堆栈内存溢出
  简体   繁体   English

ASP.Net; 使用基本身份验证时如何忽略或删除表单身份验证cookie?

[英]ASP.Net; How to ignore or remove the Forms Authentication cookie when using Basic Authentication?

 原文  2015-12-22 14:37:34       asp.net/ cookies/ forms-authentication/ basic-authentication

问题描述

I have a web forms asp.net website, and I am trying to bolt on an API. 我有一个Web表单asp.net网站,并且正在尝试使用API​​。 I have managed to add some code in Global.ASAX Application_AuthenticateRequest() to spot URL's starting with API, such that API requests correctly route to Web API 2 controllers. 我设法在Global.ASAX Application_AuthenticateRequest()中添加了一些代码,以发现以API开头的URL,从而使API请求正确地路由到Web API 2控制器。

I create a security principal in Application_AuthenticateRequest(), and I use [Authorize] attribute to block unauthenticated access to the API classes. 我在Application_AuthenticateRequest()中创建了一个安全主体,并使用[Authorize]属性来阻止对API类的未经身份验证的访问。

I think a cookie is still being used though. 我认为虽然仍在使用cookie。 Once I have authenticated one API request, via the browser challenge, I am not challenged again. 通过浏览器质询对一个API请求进行身份验证后,就不会再受到质询了。 I have to close the browser to force the browser to drop the cookie, and only on a new instance of the browser do I get a challange. 我必须关闭浏览器以强制浏览器删除cookie,并且只有在浏览器的新实例上,我才会遇到挑战。

It is not a big problem, but it is something that I should know about and be able to control. 这不是一个大问题,但这是我应该了解并能够控制的事情。 I am aware that this has only come about because I am using Forms Auth by default, because this started as a forms project, and is mutating into forms+basic. 我知道这只是因为我默认情况下使用Forms Auth,因为这是从Forms项目开始的,并且正在转变为Forms + Basic。

How can I get the basic authentication flow going so that the forms cookie details are (conditionally) removed, or ignored? 如何获得基本的身份验证流程,以便(有条件地)删除或忽略表单cookie的详细信息?

IDE is VisualStudio 2015 Community, project is ASP.Net + WebAPI2, targetting .Net 4.6.1, running under IIS 7.5, on Win Server 2008 R2 IDE是VisualStudio 2015社区,项目是ASP.Net + WebAPI2,目标是.Net 4.6.1,在Win Server 2008 R2上的IIS 7.5下运行

1 个解决方案

解决方案1
 0  2016-01-21 07:37:59

The easiest way to do that is through authentication.form.timeout in web.config. 最简单的方法是通过web.config中的authentication.form.timeout。 you can set a small value to expire the cookie. 您可以设置一个较小的值来使cookie过期。 Otherwise, you have to implement your authentication filter. 否则,您必须实现身份验证过滤器。 This article should be helpful. 本文应该会有所帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 缺少ASP.NET表单身份验证Cookie - Missing asp.net forms authentication cookie ASP.NET表单身份验证Cookie - ASP.NET Forms Authentication Cookie 在表单身份验证中使用ASP.Net Identity 2 cookie - Using ASP.Net Identity 2 cookie in forms authentication 如何同步表单身份验证cookie和Asp.Net Session的生命周期? - How to synchronize lifetime of forms authentication cookie and Asp.Net Session? asp.net中的基本表单身份验证有多安全? - How secure is basic forms authentication in asp.net? 在 ASP.NET Web Forms 中使用 OpenId Connect 时的身份验证 Cookie 超时 - Authentication Cookie Timeout when using OpenId Connect in ASP.NET Web Forms ASP.NET Forms身份验证和持久身份验证Cookie安全性 - ASP.NET Forms Authentication and Persistent Authentication Cookie Security 使用表单身份验证时ASP.NET MVC 3错误 - ASP.NET MVC 3 error when using forms authentication 使用iPhone UIWebView时的Asp.Net Forms身份验证 - Asp.Net Forms Authentication when using iPhone UIWebView 使用ASP.NET表单身份验证和PostgreSQL - Using ASP.NET Forms Authentication and PostgreSQL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM