1

我们有一个使用基于表单的身份验证 (FBA) 的 WSS 3.0 站点。我们希望设置站点,以便某些用户可以自动登录,而不是获取登录屏幕,我不确定最好的方法。

实际上,根据这篇文章,我已经创建了一个处理登录的 HTTP 模块。更具体地说,我创建了一个备用登录页面,当该页面被点击时,它以所需用户的身份登录。但是,它会在我关闭浏览器后让用户保持登录状态。也就是说,我启动浏览器,转到备用登录页面,我的 HTTP 模块代码被触发并以所需用户身份登录,然后我关闭浏览器。然后,当我尝试访问该站点时,将跳过该站点的标准登录页面,因为我仍以之前的用户身份登录该站点。

我想我的问题归结为如何确保我注销?有没有办法使用 HTTP 模块/处理程序来做到这一点,或者我想在 global.asax 中做些什么?

4

1 回答 1

0

傻我。我将 FormsAuthentication.RedirectFromLoginPage 命令的 cookie 参数设置为 True。这意味着身份验证 cookie 将保留 50 年。我想要的是让 cookie 在浏览器关闭时消失。如果 cookie 参数设置为 False,这很容易做到。如果有人感兴趣,这是我的代码...

Imports System.Web
Imports System.Web.Security
Imports System.Collections.Specialized
Imports System.Security.Principal
Imports System.Threading
Imports System.Web.UI

Public Class AuthModule
    Implements IHttpModule

    Public Sub Dispose() Implements System.Web.IHttpModule.Dispose
    End Sub

    Public Sub Init(ByVal app As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init
        AddHandler app.PreRequestHandlerExecute, New EventHandler(AddressOf OnPreRequestHandlerExecute)
    End Sub

    Public Sub OnPreRequestHandlerExecute(ByVal sender As Object, _
                                            ByVal e As EventArgs)

        ' Check to see if the alternate page has been accessed
        If HttpContext.Current.Request.Url.ToString.ToUpper.EndsWith("AUTOLOGIN.ASPX") Then
            ' Alternate page has been accessed, so log in using predetermined account

            ' Retrieve the user name and password
            Dim userName As String = "user"
            Dim userPassword As String = "password"

            ' Build the user id
            Dim roles As String() = Nothing
            Dim webIdentity As New GenericIdentity(userName, "Form")
            Dim principal As New GenericPrincipal(webIdentity, roles)

            ' Specify the user
            HttpContext.Current.User = principal
            Thread.CurrentPrincipal = principal

            ' Redirect from the login page to the start page
' Note, this is the line I initially had incorrect.  That is, I had the
' second parameter set to True, which will persist the authentication cookie.
' Setting the second parameter to False will cause the authentication cookie
' to go away when the browser is closed.  Yeah!
            FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.Name.ToString, False)
        End If

    End Sub

End Class
于 2009-06-26T18:52:07.450 回答