堆栈内存溢出
  简体   繁体   English

为什么用户注销后页面上会启动authenticateRequest?

[英]why does authenticateRequest fire on a page when user is logged out?

 原文  2009-05-11 20:40:34       asp.net/ authentication/ global-asax

问题描述

My goal is to write a cookie when the user authenticates. 我的目标是在用户进行身份验证时编写一个cookie。 We are using a crappy framework that hides its source code and event model so when I use their login control I can't set a session timeout on it! 我们正在使用隐藏其源代码和事件模型的糟糕框架,因此当我使用其登录控件时,无法对其设置会话超时!

Anyhow, I am trying to write a cookie when the user is logged in, and then refresh the cookie expire time on subsequent page views (sliding expiration). 无论如何,我试图在用户登录时编写一个cookie,然后在后续的页面视图(滑动过期)上刷新cookie过期时间。

So I figured I could initially create the cookie during Application_AuthenticateRequest in teh global.asax but that seems to be firing even when the user hasn't signed in yet. 因此,我认为我可以最初在global.asax中的Application_AuthenticateRequest期间创建cookie,但是即使用户尚未登录,这似乎也正在触发。

Is that suppose to be the case? 是这样吗?

2 个解决方案

解决方案1
 0  2009-05-11 20:49:50

Yes. 是。 The Application_AuthenticateRequest will occur everytime a request hits the website. 每当请求访问网站时,都会发生Application_AuthenticateRequest。 The AuthenticateRequest as well as doing the authentication will also check and return if Authorisation is to happen for the page. AuthenticateRequest以及进行身份验证还将检查并返回该页面是否要进行授权。 Some pages need to be excluded from authentication and authorisation checks, such as the login page. 某些页面需要从身份验证和授权检查中排除,例如登录页面。

For your situation you should also check the page and exclude those that are involved in the login sequence. 根据您的情况,您还应该检查页面并排除登录序列中涉及的页面。

解决方案2
 0  2009-05-11 21:50:03

The Application_AuthenticateRequest fires on each request, but if you are using forms authentication and the user haven't logged in yet, you will find that the User property of the HttpContext (accessed through this.User in the global application class file) evaluates to null, while it will evaluate to an IPrincipal object if the user is logged in. Application_AuthenticateRequest在每个请求上触发,但是如果您使用表单身份验证并且用户尚未登录,则将发现HttpContext的User属性(通过全局应用程序类文件中的this.User访问)评估为null ,但如果用户登录,它将评估为IPrincipal对象。

So you can do something like this: 因此,您可以执行以下操作: 

Private Sub Application_AuthenticateRequest(ByVal pObjSender As Object, ByVal pEaDummy As EventArgs)
    If Me.User IsNot Nothing AndAlso Me.User.Identity.IsAuthenticated Then
        If Me.Request.Cookies("authCookieName") Is Nothing Then
            ' Create cookie
        Else
            ' Update cookie
        End If
    End If
End Sub

where authCookieName is the cookie name. 其中authCookieName是cookie名称。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Page.GetRouteUrl时,application_authenticaterequest不触发 - application_authenticaterequest does not fire when using Page.GetRouteUrl AuthenticateRequest完成后,为什么HttpContext.User为null - Why is HttpContext.User null after AuthenticateRequest is complete 用户注销时的AJAX请求 - AJAX Requests when User is logged out 为什么我的视图在登录并重新打开页面时会呈现登录页面? - Why does my view render the login page when logged in and re-opening my page? 将Web用户控件添加到页面时,asp按钮onclick不会触发 - Asp button onclick does not fire when web user control is added to the page 用户登录时,LoginStatus无法识别 - LoginStatus does not recognise when a user is logged in 当用户使用ASP.net MVC注销时收到通知 - notified when a user becomes logged out with an ASP.net MVC 用户注销时的ASP.NET MVC显示消息 - ASP.NET MVC Display message when user is logged out 阻止用户注销后提交AJAX请求…? - Prevent submitting AJAX requests when user has logged out…? 为什么UserControl Page_PreInit事件不触发? - Why UserControl Page_PreInit event does not fire?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM