标签:
项目中使用session保存状态信息时,经常出现超时情况,为了让状态按照自己的需要保持一段时间,底层使用了FormsAuthenticationTicket 来保存状态信息。参考代码如下:
其中的cookie使用了加密。
//----------------------------------------------------------------------- // <copyright file="TicketTool.cs" company="HaiRiHan , Ltd ."> // Copyright (c) 2015 , All rights reserved. // </copyright> //----------------------------------------------------------------------- using System; using System.Web; using System.Web.Script.Serialization; using System.Web.Security; using System.Web.UI; namespace Infrastructure { using DotNet.Utilities; /// <summary> /// 票据工具 /// /// /// 修改纪录 /// /// 2015-03-17 版本:1.0 SongBiao 创建文件。 /// /// <author> /// <name>SongBiao</name> /// <date>2015-03-17</date> /// </author> /// </summary> public class TicketTool { /// <summary> /// 创建一个票据,放在cookie中 /// 票据中的数据经过加密,解决一下cookie的安全问题。 /// </summary> /// <param name="userInfo">登录用户</param> /// <param name="issueDateTime">发布时间</param> /// <param name="experation">过期时间</param> /// <param name="isPersistent">持久性</param> public static void SetCookie(BaseUserInfo userInfo, DateTime? issueDateTime = null, DateTime? experation = null, bool isPersistent = true) { if (issueDateTime == null) { issueDateTime = DateTime.Now; } if (experation == null) { //设置COOKIE默认为16小时 experation = DateTime.Now.AddHours(16); } BaseSystemInfo.UserInfo = userInfo; BaseSystemInfo.UserInfo.ServicePassword = BaseSystemInfo.ServicePassword; BaseSystemInfo.UserInfo.ServiceUserName = BaseSystemInfo.ServiceUserName; BaseSystemInfo.UserInfo.SystemCode = BaseSystemInfo.SystemCode; JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer(); string userData = javaScriptSerializer.Serialize(BaseSystemInfo.UserInfo); //生成验证票据,其中包括用户名、生效时间、过期时间、是否永久保存和用户数据等。 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userInfo.NickName, (DateTime)issueDateTime, (DateTime)experation, isPersistent, userData, FormsAuthentication.FormsCookiePath); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Expires = (DateTime)experation; HttpResponse response = HttpContext.Current.Response; //指定客户端脚本是否可以访问[默认为false] cookie.HttpOnly = true; //指定统一的Path,比便能通存通取 cookie.Path = "/"; //设置跨域,这样在其它二级域名下就都可以访问到了 同一个网站下 //cookie.Domain = "zt-express.com"; response.AppendCookie(cookie); } /// <summary> /// 获取登录的用户信息 /// </summary> /// <returns></returns> public static BaseUserInfo GetUserInfo() { HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); if (authTicket != null) { string userData = authTicket.UserData; JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer(); var userInfo = javaScriptSerializer.Deserialize<BaseUserInfo>(userData); return userInfo; } } return null; } /// <summary> /// 通过此法判断登录 /// </summary> /// <returns>已登录返回true</returns> public static bool IsLogin() { return HttpContext.Current.User.Identity.IsAuthenticated; } /// <summary> /// 退出登录 /// </summary> public static void Logout() { FormsAuthentication.SignOut(); } /// <summary> /// 取得登录用户名 /// </summary> /// <returns></returns> public static string GetUserName() { return HttpContext.Current.User.Identity.Name; } /// <summary> /// 取得票据中数据 /// </summary> /// <returns></returns> public static string GetUserData() { var formsIdentity = HttpContext.Current.User.Identity as FormsIdentity; if (formsIdentity != null) { return formsIdentity.Ticket.UserData; } return string.Empty; } /// <summary> /// 获取FormsAuthentication验证的超时时间 /// </summary> /// <param name="page"></param> /// <returns></returns> public static double GetFormTimeout(Page page) { var cookie = (HttpCookie)(page.Request.Cookies[FormsAuthentication.FormsCookieName]); // if no user login, the cookie will be null if (cookie != null) { var ticket = FormsAuthentication.Decrypt(cookie.Value); if (ticket != null) { double timeoutInMinutes = (ticket.Expiration - ticket.IssueDate).TotalMinutes; return timeoutInMinutes; } } return -1; } /// <summary> /// 剩下多长时间超时 /// </summary> /// <param name="page"></param> /// <returns></returns> public static double GetTotalLeftFormTimeout(Page page) { var cookie = (HttpCookie)(page.Request.Cookies[FormsAuthentication.FormsCookieName]); // if no user login, the cookie will be null if (cookie != null) { var ticket = FormsAuthentication.Decrypt(cookie.Value); if (ticket != null && ticket.Expiration > DateTime.Now) { double timeoutMillisecond = (ticket.Expiration - DateTime.Now).TotalMilliseconds; return timeoutMillisecond; } } return -1; } } }
web.config中增加如下:
<authentication mode="Forms"> <forms name="HRHSecurity" loginUrl="~/Account/Login" timeout="2880" /> </authentication>
传递的加密的cookie信息
标签:
原文地址:http://www.cnblogs.com/hnsongbiao/p/4475856.html
