【发布时间】:2011-05-28 07:12:03
【问题描述】:
我正在根据我之前的问题和答案here 实施身份验证超时检测机制。我已经实现了一个 HTTP 模块,它使用 AuthenticateRequest 事件来运行代码来捕获身份验证期限是否已过期。执行此操作的代码如下:
public class AuthenticationModule : IHttpModule
{
#region IHttpModule Members
void IHttpModule.Dispose() { }
void IHttpModule.Init(HttpApplication application)
{
application.AuthenticateRequest += new EventHandler(this.context_AuthenticateRequest);
}
#endregion
/// <summary>
/// Inspect the auth request...
/// </summary>
/// <remarks>See "How To Implement IPrincipal" in MSDN</remarks>
private void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication a = (HttpApplication)sender;
HttpContext context = a.Context;
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = context.Request.Cookies[cookieName]; // no longer a forms cookie in this array once timeout has expired
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
DateTime expirationTime = authTicket.Expiration;
// check if previously authenticated session is now dead
if (authTicket != null && authTicket.Expired)
{
// send them a Response indicating that they've expired.
}
}
}
}
问题是,一旦身份验证期到期(我将其设置为 1 分钟进行测试),就不再有表单 cookie(请参阅代码中的注释)。这意味着身份验证 cookie 将为空,并且我不会通过代码中的空检查。但是 FormsAuthenticationTicket 有一个方便的“过期”属性,我觉得我应该检查一下期限是否过期。但是,如果 cookie 不再存在,我怎么能走得那么远呢?如果不再有表单 cookie,假设身份验证期已过期是否合理?
对此的任何帮助将不胜感激。
【问题讨论】:
标签: asp.net timeout forms-authentication