1. 首頁
  2. 問答
  3. Cookie值在Cookie過期之前過期

Cookie值在Cookie過期之前過期

2009-09-23 117 views
1

我有一個我正在處理的asp.net MVC應用程序,並且我編寫了一個自定義actionfilter以基於在登錄時設置的授權級別過濾掉某些控制器操作,並存儲在加密的cookie與formsauthentication cookie一起,兩個cookie被設置爲具有相同的到期時間,但由於某種原因,在空閒時間之後授權cookie值變爲空白,我還沒有能夠調試並在行爲中捕獲它,但它就這樣消失Cookie值在Cookie過期之前過期

我actionfilter代碼如下所示:

string usersRole = ""; 
if (filterContext.HttpContext.Session["role"] != null) 
usersRole = filterContext.HttpContext.Session["role"].ToString(); 
else if (filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value != null) 
{ 
usersRole = filterContext.HttpContext.Response.Cookies["ArisPortalCookie"].Value; 
filterContext.HttpContext.Session["role"] = usersRole; 
} 
string encryptedRole = EncryptionHelper.Encrypt(RoleToCheckFor); 

if (encryptedRole == usersRole || usersRole == EncryptionHelper.Encrypt("Admin")) //if the user's role and role required match, we have success 
     { 
      //now we break down the response action based on what role was required 
      if (RoleToCheckFor == "Admin") 
      { 
      } 
      else if (RoleToCheckFor == "Tech" || RoleToCheckFor == "Admin") 
      { 

      } 
      else if (RoleToCheckFor == "Physician" || RoleToCheckFor == "Admin") 
      { 

      } 
     } 
     else 
     { 
      filterContext.Result = new ViewResult 
      { 
       ViewName = "NoAuth", 
       ViewData = filterContext.Controller.ViewData, 
       TempData = filterContext.Controller.TempData 
      }; 
     }

來源

2009-09-23 Jimmy

+0

讀取值(管道格式)發現了一個可能的問題,我的應用程序存儲它出現時期滿 – Jimmy 2009-09-23 15:24:11

回答

2

我做同樣的來存儲角色。爲什麼他們並排?

我假設你正在做這樣的事情:

FormsAuthenticationTicket authTicket = 
       new FormsAuthenticationTicket(1, 
              username, 
              DateTime.Now, 
              DateTime.Now.AddMinutes(60), 
              rememberMe, 
              roles); 
      string encTicket = FormsAuthentication.Encrypt(authTicket); 
      HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); 
      authenticationCookie.HttpOnly = true; 
      contextBase.Response.Cookies.Add(authenticationCookie);

如果您正在使用FormsAuthentication.SetAuthCookie還有,我不認爲你需要,我不這樣做,那麼請確保你的配置有超時也設置爲60分鐘,或者等於上述時間。從餅乾(如需要)

private static void ReadCookieForPrincipal() 
{ 
    string cookieName = FormsAuthentication.FormsCookieName; 
    HttpCookie authCookie = HttpContext.Current.Request.Cookies[cookieName]; 

    // If the cookie can't be found, don't issue the ticket 
    if (authCookie == null) return; 

    // Get the authentication ticket and rebuild the principal & identity 
    FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); 
    string[] roles = authTicket.UserData.Split(new Char[] { '|' }); 
    GenericIdentity userIdentity = new GenericIdentity(authTicket.Name); 
    GenericPrincipal userPrincipal = new GenericPrincipal(userIdentity, roles); 
    HttpContext.Current.User = userPrincipal; 
}

來源

2009-09-23 15:20:15 dove

+0

心示出要清理出我的Cookie值的會話ID cookie如何將角色添加到formsauth cookie中,然後檢索這些值? – Jimmy 2009-09-23 15:23:39

+0

是的,即使我在做什麼減去了cookie的末尾的角色,你如何將角色數據從formsauth cookie中提取出來? – Jimmy 2009-09-23 15:25:33

+0

介意分享你的代碼,檢查用戶在哪個角色? – Jimmy 2009-09-23 15:30:15

相關問題

 相關問題