使用Web服务进行身份验证自定义成员资格
我建立的门户网站在ASP.NET MVC 3,使用远程Web服务为只与数据库进行通信的方式。 Web服务有需求总有用户名/密码的请求头通过,否则拒绝该呼叫。
I'm building web portal in ASP.NET MVC 3 that uses distant web service as only way to communicate with database. Web service has requirement to always have Username/Password passed in request header, otherwise it rejects the call.
我已重写ASP.NET成员,使我的ValidateUser方法将用户名/密码,以Web服务登录方法,如果认证成功返回真/假。它的工作原理相当不错的使用提供了MVC 3空网络模板AcountController。因为我要通过每一个Web服务调用用户名/密码,我为他们节省开庭。
I have overridden ASP.NET Membership so that my ValidateUser method sends Username/Password to web service Login method, and returns true/false if authentication is successful. It works quite nice with AcountController provided with MVC 3 Empty internet template. Since I have to pass Username/Password on every web service call, I'm saving them in Session.
我的问题是:
如果我关闭浏览器,然后重新打开......我保持登录网站,但我的Session变量过期,所以没有我的请求,Web服务被接受,即使我仍然登录凭据。
If I close browser and reopen it... I remain logged to website, but my Session variables are expired, so none of my requests to web service are being accepted, even though I'm still logged with credentials.
我在寻找好的建议,如何同步用户登录状态,会话状态。要么让他们既执着,直至注销使用或让他们都在处理浏览器被关闭。
I'm looking for nice suggestion how to sync user logged in state with session state. Either to keep them both persistent until log off is used or to have them both dispose on browser being closed.
感谢您的所有建议:)
当用户在标志使用的AccountController,尝试设置身份验证cookie的是这样的:
When the user signs in using your AccountController, try setting the auth cookie like this:
FormsAuthentication.SetAuthCookie(model.UserName, false);
这应该告诉ASP.NET来删除cookie时,关闭浏览器窗口。然后,当用户打开一个新的浏览器,无论是会议和饼干权威性都应该被销毁。
This should tell ASP.NET to delete the cookie when the browser window is closed. Then, when user opens up a new browser, both the session and the auth cookie should both be destroyed.