All geek questions in one place

Avoid losing PostBack user input after an ASP.NET authentication session expires

I have a form that sits behind ASP.NET forms authentication. So far, the implementation has been consistent with a typical out-of-box configuration.

One page allows users to send messages. If a user sits on this page for a long time to compose a message, he may expire after the expiration of the authentication session. In this case, the message is not recorded ... they are simply redirected to the login page.

What approach should be taken to prevent the loss of an unsuccessful event with a long message?

Obviously, I could just make the auth session very long, but there are other factors in the system that prevent this approach. Is there a way to make an exception for this particular page so that it never redirects to Login while it is posting back?

+3
source share
4 answers

My colleague came up with a general solution to this problem using the HttpModule.

Keep in mind that he decided to handle his own authentication in this particular application.

Here:

HttpModule, , . , ViewState . ViewState, .

. , HTML- post form viewstate. Javascript .

+1

. , , :

  • POSTS , POST . .
  • Javascript .
  • AJAX

, , POST ( ...), HttpContext.PostAuthenticateRequest IHttpModule FormsAuthentication.SetAuthCookie. FormsAuthenticationModule.Authenticate , HttpContext.User:

// Global.asax
void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs e) {
   // check for postback somehow
   if (Request.Url == "MyPage.aspx" && Request.Form["MySuperSecret"] == "123") {
      e.User = new GenericPrincipal(new GenericIdentity(), new string[] { });
   }
}
+1

- , ( ) , , . , , , .

Ajax 10 , , - , . , , - -.

0

, , IP, .

( HttpContext.Request.UserHostAddress )

Then, after logging in, you can check whether the current IP address of the user has a row in the database and perform the required action.

Michael

0
source

Source: https://habr.com/ru/post/1699570/

More articles:


All Articles