c# – 在asp.net mvc中形成超时问题
作者:互联网
如何在asp.net mvc中关闭表单身份验证.我有注册,登录和忘记密码页面,旨在进入webapplication.
最初我
我目前将我的asp.net mvc Web应用程序作为单个代码库和多数据库格式托管.我面临的表单在某段时间过期,logon.aspx页面出现在主页的中间.我想出这是因为以下代码:
webconfig:
<authentication mode="Forms"><forms timeout="180000" slidingExpiration="false"/></authentication>
logon.cshtml:
FormsAuthentication.SetAuthCookie(user.UserName, false);
return RedirectToAction("Index", "Home");
我不希望我的用户会话或表单在他们注销之前到期.如何删除身份验证模式或如何解决此超时问题?
请帮忙.
这是我的完整webconfig代码:
<system.web>
<customErrors mode="Off" />
<globalization uiCulture="en-AU" culture="en-AU" />
<!--<sessionState mode="InProc" />-->
<sessionState timeout="1500"></sessionState>
<httpRuntime encoderType="AntiXssEncoder, OnlineAB" />
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms timeout="180000" slidingExpiration="false"/>
</authentication>
<membership>
<!--<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>-->
</membership>
<profile>
<!--<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>-->
</profile>
<!--<roleManager enabled="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>-->
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages" />
</namespaces>
</pages>
</system.web>
解决方法:
按照MSDN:
Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed. If the cookie expires, the user must re-authenticate. Setting the SlidingExpiration property to false can improve the security of an application by limiting the time for which an authentication cookie is valid, based on the configured timeout value.
从配置中删除此属性
<authentication mode="Forms">
<forms timeout="180000" slidingExpiration="false"/>
</authentication>
并替换为:
<authentication mode="Forms" />
还会增加会话超时或删除默认值:
删除这个:
<sessionState timeout="1500"></sessionState>
标签:c,asp-net-mvc,timeout,forms-authentication 来源: https://codeday.me/bug/20190629/1324035.html