asp.net-mvc ASP.NET MVC 记住我
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2452656/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ASP.NET MVC RememberMe
提问by nccsbim071
After searching a lot i did not get any answers and finally i had to get back to you. Below i am explaining my problem in detail. It's too long, so please don't quit reading. I have explained my problem in simple language.
在搜索了很多之后,我没有得到任何答案,最后我不得不回复你。下面我详细解释我的问题。太长了,请不要放弃阅读。我已经用简单的语言解释了我的问题。
I have been developing an asp.net mvc project. I am using standard ASP.NET roles and membership. Everything is working fine but the remember me functionality doesn't work at all. I am listing all the details of work. Hope you guys can help me out solve this problem.
我一直在开发一个asp.net mvc 项目。我正在使用标准的 ASP.NET 角色和成员资格。一切正常,但记住我的功能根本不起作用。我列出了工作的所有细节。希望大家能帮我解决这个问题。
I simply need this:
我只需要这个:
I need user to login to web application. During login they can either login with remember me or without it. If user logs in with remember me, i want browser to remember them for long time, let's say atleast one year or considerably long time. The way they do it in www.dotnetspider.com,www.codeproject.com,www.daniweb.com and many other sites. If user logs in without remember me, then browser should allow access to website for some 20 -30 minutes and after that their session should expire. Their session should also expire when user logs in and shuts down the browser without logging out.
我需要用户登录到 Web 应用程序。在登录期间,他们可以使用记住我或不使用记住我登录。如果用户使用记住我登录,我希望浏览器记住他们很长时间,比如说至少一年或相当长的时间。他们在 www.dotnetspider.com、www.codeproject.com、www.daniweb.com 和许多其他网站上这样做的方式。如果用户在没有记住我的情况下登录,那么浏览器应该允许访问网站大约 20 -30 分钟,之后他们的会话应该过期。当用户登录并关闭浏览器而不注销时,他们的会话也应该过期。
Note: I have succesfully implemented above functionality without using standard asp.net roles and membership by creating my own talbes for user and authenticating against my database table, setting cookie and sessions in my other projects. But for this project we starting from the beginning used standard asp.net roles and membership. We thought it will work and after everything was build at the time of testing it just didn't work. and now we cannot replace the existing functionality with standard asp.net roles and membership with my own custom user tables and all the stuff, you understand what i am taling about.
注意:通过为用户创建我自己的 talbes 并针对我的数据库表进行身份验证,在我的其他项目中设置 cookie 和会话,我已经成功地实现了上述功能,而无需使用标准的 asp.net 角色和成员资格。但是对于这个项目,我们从一开始就使用标准的 asp.net 角色和成员资格。我们认为它会起作用,但在测试时构建了所有内容之后,它就不起作用了。现在我们不能用标准的 asp.net 角色和成员身份替换现有的功能,我自己的自定义用户表和所有东西,你明白我在说什么。
Either there is some kind of bug with standard asp.net roles and membership functionality or i have the whole concept of standard asp.net roles and membership wrong. i have stated what i want above. I think it's very simple and reasonable.
要么标准asp.net角色和成员资格功能存在某种错误,要么我对标准asp.net角色和成员资格的整个概念错误。我已经在上面说明了我想要的东西。我认为这是非常简单和合理的。
What i did
我做了什么
- Login form with username,password and remember me field.
- My setting in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication> in My controller action, i have this:
FormsAuth.SignIn(userName, rememberMe);
public void SignIn(string userName, bool createPersistentCookie) { FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); }
- 使用用户名、密码和记住我字段的登录表单。
- 我在 web.config 中的设置:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880"/>
</authentication> 在我的控制器操作中,我有这个:
FormsAuth.SignIn(userName, rememberMe);
public void SignIn(string userName, bool createPersistentCookie) { FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); }
Now the problems are following:
现在问题如下:
I have already stated in above section "I simply need this". user can successfully log in to the system. Their session exists for as much minutes as specified in timeout value in web.config. I have also given a sample of my web.config. In my samplem if i set the timeout to 5 minutes,then user session expires after 5 minutes, that's ok. But if user closes the browser and reopen the browser, user can still enter the website without loggin in untill time specified in "timeout" has not passed out. The sliding expiration for timeout value is also working fine. Now if user logs in to the system with remember me checked, user session still expires after 5 minutes. This is not good behaviour, is it?. I mean to say that if user logs in to the system with remember me checked he should be remembered for a long time untill he doesn't logs out of the system or user doesn't manually deletes all the cookies from the browser. If user logs in to the system without remember me checked his session should expire after the timeout period values specified in web.config and also if users closes the browser. The problem is that if user closes the browser and reopens it he can still enter the website without logging in.
