我有一个网站,它是用ASP.NET 3.5和SQL Server 2005构建的,使用了SQL成员资格提供程序,以及可能是表单身份验证。
由于我的网站安全需求非常低,因此我希望只需要认证一次,然后将登录信息持久保存(不给用户选择的机会)。
现在的情况是,用户登录后,在本次会话期间保持登录状态,但下次访问时,就被注销了。
我该如何实现持久化登录?
下面是技术细节,我已经尝试了许多不同时间长度的变化。
Try
If Membership.ValidateUser(UserName.Text, Password.Text) Then
Security.UserManager.AuthenticateUser(UserName.Text)
If FormsAuthentication.GetRedirectUrl(UserName.Text, False) = "/default.aspx" Then
Try
'Custom Logic'
Catch Ex As Exception
'Custom Error handling'
End Try
Else
FormsAuthentication.RedirectFromLoginPage(UserName.Text, True)
End If
End If
Catch ex As Exception
RaiseEvent ExceptionThrown(New ApplicationException("An error occurred trying to log the user in after account creation.", ex))
End Try
Public Shared Sub AuthenticateUser(ByVal Username As String)
Dim Expiration As DateTime = DateTime.Now.AddMonths(3)
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(Username, True, Expiration.Subtract(Expiration).TotalMinutes)
Dim EncryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
Dim AuthCookie As New HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)
AuthCookie.Expires = Expiration
HttpContext.Current.Response.Cookies.Add(AuthCookie)
End Sub
Web配置文件:
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="GlobalConnString"
applicationName="/"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
/>
</providers>
</membership>
<authentication mode="Forms">
<forms timeout="1439200" name="SITENAME" loginUrl="/login.aspx" />
</authentication>
编辑:以下是客户端存储的cookie信息:
Name ASP.NET_SessionId
Value r4dz1555f1pdne45n1zrlkmg
Host SITEADDRESS.com
Path /
Secure No
Expires At End Of Session
Name .ASPXAUTH
Value 648767AC72A60DBA49650A361A2FA446BA992F792055EF5B488CADC95DF495315C1C577F1C8E67E67BD937A7AB6CC5DAED85D8D64E4ED7867FC0FC395F48FED7FB631033CE441DE85223E8B3EBAE616C
Host www.SITEADDRESS.com
Path /
Secure No
Expires Tue, 09 Jun 2009 17:51:31 GMT
Name ASP.NET_SessionId
Value gn5pcymhfsnua455yp45wpej
Host www.SITEADDRESS.com
Path /
Secure No
Expires At End Of Session
Name SITENAME
Value 9610E8515F3DBC088DAC286E1F44311A20CB2BBB57C97F906F49BC878A6C6AC0B9011777402AEA130DCDC521EF4FBB3393DB310083F72EB502AE971183306C24F07F696B3695C67DD73166F1653DF52B
Host www.SITEADDRESS.com
Path /
Secure No
Expires Tue, 20 Dec 2011 06:14:10 GMT