你的问题 ::
I am running into an issue that if the aspx auth cookie is saved .. but the user
account is deleted or set inactive .. the user can still login.
IsAuthenticated
即使用户被删除,也会为用户返回 true。发生这种情况是因为它只检查仍在他们系统上的身份验证 cookie。
您需要在您的注销功能中删除身份验证 cookie,如下所示。例如,假设您放置了一个注销按钮。在注销按钮单击中添加以下代码。
Protected Sub btnLogOutAction_Click(sender As Object, e As EventArgs)
FormsAuthentication.Signout()
' check your own supplied cookie name. Default name is .ASPXAUTH
If Request.Cookies(".ASPXAUTH") IsNot Nothing Then
Dim myCookie As New HttpCookie(".ASPXAUTH")
myCookie.Expires = DateTime.Now.AddDays(-1.0)
myCookie.Domain = "test.com"
Response.Cookies.Add(myCookie)
End If
End Sub
2.) 问题::
to see that the user exists in the database, and if the account does exist to
check if it is inactive or disabled
这个问题可以有很多可能的情况。让我们看看其中的3个
CASE I::
如果用户已登录但几分钟内没有活动,默认情况下 20 分钟后,ASP.NET 将清理用户会话,当它清理时,它会触发一个Session_End
可以在Global.asax
. 然后,您可以将此用户标记为数据库中的非活动用户,或根据要求执行您想要运行的任何代码。
Case II::
我使用设置IsApproved
为 False 来禁用用户。
Dim user As MembershipUser = Membership.GetUser("Yourusername")
If user IsNot Nothing Then
user.IsApproved = False
Membership.UpdateUser(user)
End If
现在您可以将其检查为:
Dim check As New SqlCommand("SELECT Count(*) FROM [Users] WHERE Username='" & username & "'", Connect)
Dim exist As Integer = CInt(check.ExecuteScalar())
' greater than zero means user exists in database
If exist > 0 Then
' Now check if user is disabled OR not approved
Dim user As MembershipUser = Membership.GetUser("Yourusername")
If user IsNot Nothing Then
If user.IsApproved = False Then
FormsAuthentication.RedirectToLoginPage()
End If
End If
End If
CASE III:
使用 ProfileManager 类
使用下面的示例代码作为参考。我们可以使用 ProfileManager 类方法检查用户是否自某个日期以来处于非活动状态。阅读MSDN
Dim check As New SqlCommand("SELECT Count(*) FROM [Users] WHERE Username='" & username & "'", Connect)
Dim exist As Integer = CInt(check.ExecuteScalar())
' greater than zero means user exists in database
If exist > 0 Then
' Now check if user is marked inactive
ProfileInfoCollection profiles;
profiles = ProfileManager.FindInactiveProfilesByUserName
(ProfileAuthenticationOption.Authenticated,UserName, userInactiveSinceDate)
If profiles("UserName") IsNot Nothing Then
FormsAuthentication.RedirectToLoginPage()
Else
' Code to run if user exists in database and is also active
End If
End If