asp:使用LayoutTemplate登录会创建持久cookie,无论是否选中“记住我”
本文关键字:记住我 是否 cookie LayoutTemplate 使用 登录 创建 asp | 更新日期: 2023-09-27 18:26:08
当我登录时,使用带有自定义布局模板的.NET 4和asp.NET登录控件,无论是否选中"记住我"复选框,该控件似乎都会创建一个身份验证cookie,并保持我的登录状态,直到我通过单击注销按钮显式注销。在仍然登录的情况下关闭浏览器不会使我注销。
有人能解释一下可能是什么原因造成的吗?
<asp:Login ID="Login1" runat="server" OnLoggingIn="Login1_LoggingIn" OnLoggedIn="Login1_LoggedIn" OnLoginError="Login1_LoginError">
<LayoutTemplate>
<asp:Panel runat="server" DefaultButton="btnLogin">
<label>Email</label> <div class="required">*</div>
<asp:RequiredFieldValidator runat="server" ControlToValidate="UserName" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
<asp:TextBox runat="server" ID="UserName" class="input" ValidationGroup="Login" />
<label>Password</label> <div class="required">*</div>
<asp:RequiredFieldValidator runat="server" ControlToValidate="Password" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
<asp:TextBox runat="server" ID="Password" TextMode="Password" class="input" style="margin:0 0 6px 0;" ValidationGroup="Login" />
<asp:Checkbox runat="server" ID="RememberMe" Text="Remember me" CssClass="remember-me" />
<asp:LinkButton runat="server" ID="btnLogin" CommandName="Login" Text="Sign In" CssClass="login-button" ValidationGroup="Login" />
</asp:Panel>
</LayoutTemplate>
</asp:Login>
protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
string username = Login1.UserName.Trim();
if (IsValid)
{
MembershipUser user1 = Membership.GetUser(username);
if (user1 != null)
{
if (Membership.ValidateUser(user1.UserName, Login1.Password))
{
Login1.UserName = user1.UserName;
}
}
}
protected void Login1_LoggedIn(object sender, EventArgs e)
{
if (Roles.IsUserInRole(Login1.UserName, "Users"))
{
Response.Redirect("users.aspx", true);
}
<authentication mode="Forms">
<forms timeout="129600" name=".AUTHCOOKIE" protection="All" slidingExpiration="true" path="/" requireSSL="false" loginUrl="~/login.aspx" cookieless="UseCookies"/>
</authentication>
找到答案了。。。天哪!
Login.aspx:
<asp:Login ID="Login1" runat="server" OnLoggingIn="Login1_LoggingIn">
<LayoutTemplate>
<asp:Panel runat="server" DefaultButton="btnLogin">
<label>Email</label> <div class="required">*</div>
<asp:RequiredFieldValidator runat="server" ControlToValidate="UserName" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
<asp:TextBox runat="server" ID="UserName" class="input" ValidationGroup="Login" />
<label>Password</label> <div class="required">*</div>
<asp:RequiredFieldValidator runat="server" ControlToValidate="Password" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
<asp:TextBox runat="server" ID="Password" TextMode="Password" class="input" Style="margin: 0 0 6px 0;" ValidationGroup="Login" />
<asp:CheckBox runat="server" ID="RememberMe" Text="Remember me" CssClass="remember-me" />
<asp:LinkButton runat="server" ID="btnLogin" CommandName="Login" Text="Sign In" CssClass="login-button" ValidationGroup="Login" />
</asp:Panel>
</LayoutTemplate>
</asp:Login>
登录.aspx.cs
protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
if (IsValid)
{
if (FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
{
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
}
}
}
Web.config:
<authentication mode="Forms">
<forms timeout="129600" name=".AUTHCOOKIE" protection="All" slidingExpiration="true" path="/" requireSSL="false" loginUrl="~/login.aspx" cookieless="UseCookies">
<credentials passwordFormat="Clear">
<user name="test" password="test"/>
</credentials>
</forms>
</authentication>
附加说明:
在我的web应用程序中,我有一个名为"Protected"的文件夹,其中有一个文件名为"Users.aspx",还有一个文件称为web.Config。"Protected"文件夹中的web.Config包含以下内容,不允许匿名用户,只允许"测试"用户:
<configuration>
<system.web>
<authorization>
<deny users="?"/>
<allow users="test"/>
</authorization>
</system.web>
</configuration>
登录后,我关闭了所有的chrome实例,然后转到users.aspx页面,当然,有人要求我再次登录!我知道这个代码并不完全是你所拥有的,但你应该能够修改你的代码来采用它。