在 MVC3 中检查身份验证之前显示主页?

发布于 2024-12-16 16:00:37 字数 508 浏览 0 评论 0原文

我们使用的客户 MembershipProvider 需要访问 Web 服务来对用户进行身份验证。在 web.config 中设置表单身份验证,然后将其发送至所述提供商。身份验证完成后,我们设置一个自定义 cookie 来存储客户名称、用户全名等。

我们的问题是这样的:当您重新访问站点时(无论是在我们的开发机器上还是用完网站),会话经常超时。 Visual Studio),尽管用户实际上并未经过身份验证,但您仍然会看到默认主页。当您采取不同的操作时,网站会识别出该用户无效并将您返回到登录页面。

我们有一个所有其他控制器派生自的 BaseController 类,并且我们已将 [Authorize] 属性添加到重写的 Execute 方法中,但它似乎不起作用:

[Authorize] protected override void Execute(System.Web.Routing.RequestContext requestContext)

在站点返回登录页面之前显示这一未经身份验证的页面时,我们是否缺少一些简单的东西?

We're using a customer MembershipProvider that needs to go out to a web service to authenticate users. Forms authentication set up in the web.config which then goes to said provider. Once the authentication is complete, we set a custom cookie to store customer name, user full name, etc.

Our problem is this: quite often once the session has timed out when you revisit the site (either on our dev machine or running out of visual studio) you will still see the default home page despite the user not actually being authenticated. The moment you take a different action the site recognizes that the user is invalid and returns you to the login page.

We have a BaseController class that all other Controllers derive from and we've added the [Authorize] attribute to the overridden Execute method, but it doesn't seem to work:

[Authorize]
protected override void Execute(System.Web.Routing.RequestContext requestContext)

Is there something simple we are missing in terms of this one unauthenticated page displaying before the site returns to the login page?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

身边 2024-12-23 16:00:37

我想到了几件事。
1. 您确定 cookie 在显示主页的同一请求中已过期吗?
2. 您是否使用任何输出缓存?

  1. 这里值得怀疑,但除非这里缺少一些信息,否则将其扔掉:
    这是假设您正在会话中使用某些内容(您上面提到了会话)
    如果通过会话您仅指表单身份验证,那么这不会有帮助(并请澄清)

请记住,会话超时和表单身份验证超时并不相同,并且以非常不同的方式处理,因此您必须保持它们本质上同步。

在这里查看我的代码:
如何处理 ASP 中的表单身份验证超时异常.NET?

表单身份验证超时仅在一半时间过去后才会更新。会话超时会根据每个请求进行更新,因此两者很容易不同步。

Several things come to mind.
1. Are you certain the cookie has expired on that very same request the home page shows up on?
2. Are you using any output caching?

  1. Doubtful here but throwing it out unless there is some missing info here:
    This is assuming you are using something in the session (you mentioned session above)
    If by session you solely mean forms auth, then this won't help (and please clarify)

Remember that the session timeouts and forms authentication timeouts ARE NOT the same and are handled in a very different manner so you must keep them syncd essentially.

Check out my code here:
How can I handle forms authentication timeout exceptions in ASP.NET?

Forms auth timeouts are updated only once half the time has passed. Session timeouts are updated upon every request so the two easily get out of sync.

ぃ双果 2024-12-23 16:00:37

出于兴趣,如果您在 Global.asax 中包含类似的内容会发生什么?

protected void Session_Start(Object sender, EventArgs e)
{
        if (User.Identity.IsAuthenticated)
        {
                FormsAuthentication.SignOut();
                Response.Redirect("~/SessionEnd.aspx");
        }
}

我认为 [Authorize] 也在控制器方法上,是吗?

Out of interest, what happens if you include something like this in the Global.asax?

protected void Session_Start(Object sender, EventArgs e)
{
        if (User.Identity.IsAuthenticated)
        {
                FormsAuthentication.SignOut();
                Response.Redirect("~/SessionEnd.aspx");
        }
}

And I presume the [Authorize] is on the controller methods too is it?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文