如何在ASP.NET Forms身份验证中针对SQL数据库仔细检查用户凭据
[英]How to double-check user credentials against SQL database in ASP.NET Forms Authentication
问题描述
I'm setting up Forms Authentication for the first time. 
我是第一次设置表单身份验证。 I am validating the username and password(hashed) against a local SQL database. 我正在针对本地SQL数据库验证用户名和密码(已散列)。 All of this is working fine in my logon.aspx file in a ValidateUser() function. 所有这些在ValidateUser()函数中的logon.aspx文件中都可以正常工作。
I am also allowing the logon criteria to be persistent so the user does not have to re-enter their credentials when they return to the page. 我还允许登录条件保持不变,以便用户在返回页面时不必重新输入其凭据。
The problem is, when the previously logged in user returns to my site and the cookie/ticket is used my ValidateUser() function is not called, SO... if I have deactivated the user or changed the user's password the user still gets logged in. 问题是,当以前登录的用户返回到我的站点并且使用了cookie /票证时,我的ValidateUser()函数没有被调用,所以...如果我停用了用户或更改了用户的密码,该用户仍然会被登录在。
I've considered doing this in Application_AuthorizeRequest or Application_PostAuthorizeRequest in Global.asax, but I would also like to set some session variables at the time I re-verify the credentials against the database and the session is not yet created when these are called for the first time when a user logs in. 我已经考虑过在Global.asax的Application_AuthorizeRequest或Application_PostAuthorizeRequest中执行此操作,但是我还想在针对数据库重新验证凭据时设置一些会话变量,而当调用这些变量时尚未创建会话用户首次登录。
Any advise would be greatly appreciated. 任何建议将不胜感激。
1 个解决方案
解决方案1
0 2016-07-13 06:50:46
For first time when user authorized at that time create session for that user eg Session["Username"] check session whenever he enters in any page if session is not present redirect him to login page, after that when he log out abandon that session. 首次当用户在那时授权为该用户创建会话时,例如Session["Username"]如果他没有进入会话,只要他进入任何页面,便检查会话,然后将其重定向到登录页面,此后他退出该会话退出。 So whenever he want to access next time he wants to login again. 因此,每当他下次要访问时,他都想再次登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.