问题描述
我有一个web表单应用程序,使用一些ASP.NET AJAX Timer控件(如轮询)。如果用户在页面上的其中之一,他们将有效从来没有超时,作为投票过程保持自己的身份验证票活着。
I have a webforms app that uses a few ASP.NET AJAX Timer controls (i.e. polling). If a user is on a page with one of these, they will effectively never time-out, as the polling process keeps their authentication ticket alive.
我想段定时控制,这样他们就不会触发窗体身份验证的RenewTicketIfOld方法。我在和我以前做过类似的路径的东西注入到了AJAX HTTP请求中有标识为来自一个定时器来了这些请求,然后把一些code中的窗体身份验证模块,它隐藏后运行从被发送回倒在响应中的认证的cookie。
I'd like to segment Timer controls so they don't trigger Forms Authentication's RenewTicketIfOld method. The path I'm on and I've done something similar before is to inject something into the AJAX HTTP request to have these requests identified as coming from a timer and then put some code to run after the Forms Authentication Module that hides the Authentication cookie from being sent back down in the response.
任何其他建议如何prevent Timer控件从保持窗体身份验证票还活着吗?
Any other suggestions for how to prevent a Timer control from keeping the forms authentication ticket alive?
推荐答案
进取,目前这是我的解决方案。我从一个模块设置的定时器AJAX请求自定义标题,并检查头去(你可以看到这个答案版本历史记录),以简单,模块,唯一的解决办法。 (帽尖到如何判断一个刷新来自一个定时器问题)
Making progress, currently this is my solution. I went from setting a custom header in the Timer AJAX requests and checking that header in a Module (you can see this in the answer version history) to a simple, Module-only solution. (Hat tip to the How to tell if a refresh came from a Timer question)
public class SkipAuthTicketRenewalModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.EndRequest += new EventHandler(context_EndRequest);
}
void context_EndRequest(object sender, EventArgs e)
{
// See if auth cookie was added in response to the timer control update by the FormsAuthModule,
// indicating the ticket was renewed. If it was, remove it so we don't extend the ticket.
HttpContext ctx = HttpContext.Current;
string ctrlname = ctx.Request.Params.Get("__EVENTTARGET");
if (!String.IsNullOrEmpty(ctrlname))
{
Page page = ctx.Handler as Page;
if (page != null)
{
Control ctrl = page.FindControl(ctrlname);
if (ctrl != null && ctrl is Timer)
{
ctx.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
}
}
}
}
}
这篇关于prevent AJAX Timer控件从延伸FormsAuthentication票的要求吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!