我已经在上一节中说明了“我只需要这个”。用户可以成功登录系统。他们的会话存在的时间与 web.config 中超时值中指定的一样多。我还提供了我的 web.config 示例。在我的示例中,如果我将超时设置为 5 分钟,那么用户会话会在 5 分钟后过期,那没关系。但是,如果用户关闭浏览器并重新打开浏览器,用户仍然可以在未登录的情况下进入网站,直到“超时”中指定的时间没有过去。超时值的滑动到期也工作正常。现在,如果用户在选中记住我的情况下登录系统,用户会话仍会在 5 分钟后过期。这不是好行为,是吗?我的意思是说,如果用户登录系统时选中记住我,他应该会被记住很长时间,直到他没有“ t 退出系统或用户不会从浏览器中手动删除所有 cookie。如果用户在没有记住我的情况下登录系统检查他的会话应该在 web.config 中指定的超时期限值之后过期,并且如果用户关闭浏览器。问题是,如果用户关闭浏览器并重新打开它,他仍然可以在不登录的情况下进入网站。
I search internet a lot on this topic, but i could not get the solution. In the blog post(http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx) made by Scott Gu on exactly the same topic. The users are complaining about the same thing in their comments ut there is no easy solution given in by Mr. Scott.
我在互联网上搜索了很多关于这个主题的信息,但我找不到解决方案。在Scott Gu 发表的关于完全相同主题的博客文章 ( http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx) 中。用户在他们的评论中抱怨同样的事情,斯科特先生没有给出简单的解决方案。
I read it at following places: http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspxhttp://geekswithblogs.net/vivek/archive/2006/09/14/91191.aspx
我在以下地方阅读:http: //weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx http://geekswithblogs.net/vivek/archive/2006/09/14/91191。 aspx
I guess this is a problem of lot's of users. As seem from blog post made by Mr. Scott Gu.
我想这是很多用户的问题。从 Scott Gu 先生的博客文章中可以看出。
Your help will be really appreciated. Thanks in advance.
您的帮助将不胜感激。提前致谢。
回答by Dave Van den Eynde
What you want to do is have a different timeout when the RememberMe option is checked, than when it is unchecked. Unfortunately, the SetAuthCookie method does not allow you to set the expiration manually, so you'll have to do that yourself.
您想要做的是在RememberMe 选项被选中时有一个不同的超时,而不是在它未被选中时。不幸的是,SetAuthCookie 方法不允许您手动设置到期时间,因此您必须自己进行设置。
The problem is then, how to do that?
那么问题来了,怎么做呢?
ASP.NET MVC uses the FormsAuthentication class of System.Web.Security to do that, because it's not trivial if you also want to support the configuration settings and cookieless browsing and SSL, but I think that if you simply do this:
ASP.NET MVC 使用 System.Web.Security 的 FormsAuthentication 类来做到这一点,因为如果您还想支持配置设置和无 cookie 浏览和 SSL,这并非易事,但我认为如果您只是这样做:
int timeout = rememberMe ? 525600 : 30; // Timeout in minutes, 525600 = 365 days.
var ticket = new FormsAuthenticationTicket(userName, rememberMe, timeout);
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = System.DateTime.Now.AddMinutes(timeout);// Not my line
cookie.HttpOnly = true; // cookie not available in javascript.
Response.Cookies.Add(cookie);
...you'll get a basic version of what you need.
...您将获得所需内容的基本版本。
NOTE: I did not test this code.
注意:我没有测试这段代码。
回答by nccsbim071
Kevin and Dave,you guys rock, man.
