MVC - 识别页面表单身份验证超时

发布于 2024-11-26 22:56:57 字数 489 浏览 4 评论 0原文

我们正在开发 MVC3 应用程序，以便我们的大多数操作方法都是通过 ajax 调用并返回部分视图来调用的。我们遇到了一种情况，需要确定是否从表单身份验证超时调用了操作方法。

public ActionResult LogOn()
{ 
 // I want to return View("LogOn"); if the call is coming from 
 // Form Authentication time out                       
    return PartialView(Model);
}

这是我的 web.config 的样子：

<authentication mode="Forms">
  <forms loginUrl="~/Home/LogOn" timeout="20" />
</authentication>

感谢您的输入。

原文

we are developing MVC3 application such that most of our action methods are called via ajax calls and return partialviews. we come across a situation where we need to identify if the action method is called from Form Authentication time out.

public ActionResult LogOn()
{ 
 // I want to return View("LogOn"); if the call is coming from 
 // Form Authentication time out                       
    return PartialView(Model);
}

here is my web.config looks like:

<authentication mode="Forms">
  <forms loginUrl="~/Home/LogOn" timeout="20" />
</authentication>

Appreciate your input.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

李白 2024-12-03 22:56:57

如果身份验证 cookie 超时，您的操作将永远不会被执行。表单身份验证模块直接重定向到登录页面。您从客户端脚本中检测这种情况的一种可能性是在服务于该登录页面的控制器操作中设置自定义 HTTP 标头：

public ActionResult LogOn()
{
    var model = ...
    Response.AppendHeader("X-LOGON", "true");
    return View(model);
}

然后在执行 AJAX 请求时，您可以使用 getResponseHeader< XHR 对象上的 /code> 方法，以验证是否设置了 X-LOGON 标头，这意味着服务器重定向到登录页面。在这种情况下，在成功的 AJAX 处理程序中，您可以显示一些警报消息，通知用户他的身份验证会话已超时并且需要再次登录，而不是简单地将服务器响应注入到 DOM 中或依赖返回的 JSON。另一种可能性是使用 window.location.href 方法自动将他重定向到登录页面：

$.ajax({
    url: '/home/some_protected_action',
    success: function (data, textStatus, XMLHttpRequest) {
        if (XMLHttpRequest.getResponseHeader('X-LOGON') === 'true') {
            // the LogOn page was displayed as a result of this request 
            // probably timeout => act accordingly
        }
    }
});

Your action will never be hit if the authentication cookie has timed out. The forms authentication module directly redirects to the logon page. One possibility for you to detect this happening from client scripting is to set a custom HTTP header in the controller action serving this logon page:

public ActionResult LogOn()
{
    var model = ...
    Response.AppendHeader("X-LOGON", "true");
    return View(model);
}

and then when performing your AJAX request you could use the getResponseHeader method on the XHR object in order to verify if the X-LOGON header was set meaning that the server redirected to the logon page. In this case in your success AJAX handler instead of simply injecting the server response into the DOM or relying on the returned JSON you could show some alert message informing the user that his authentication session has timed out and he needs to login again. Another possibility is to automatically redirect him to the logon page using the window.location.href method:

$.ajax({
    url: '/home/some_protected_action',
    success: function (data, textStatus, XMLHttpRequest) {
        if (XMLHttpRequest.getResponseHeader('X-LOGON') === 'true') {
            // the LogOn page was displayed as a result of this request 
            // probably timeout => act accordingly
        }
    }
});

回复收藏 0 原文