堆栈内存溢出
  简体   繁体   English

表单身份验证是否记住身份验证?

[英]Does Forms authentication remember authentication?

 原文  2014-05-18 06:56:28       c#/ asp.net/ .net/ forms-authentication

问题描述

preview: In my web.config - I don't use forms authentication. 预览:在我的web.config中-我不使用表单身份验证。 I set forms cookie myself. 我自己设置表单Cookie。

However - Sometimes I see code like this : 但是-有时我看到这样的代码: 

/*1*/   protected void Application_AuthenticateRequest(Object sender, EventArgs e)
/*2*/    {
/*3*/     if (HttpContext.Current.User != null)
/*4*/       {
/*5*/        if (HttpContext.Current.User.Identity.IsAuthenticated)
/*6*/          {
/*7*/              //...
/*8*/              HttpContext.Current.User = ....
/*9*/              //...
/*10*/          }
/*11*/        }
/*12*/   }

Looking at line #5 #5行-

How can it ever be authenticated if line#8 is about to set authentication ? 如果第8行要设置身份验证,如何进行身份验证?

I mean - line #8 is the one who set authentication for that specific request and when the request is finished , there is no "memory" for future requests. 我的意思是,第8行是为该特定请求设置身份验证的行,当请求完成时,将来的请求将没有“内存” ( cookie expiration is merely - for how long to keep the persistent cookie). (Cookie过期只是-保留持久性Cookie多长时间)。

Question

  • In what scenarios would line #5 return true ? 在哪种情况下, #5行会返回true
  • In what scenarios would line #3 would be null ? 在哪种情况下, #3 null

nb , this question assumes that begin_request event is not setting anything , and the only stage where authentication is set is on Application_AuthenticateRequest . 注意,此问题假定begin_request事件未设置任何内容,并且设置身份验证的唯一阶段是在Application_AuthenticateRequest — I don't use membership engine. -我不使用会员引擎。

placeholder : 占位符:

http://msdn.microsoft.com/en-us/library/aa289844(v=vs.71).aspx http://msdn.microsoft.com/en-us/library/aa289844(v=vs.71).aspx

在此处输入图片说明

1 个解决方案

解决方案1
 1 已采纳  2014-05-18 07:09:07

Line #3 can become null if the login cookie expires. 如果登录cookie过期,则第3行可以为空。 Line #5 is true if the user is logged in. 如果用户已登录,则第5行为true。

It can seem like these two methods go hand-in-hand and in fact they do. 似乎这两种方法是相辅相成的,实际上它们确实是相伴的。 It can be easier to check for HttpRequest.IsAuthenticated . 检查HttpRequest.IsAuthenticated会更容易。 For more information see here: 有关更多信息,请参见此处:

asp.net membership IsApproved false but still allowing login asp.net成员身份IsApproved为false,但仍允许登录

And here: 和这里:

http://msdn.microsoft.com/en-us/library/system.web.httprequest.isauthenticated%28loband%29.aspx http://msdn.microsoft.com/en-us/library/system.web.httprequest.isauthenticated%28loband%29.aspx

I do not have an answer to your main question though. 我对您的主要问题没有任何答案。 Sorry. 抱歉。

In addition to my comment below you may find this link helps explain the abilities of adding roles to existing principles. 除了下面我的评论之外,您可能还会发现此链接有助于说明将角色添加到现有原则中的能力。 http://msdn.microsoft.com/en-us/library/vstudio/5k850zwb%28v=vs.100%29.aspx http://msdn.microsoft.com/en-us/library/vstudio/5k850zwb%28v=vs.100%29.aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET Forms身份验证 - 记住我的问题 - ASP.NET Forms Authentication - Remember Me issue 表单身份验证不会重定向到defaultUrl - Forms authentication does not redirect to defaultUrl 记住通过Web请求进行身份验证 - Remember authentication with web request Windows身份验证+表单身份验证 - Windows authentication + Forms authentication Windows身份验证和表单身份验证 - Windows Authentication and Forms Authentication 表单身份验证 - Forms Authentication MVC中的表单身份验证是否可以在移动浏览器中工作 - Does Forms Authentication in MVC work in a Mobile Browser .Net Forms身份验证是否需要会话? - Does .Net Forms Authentication Require Session? 表单身份验证和身份验证Cookie不持久 - Forms Authentication and authentication cookie not persisting 结合表单身份验证和基本身份验证 - Combining Forms Authentication and Basic Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM