ASP.NET 成员资格保持身份验证问题

发布于 2024-07-13 12:31:56 字数 837 浏览 4 评论 0原文

因此，我的应用程序很奇怪，因为当您登录时，您将保持登录状态一两页，然后就迷路了。我的设置是这样的：

 <authentication mode="Forms">    
     <forms name=".ASPXFORMSAUTH"  timeout="20"/>
  </authentication>

 <authorization>
<allow users="*" />
</authorization>
 <membership defaultProvider="MySqlConnection" userIsOnlineTimeWindow="45">
 <providers>
    <clear />
    <add name="MySqlConnection" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MySqlConnection" 
applicationName="HQChannel" 
enablePasswordRetrieval="true" 
enablePasswordReset="true"
requiresQuestionAndAnswer="false" 
requiresUniqueEmail="true" 
passwordFormat="Hashed" 
minRequiredNonalphanumericCharacters="0" 
minRequiredPasswordLength="6" />
 </providers>
 </membership>

感谢您的帮助。

原文

So, my application is being odd in the fact that when you login you will stay logged in for a page or two then get lost. My settings are this:

 <authentication mode="Forms">    
     <forms name=".ASPXFORMSAUTH"  timeout="20"/>
  </authentication>

 <authorization>
<allow users="*" />
</authorization>
 <membership defaultProvider="MySqlConnection" userIsOnlineTimeWindow="45">
 <providers>
    <clear />
    <add name="MySqlConnection" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MySqlConnection" 
applicationName="HQChannel" 
enablePasswordRetrieval="true" 
enablePasswordReset="true"
requiresQuestionAndAnswer="false" 
requiresUniqueEmail="true" 
passwordFormat="Hashed" 
minRequiredNonalphanumericCharacters="0" 
minRequiredPasswordLength="6" />
 </providers>
 </membership>

Thanks for your help.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

你的背包 2024-07-20 12:31:56

这里有两件事对我来说很突出。首先是您允许 * 用户而不是 ? 用户。 * 表示匿名，? 意味着已验证。我会将其更改为以下内容 & 看看这是否有帮助...

<authorization>
   <allow users="?" />
   <deny users="*" />
</authorization>

第二个想法是您想要将 movingExpiration="true" 添加到您的身份验证块中。这将使登录进入滑动窗口 - 因此他们只会在 20 分钟不活动后才会注销......

<forms name=".ASPXFORMSAUTH" timeout="20" slidingExpiration="true" />

2 things stand out for me here. First is that you're allowing * users instead of ? users. * means anonymous, ? means authenticated. I'd change it to the following & see if that helps...

<authorization>
   <allow users="?" />
   <deny users="*" />
</authorization>

2nd thought would be that you'd want to add slidingExpiration="true" to your authentication block. That'll make the login into a sliding window - so they only get logged out after 20 minutes of inactivity...

<forms name=".ASPXFORMSAUTH" timeout="20" slidingExpiration="true" />

回复收藏 0 原文

韵柒 2024-07-20 12:31:56

我还会检查代码，看看表单身份验证票证是否被不同的超时覆盖，如下面的示例所示。

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
   1, // version
   txtEmail.Text, // name
   DateTime.Now, // issueDate
   DateTime.Now.AddMinutes(30), // expiration
   false, // isPersistent
   roles, // userData
   FormsAuthentication.FormsCookiePath // cookiePath
 );

如果这些设置被代码显式覆盖，那么 web.config 设置将无法按预期工作。

I would also check the code and see if the forms authentication ticket is being overridden with a different timeout as in the sample below.

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
   1, // version
   txtEmail.Text, // name
   DateTime.Now, // issueDate
   DateTime.Now.AddMinutes(30), // expiration
   false, // isPersistent
   roles, // userData
   FormsAuthentication.FormsCookiePath // cookiePath
 );

If the settings are explicitly overwritten from code then the web.config settings won't work as expected.

回复收藏 0 原文

~没有更多了~