如何强制退出网站的所有用户?

我正在使用MySQL Connector / .NET,它的所有提供程序都带有FormsAuthentication。

我需要所有用户退出。该方法FormsAuthentication.SignOut()无法正常工作。

如何注销所有站点用户?

回答:

正如乔建议的那样,您可以编写一个HttpModule来使给定DateTime之前存在的任何cookie无效。如果将其放在配置文件中,则可以在必要时添加/删除它。例如,

<appSettings>

<add key="forcedLogout" value="30-Mar-2011 5:00 pm" />

</appSettings>

<httpModules>

<add name="LogoutModule" type="MyAssembly.Security.LogoutModule, MyAssembly"/>

</httpModules>

public class LogoutModule: IHttpModule

{

#region IHttpModule Members

void IHttpModule.Dispose() { }

void IHttpModule.Init(HttpApplication context)

{

context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);

}

#endregion

/// <summary>

/// Handle the authentication request and force logouts according to web.config

/// </summary>

/// <remarks>See "How To Implement IPrincipal" in MSDN</remarks>

private void context_AuthenticateRequest(object sender, EventArgs e)

{

HttpApplication a = (HttpApplication)sender;

HttpContext context = a.Context;

// Extract the forms authentication cookie

string cookieName = FormsAuthentication.FormsCookieName;

HttpCookie authCookie = context.Request.Cookies[cookieName];

DateTime? logoutTime = ConfigurationManager.AppSettings["forcedLogout"] as DateTime?;

if (authCookie != null && logoutTime != null && authCookie.Expires < logoutTime.Value)

{

// Delete the auth cookie and let them start over.

authCookie.Expires = DateTime.Now.AddDays(-1);

context.Response.Cookies.Add(authCookie);

context.Response.Redirect(FormsAuthentication.LoginUrl);

context.Response.End();

}

}

}

以上是 如何强制退出网站的所有用户? 的全部内容, 来源链接: utcz.com/qa/415147.html

回到顶部