FormsAuthentication.RedirectToLoginPage()什么都不做
[英]FormsAuthentication.RedirectToLoginPage() does nothing
问题描述
I have the following problem: republishing ASP.NET web app causes (as expected) session resetting where I keep additional user info (what on access attempt will cause NullReferenceException). 
我遇到以下问题:重新发布ASP.NET Web应用导致(如预期的那样)会话重置,其中我保留了其他用户信息(尝试进行任何访问都会导致NullReferenceException)。
To avoid that, my page checks this info existence and in case of null redirects user to the login page (forms auth), so I'm calling: 为了避免这种情况,我的页面检查了此信息的存在,如果为null,则将用户重定向到登录页面(窗体auth),所以我在打电话:
void LogOut()
{
Session.Clear();
Session.Abandon();
User = null;
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage()
}
But sometimes it doesn't help, so I found a workaround: 但有时它无济于事,所以我找到了一种解决方法:
Response.Redirect(FormsAuthentication.LoginUrl);
but it doesn't add returnUrl, what I wish it were (I don't want to emulate this behavior manually). 但它并没有添加returnUrl,而是我希望的样子(我不想手动模拟此行为)。
So want to figure out why does the first way doesn't work as expected. 因此,想弄清楚为什么第一种方法无法按预期工作。
2 个解决方案
解决方案1
5 已采纳 2011-12-11 13:28:59
您是否尝试过在FormsAuthentication.RedirectToLoginPage()之后调用Response.End() FormsAuthentication.RedirectToLoginPage() ?
解决方案2
1 2011-12-11 09:16:53
I have the following problem: republishing ASP.NET web app causes (as expected) session resetting where I keep additional user info (what on access attempt will cause NullReferenceException).
But sometimes it doesn't help
I'm not sure what you mean by "sometimes it doesn't help" - you don't say what exactly happens. 我不确定您所说的“有时无济于事”的意思-您不会说到底会发生什么。
But you should remember that expiration of a Forms Authentication ticket and expiration of a Session timeout are completely independent. 但是您应该记住,表单身份验证票证的到期和会话超时的到期是完全独立的。 A user's session can timeout while his Forms Authentication ticket is still valid and vice versa. 当用户的表单身份验证票证仍然有效时,其会话可能会超时,反之亦然。
In general, when accessing data from Session, you should always test for existence first, and refresh it if necessary: 通常,从Session访问数据时,应始终先测试是否存在,并在必要时刷新它:
object o = Session["Whatever"];
if (o == null)
{
o = ... refresh it e.g. from the database
Session["Whatever"] = o;
}
...
Often it's useful to use a helper class to encapsulate this. 通常使用辅助类来封装它是有用的。
In your case you refer to "additional user info" - so you'll probably be able to retrieve this using HttpContext.Current.User.Identity.Name as a key. 在您的情况下,您引用的是“其他用户信息”-因此您可以使用HttpContext.Current.User.Identity.Name作为键来检索此信息。
Forcing a user to log in again because a Session has expired, eg because of an Application Pool recycle on the server, is very unfriendly. 由于会话过期(例如,由于服务器上的应用程序池回收)而迫使用户再次登录非常不友好。
UPDATE 更新
The MSDN documentation for RedirectToLoginPage states that: Mdirect RedirectToLoginPage文档指出:
Unlike the HttpResponse.Redirect method, this method does not end the request by calling HttpResponse.End.
This probably explains what you're seeing: code in the Page life cycle after your call to RedirectToLoginPage is running, and throwing a NullReferenceException . 这可能可以解释您所看到的内容:在对RedirectToLoginPage的调用运行之后,页面生命周期中的代码正在运行,并抛出NullReferenceException 。
You could call Response.End after RedirectToLoginPage to avoid this. 您可以在RedirectToLoginPage之后调用Response.End来避免这种情况。
My Session timeout set = Forms auth timeout (via web.config).
I would re-iterate that Session expiry and FormsAuthentication expiry are unrelated, even if the timeouts happen to be the same. 我要重申的是,即使超时恰好是相同的,会话到期和FormsAuthentication到期也不相关。 A FormsAuthentication cookie will survive an application pool recycle on the server; FormsAuthentication cookie将在服务器上的应用程序池回收后继续存在; a Session will not. 一个会话不会。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.