问题描述
有关背景下,我在我的web.config中设置窗体身份验证超时值,和正在使用ASP.NET MVC 1。我想这可能是最简单的说明我的问题,因为2用例 - 第一个会发生什么没有认证超时,而第二个有认证超时会发生什么:
For context, I have a forms authentication timeout value set in my web.config, and am using ASP.NET MVC 1. I think it might be easiest to state my problem as 2 use cases -- the first one what happens without an authentication timeout, and the second one what happens with an authentication timeout:
正常情况下:
用户登录到应用程序,并验证计时器开始滴答作响。虽然认证期限仍然有效,用户点击的东西,触发AJAX调用(通过jQuery的),在页面上。我们打的服务器,处理请求,并返回一个局部视图给用户(为的ActionResult )。该HTML来通过作为一个字符串到阿贾克斯的成功的方法,我拿这个网站并注入到页面上的DIV。这是所有预期。
The user logs into the app, and the authentication timer starts ticking. While the authentication period is still valid, the user clicks something on the page that triggers an AJAX call (through jQuery). We hit the server, process the request, and return a partial view to the user (as an ActionResult). The html comes through as a string to the ajax's success method, and I take this html and inject it into a div on the page. This is all expected.
超时情况:
用户登录到应用程序,并验证计时器开始滴答作响。之后的 X 的时间量,认证期限届满。随着到期时间后,用户点击的东西,触发AJAX调用(使用jQuery)在页面上。我们击中了服务器,但身份验证票证已过期。 .NET会自动重定向到该设置超时时间相同的web.config元素定义的 loginURL 值。对我来说,这个页面是登录页面,用户被要求输入用户名。因此,控制器操作运行,并最终返回一个全/密码来登录(不是部分)查看后面的字符串HTML到阿贾克斯的成功方法。这将导致页面轰炸,因为我试图把一个完整页面的HTML(与< HTML> 标签和所有),并注入到页面上的DIV。
The user logs into the app, and the authentication timer starts ticking. After x amount of time, the authentication period expires. With the expiration time up, the user clicks something on the page that triggers an AJAX call (using jQuery). We hit the server, but the authentication ticket is expired. .NET automatically redirects to the loginURL value defined in the same web.config element that sets the timeout period. For me, this page is the login page where the user is asked to input username/password to log in. So the Home/Login Controller action runs, and eventually returns a full (not partial) view back as a string of html to the ajax's success method. This causes the page to bomb because I'm trying to take a full page's html (with <html> tags and all) and inject it into a div on the page.
所以潜藏我的问题。当认证期限已过,而.NET我重定向到登录页面,我结束了一个完整的网页的HTML返回一个ajax的成功方法。当然,一切正常,当服务器命中不是一个AJAX调用 - 它重定向细到登录页面。但是,我怎么能处理这种情况?有没有人有什么想法?
So therein lies my problem. When the authentication period has expired, and .NET redirects me to the login page, I end up returning a full page's html to an ajax success method. Of course, everything works fine when the server hit isn't an AJAX call -- it redirects fine to the login page. But how can I handle this case? Does anyone have any ideas?
感谢。
推荐答案
这样的帐户/登录操作获取的,当票证过期执行
so the Account/Login action get's executed when the ticket expires
public Action Login()
{
if(Request.IsAjaxRequest())
return Content(@"<meta http-equiv="refresh" content="1" />");
//if it is ajax request the div will be filled with this meta tag which will refresh the page
return View();
}
这篇关于.NET C#:如何将一个AJAX调用过程中处理表单认证过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!