[英]ASP.NET: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied
When a valid user logs into the system and closes the browser without logging out, it occasionally (ie not immediately after but in the next day) prevents the user to login back into the system throwing the following: 当有效用户登录系统并关闭浏览器而不注销时,偶尔(即,不是紧随其后,而是在第二天)它会阻止用户重新登录系统,并抛出以下内容:
Error : 403 - Forbidden: Access is denied. 错误 :403-禁止访问:访问被拒绝。 You do not have permission to view this directory or page using the credentials that you supplied.
您无权使用您提供的凭据查看此目录或页面。
This question refers to the same problem but in his solution, he decided not to use persistent cookies by passing false as a parameter when creating the FormsAuthenticationTicket, which is not the desired solution. 这个问题涉及相同的问题,但是在他的解决方案中,他决定不使用持久性cookie,因为在创建FormsAuthenticationTicket时将false作为参数传递,这不是理想的解决方案。
This is how I am creating the cookie: 这就是我创建Cookie的方式:
private void createCookie(string username, int customerID, bool persist)
{
HttpCookie cookie = FormsAuthentication.GetAuthCookie(username, persist);
cookie.Expires = DateTime.Now.AddHours(12);
var ticket = FormsAuthentication.Decrypt(cookie.Value);
var userData = customerID.ToString();
var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userData);
cookie.Value = FormsAuthentication.Encrypt(newTicket);
Response.Cookies.Add(cookie);
}
Any ideas on how to solve this? 关于如何解决这个问题的任何想法?
When a valid user logs into the system and closes the browser without logging out, it occasionally ( ie not immediately after but in the next day ) prevents the user to login back into the system...
当有效用户登录系统并关闭浏览器而不注销时,偶尔( 即,不是紧接在第二天,而是在第二天 )会阻止用户重新登录系统...
I could be dense but isn't the code working like the way you implemented it? 我可能很密集,但是代码不是像您实现它的方式那样工作吗?
Namely, in createCookie()
: you specify cookie.Expires = DateTime.Now.AddHours(12);
即,在
createCookie()
:指定cookie.Expires = DateTime.Now.AddHours(12);
, which marks the cookie to expire 12 hours after it is issued. ,它会将Cookie标记为在其发出12小时后过期。
In Asp.net 1.0 , if FormsAuthenticationTicket.IsPersistent
is set, the ticket will automatically have a valid duration of 50 years from the time issued. 在Asp.net 1.0中 ,如果设置了
FormsAuthenticationTicket.IsPersistent
,则该票证将自动具有自颁发之日起50年的有效期限。
However in Asp.net 2.0 this is no longer the case. 但是,在Asp.net 2.0中 ,情况不再如此。 If
FormsAuthenticationTicket.IsPersistent
is set to false, the ticket will have a valid duration identical to the Session timeout period. 如果
FormsAuthenticationTicket.IsPersistent
设置为false,则该票证的有效期限与会话超时期限相同。 If FormsAuthenticationTicket.IsPersistent
is set to true, the valid duration will default to the Forms Authentication timeout attribute. 如果
FormsAuthenticationTicket.IsPersistent
设置为true,则有效期限将默认为“表单身份验证超时”属性。 You have the expiration time set to issue time plus 12 hours, so I would expect the ticket to stop working after 12 hours. 您将到期时间设置为要发布的时间加上12个小时,所以我希望票证在12个小时后停止工作。 Assuming you are using Asp.net 2.0+, hopefully this should explain the hehavior your are seeing.
假设您使用的是Asp.net 2.0+,希望这可以解释您所看到的性能。 I would suggest try increasing the expiration time to a longer duration and see if the problem goes away.
我建议尝试将到期时间延长到更长的时间,然后看问题是否消失。
There is no inherent problem with including your own userData in the auth cookie. 将自己的userData包含在auth cookie中没有固有的问题。 In one of our websites we use the asp.net login control, and add the following event listener with much success:
在我们的一个网站中,我们使用asp.net登录控件,并成功添加了以下事件侦听器:
protected void Login1_LoggedIn(object sender, EventArgs e)
{
//... unimportant code left out
//Update the users ticket with custom userInfo object
string userData = userInfo.Id.ToString("N");
HttpCookie cookie = Response.Cookies.Get(FormsAuthentication.FormsCookieName);
FormsAuthenticationTicket oldTicket = FormsAuthentication.Decrypt(cookie.Value);
FormsAuthenticationTicket newTicket =
new FormsAuthenticationTicket(
oldTicket.Version,
oldTicket.Name,
oldTicket.IssueDate,
oldTicket.Expiration,
oldTicket.IsPersistent,
userData,
oldTicket.CookiePath);
cookie.Value = FormsAuthentication.Encrypt(newTicket);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.