在 MVC3 中检查身份验证之前显示主页?
我们使用的客户 MembershipProvider 需要访问 Web 服务来对用户进行身份验证。在 web.config 中设置表单身份验证,然后将其发送至所述提供商。身份验证完成后,我们设置一个自定义 cookie 来存储客户名称、用户全名等。
我们的问题是这样的:当您重新访问站点时(无论是在我们的开发机器上还是用完网站),会话经常超时。 Visual Studio),尽管用户实际上并未经过身份验证,但您仍然会看到默认主页。当您采取不同的操作时,网站会识别出该用户无效并将您返回到登录页面。
我们有一个所有其他控制器派生自的 BaseController 类,并且我们已将 [Authorize] 属性添加到重写的 Execute 方法中,但它似乎不起作用:
[Authorize] protected override void Execute(System.Web.Routing.RequestContext requestContext)
在站点返回登录页面之前显示这一未经身份验证的页面时,我们是否缺少一些简单的东西?
We're using a customer MembershipProvider that needs to go out to a web service to authenticate users. Forms authentication set up in the web.config which then goes to said provider. Once the authentication is complete, we set a custom cookie to store customer name, user full name, etc.
Our problem is this: quite often once the session has timed out when you revisit the site (either on our dev machine or running out of visual studio) you will still see the default home page despite the user not actually being authenticated. The moment you take a different action the site recognizes that the user is invalid and returns you to the login page.
We have a BaseController class that all other Controllers derive from and we've added the [Authorize] attribute to the overridden Execute method, but it doesn't seem to work:
[Authorize]
protected override void Execute(System.Web.Routing.RequestContext requestContext)
Is there something simple we are missing in terms of this one unauthenticated page displaying before the site returns to the login page?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我想到了几件事。
1. 您确定 cookie 在显示主页的同一请求中已过期吗?
2. 您是否使用任何输出缓存?
这是假设您正在会话中使用某些内容(您上面提到了会话)
如果通过会话您仅指表单身份验证,那么这不会有帮助(并请澄清)
请记住,会话超时和表单身份验证超时并不相同,并且以非常不同的方式处理,因此您必须保持它们本质上同步。
在这里查看我的代码:
如何处理 ASP 中的表单身份验证超时异常.NET?
表单身份验证超时仅在一半时间过去后才会更新。会话超时会根据每个请求进行更新,因此两者很容易不同步。
Several things come to mind.
1. Are you certain the cookie has expired on that very same request the home page shows up on?
2. Are you using any output caching?
This is assuming you are using something in the session (you mentioned session above)
If by session you solely mean forms auth, then this won't help (and please clarify)
Remember that the session timeouts and forms authentication timeouts ARE NOT the same and are handled in a very different manner so you must keep them syncd essentially.
Check out my code here:
How can I handle forms authentication timeout exceptions in ASP.NET?
Forms auth timeouts are updated only once half the time has passed. Session timeouts are updated upon every request so the two easily get out of sync.
出于兴趣,如果您在 Global.asax 中包含类似的内容会发生什么?
我认为
[Authorize]
也在控制器方法上,是吗?Out of interest, what happens if you include something like this in the
Global.asax
?And I presume the
[Authorize]
is on the controller methods too is it?