKey] = userLoginInfo.RegistrationId;
HttpContext.Current.Session[SessionLoginInfoKey] = userLoginInfo;
const bool isPersistent = true;
const string userData = "user";
var ticket = new FormsAuthenticationTicket(1,
userLoginInfo.RegistrationId.ToString(
CultureInfo.InvariantCulture),
DateTime.UtcNow,
DateTime.UtcNow.AddMinutes(180),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
string encTicket = FormsAuthentication.Encrypt(ticket);
HttpContext.Current.Request.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
HttpContext.Current.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
}
please tell me how can i implement login so that even though app restarts, users will not e logged out. 请告诉我如何实现登录,以便即使应用程序重新启动,用户也不会注销。
1 个解决方案
解决方案1
4 已采纳 2014-01-08 15:35:18
In order to create perpetual logins, you will need to make sure two things are in place (since you are using FormsAuthentication). 为了创建永久登录,您将需要确保两件事到位(因为您使用的是FormsAuthentication)。
First - ensure your ticket expiration time is set to sometime way out in the future 首先-确保您的机票到期时间设置为将来的某个时间
= new FormsAuthenticationTicket(1,
userLoginInfo.RegistrationId.ToString(CultureInfo.InvariantCulture),
DateTime.UtcNow,
DateTime.UtcNow.AddYears(20),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
Second (and most likely why users are getting kicked out of the site when you reboot IIS) is to create a machineKey section in your web.config with a static key pair set. 其次(也是最有可能的原因,当您重新启动IIS时,为什么用户会被踢出站点)是在web.config中创建一个带有静态密钥对设置的machineKey部分。 By default, IIS autogenerates a machineKey per app. 默认情况下,IIS为每个应用自动生成一台machineKey。 This is what is used to encrypt/decrypt your forms authentication tickets. 这就是用于加密/解密表单身份验证票证的内容。 If IIS restarts, you will most likely get a new machine key in this instance, which means that the ticket cannot be decrypted.... meaning user has to log in again. 如果IIS重新启动,则在这种情况下您很可能会获得一个新的机器密钥,这意味着该票证无法解密...。这意味着用户必须再次登录。 By creating/defining a static key, you can prevent a key change when IIS recycles. 通过创建/定义静态密钥,可以防止在IIS回收时更改密钥。 Information on setting the machine key can be found on MSDN here . 可以在MSDN上找到有关设置机器密钥的信息。
Lastly, forms authentication has ZERO to do with sessions and session management. 最后,窗体身份验证具有ZERO与会话和会话管理的事情。 They are mutually exclusive and do not impact each other in typical scenarios. 它们是互斥的,并且在典型情况下不会互相影响。 When a user logs in, they are given an encrypted cookie containing the expiration time and user name. 用户登录时,将为他们提供一个加密的cookie,其中包含到期时间和用户名。 This is NOT stored in session, so adjusting session settings will have no impact on user logins. 这不会存储在会话中,因此调整会话设置不会对用户登录产生影响。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.