开发者

Can I Create an HttpHandler that never participates in Forms Authentication?

I've created a logout handler that is registered to Logout.aspx in my web.config. I want this to be able to be run from any path. It works great. My master page registers a client script function that automatically logs people out 1 minute before their ticket or session is going to expire (they get a countdown warning starting at 2 minutes to go). However, even if I redirect them to Logout.aspx 1 minute prior to their ticket supposedly expiring, sometimes Logout.aspx doesn't see them as authenticated and they are then redirected to the login page. Of course, they login and then are immediately redirected to the logout page and logged out.

Is there a way to register a handler so it doesn't participate in FormsAuthentication. I'm guessing this is easy maybe using IIS settings? We use IIS7. Any suggestions?

My web.config:

<handlers>
    <add name="Logout" verb="*" path="Logout.aspx" type="MyNamespace.HttpHandlers.LogoutHandler"/>
</handlers>

My code:

na开发者_开发问答mespace MyNamespace.HttpHandlers
{
    public class LogoutHandler : IHttpHandler, IRequiresSessionState
    {
        public bool IsReusable
        {
            get { return false; }
        }

        public void ProcessRequest(HttpContext context)
        {
            string[] myCookies = context.Request.Cookies.AllKeys;
            foreach (string cookie in myCookies)
                context.Response.Cookies[cookie].Expires = DateTime.Now.AddDays(-1);
            FormsAuthentication.SignOut();
            context.Session.Abandon();
            context.Response.Redirect(Settings.Default.MyRootURL);
        }
    }
}


add something like this to your web.config <configuration> section

<location path="Logout.ashx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
</location>

this will allow both Authenticated and Anonymous users to access Logout.ashx


How do you log users out, can we see the code from Logout.aspx? The common practice is having these 2 lines in Page_Load event:

Session.Abandon();
FormsAuthentication.SignOut();
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