现在当授权cookie过期时-用户被重定向到默认登录页面
我想抓住这个时刻,并在登录页面上通知用户,他因为超时而被重定向。
我实现自定义AuthorizeAttribute:
public class CustomAuthorizeAttribute : AuthorizeAttribute {
public override void OnAuthorization( AuthorizationContext filterContext ) {
var cookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);
if (ticket.Expired) {
//TODO redirect to Account/LogOn with some flag
但是不管cookie是如何设置的(持久化或非持久化),如果过期则为null,如果未过期则不为null。因此,我无法到达(ticket.Expired)的时刻,因为它在那一刻是空的。
if(filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName] == null)
{
Response.Redirect("login.aspx?expired=true");
}
在login.aspx
-页上:
在Page_Load
中:
string expired = Request.QueryString["expired"].ToString();
if(expired == "true")
{
//Show Message
}
使用filterContext
:
var cookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
//not logged.
if (cookie == null)
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "area", "" }, { "controller", "Account" }, { "action", "LogOn" }, { "returnUri", filterContext.HttpContext.Request.RawUrl }});
FormsAuthenticationTicket ticket = null;
ticket = FormsAuthentication.Decrypt(cookie.Value);
//not logged.
if (ticket == null)
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "area", "" }, { "controller", "Account" }, { "action", "LogOn" }, { "returnUri", filterContext.HttpContext.Request.RawUrl }});
//logged, but expired.
if (ticket.Expiration > DateTime.Now) {
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "area", "" }, { "controller", "Account" }, { "action", "LogOn" }, { "returnUri", filterContext.HttpContext.Request.RawUrl }, { "alert", "Session expired"} });
}
看起来我发现了什么是一个问题,cookie在Application_BeginRequest过期时仍然可用,但在Application_AuthenticateRequest中它已经是空的(有些东西正在擦除它)所以我将重定向逻辑放入Application_BeginRequest