我有SignalR启动和运行我的MVC 4应用程序,它使用窗体身份验证。我有饼干暂停时以滑动过期设置为20分钟。
I have SignalR up and running on my MVC 4 application which uses Forms Authentication. I have the cookie timeout with sliding expiration set to 20 minutes.
我有它运行在一个定时器,使得20分钟1秒后,刷新页面,用户被重定向到登录页面的JavaScript函数。重要的是,我这样做是出于安全原因,它工作得很好。
I have a javascript function which runs on a timer so that after 20 mins and 1 second, it refreshes the page and the user is redirected to the Login page. It is important that I do this for security reasons and it works well.
我的问题是SignalR抛出InvalidOperation异常,因为用户的身份发生了变化。我理解它为什么这样做,但我不知道如何避免它。
My problem is that SignalR is throwing an InvalidOperation exception because the User identity has changed. I understand why it's doing this but am not sure how to avoid it.
我试图调用$ .connection.hub.stop();之前重新载入页面,但它不工作。我已经试过了cookie过期之前但这只是重新启动会议称这是5秒。
I've tried calling $.connection.hub.stop(); before reloading the page but it does not work. I've tried calling it 5 seconds before the cookie expires but this only re-activates the session.
任何想法,将AP preciated!
Any ideas would be appreciated!
谢谢 约翰·
我是相应的与大卫福勒(SignalR的作者)在Github上,他说,有没有解决这样一个简单的方法。
I was corresponding with David Fowler (the author of SignalR) on Github and he said there wasn't an easy way of resolving this.
要解决这个问题,我实现了一个无声退出控制器动作,它只是杀死用户会话。
To get around the problem, I implemented a Silent Logout controller action, which simply kills the users session.
[HttpPost]
[AjaxOnly]
public ActionResult SilentLogOff()
{
_unitOfWork.WebSecurity.Logout();
return Json(new
{
IsSuccess = true,
});
}
然后我调整了JS定时器10秒短窗体身份验证超时。到期时,它停止了SignalR集线器连接,执行POST到SilentLogout操作,然后重新加载页面。
I then adjusted the JS timer to be 10 seconds short of the Forms authentication timeout. When it expires, it stops the SignalR hub connection, performs a POST to the SilentLogout action and then reloads the page.
SetLogoutTimer: function () {
var formsTimeoutValue = $("#hdnRefreshTimeout").val();
clearTimeout("formsTimeoutTimer");
var formsTimeoutTimer = setTimeout(function () {
$.connection.hub.stop();
AppName.Authenticated.SilentLogoutUser();
}, formsTimeoutValue);
}
SilentLogoutUser: function() {
var url = $("#logout a").attr("data-bind-silent-url");
$.ajax({
type: "POST",
url: url,
success: function (response) {
if (response.IsSuccess === true) {
window.location.reload(true);
}
}
});
}
这导致在正确的行为是没有SignalR例外,用户会被重定向到previous页面他们在经过重新认证。
This results in the correct behaviour in that there is no SignalR exception, and the user is redirected to the previous page they were on after re-authenticating.