如何强制退出网站的所有用户?
我正在使用MySQL Connector / .NET,它的所有提供程序都带有FormsAuthentication。
我需要所有用户退出。该方法FormsAuthentication.SignOut()无法正常工作。
如何注销所有站点用户?
回答:
正如乔建议的那样,您可以编写一个HttpModule来使给定DateTime之前存在的任何cookie无效。如果将其放在配置文件中,则可以在必要时添加/删除它。例如,
<appSettings> <add key="forcedLogout" value="30-Mar-2011 5:00 pm" />
</appSettings>
<httpModules>
<add name="LogoutModule" type="MyAssembly.Security.LogoutModule, MyAssembly"/>
</httpModules>
public class LogoutModule: IHttpModule{
#region IHttpModule Members
void IHttpModule.Dispose() { }
void IHttpModule.Init(HttpApplication context)
{
context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
}
#endregion
/// <summary>
/// Handle the authentication request and force logouts according to web.config
/// </summary>
/// <remarks>See "How To Implement IPrincipal" in MSDN</remarks>
private void context_AuthenticateRequest(object sender, EventArgs e)
{
HttpApplication a = (HttpApplication)sender;
HttpContext context = a.Context;
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = context.Request.Cookies[cookieName];
DateTime? logoutTime = ConfigurationManager.AppSettings["forcedLogout"] as DateTime?;
if (authCookie != null && logoutTime != null && authCookie.Expires < logoutTime.Value)
{
// Delete the auth cookie and let them start over.
authCookie.Expires = DateTime.Now.AddDays(-1);
context.Response.Cookies.Add(authCookie);
context.Response.Redirect(FormsAuthentication.LoginUrl);
context.Response.End();
}
}
}
以上是 如何强制退出网站的所有用户? 的全部内容, 来源链接: utcz.com/qa/415147.html