凯文和戴夫,你们摇滚,伙计。
Dave, in addition to your code i had to add one more line to make it work. I mean to make it remember for at least one year. I had to assign value to cookie.Expires in addition to your code to make it work. If this line cookie.Expires is not set the cookie is lost after computer restart i mean at the end of the session. I noticed this in FireFox. I Went through the details of cookie and i found: If cookie.Expires is not set then value for "Expires:" attribute in Firefox is "At the end of the session" but if cookie.Expires is set then the value for "Expires:" attribute in Firefox is to the datetime the cookie.Expires value was set.
戴夫,除了你的代码,我还得再添加一行才能让它工作。我的意思是让它记住至少一年。除了您的代码之外,我还必须为 cookie.Expires 赋值才能使其工作。如果此行 cookie.Expires 未设置,则计算机重启后 cookie 将丢失,我的意思是在会话结束时。我在 FireFox 中注意到了这一点。我浏览了 cookie 的详细信息,我发现:如果未设置 cookie.Expires,则 Firefox 中“Expires:”属性的值是“在会话结束时”,但如果设置了 cookie.Expires,则“Expires”的值:" Firefox 中的属性是设置 cookie.Expires 值的日期时间。
Here is the code:
这是代码:
int timeout = createPersistentCookie ? 525600 : 2; // Timeout in minutes,525600 = 365 days
var ticket = new FormsAuthenticationTicket(userName,createPersistentCookie,timeout);
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = System.DateTime.Now.AddMinutes(timeout);//My Line
HttpContext.Current.Response.Cookies.Add(cookie);
Thank you guys, that was really a great solution.
谢谢你们,这真的是一个很好的解决方案。
回答by BillB
Just a quick note about using membership auth ticket in a shared environment for anyone who may land here with that issue. I've got an mvc site runnig at godaddy and had trouble with remember me. This was the solution:
只是一个关于在共享环境中使用会员身份验证票的快速说明,对于可能遇到该问题的任何人。我有一个 mvc 站点在 Godaddy 上运行,但在记住我时遇到了麻烦。这是解决方案:
<system.web>
<machineKey
validationKey="4C6404A3B305CD6E8CFEAC258F042FB95E45E9C3C2CEC3AAB838996CFBE661E41DF1A1BAC75B9B45E02147612FD9B71CA74DDA50B0D0D6ED11F0BB8E31048953"
decryptionKey="BC471CF17A97B08A9DF85C7B502AD95680E3BE4418FD9C6CEA57E7F97ED64291"
validation="SHA1" decryption="AES"
/>
Thanks to : http://www.geekfreeq.com/aspnet-remember-me-option-forms-authentication-not-working/
感谢:http: //www.geekfreeq.com/aspnet-remember-me-option-forms-authentication-not-working/
回答by kervin
That's not a problem, it's a feature :)
这不是问题,这是一个功能:)
The user's session hasn't expired yet so, even if they close and reopen the browser, the cookie is still good.
用户的会话还没有过期,所以即使他们关闭并重新打开浏览器,cookie 仍然是好的。
It's the cookie's expiration that invalidates the user's session.
是 cookie 的过期使用户的会话无效。
回答by adsolanki
I had implemented same thing and when i test it it works fine in Mozila but not working in IE8 for all pc, i also had updated setting to accept cookies in IE but still not working.
我已经实现了同样的事情,当我测试它时,它在 Mozila 中运行良好,但在 IE8 中不适用于所有 PC,我还更新了设置以在 IE 中接受 cookie,但仍然无法正常工作。
Internet Explorer 8.x
浏览器 8.x
- Click on the Tools-menu.
- Select Internet Options in the menu - a new window opens.
- Click on the Privacy tab near the top of the window.
- Click on the Default button of the window.
- Move the slider so that it is on one of the levels below Medium High (including Medium, Low, Accept All Cookies).
- Save changes by clicking OK.
- You should be able to add items to your shopping cart now.
- 单击工具菜单。
- 在菜单中选择 Internet 选项 - 将打开一个新窗口。
- 单击窗口顶部附近的隐私选项卡。
- 单击窗口的默认按钮。
- 移动滑块,使其位于中高以下的级别之一(包括中、低、接受所有 Cookie)。
- 单击确定保存更改。
- 您现在应该可以将商品添加到购物车中。
