开发者

MVC - Identify Page Form Authentication time out

开发者 https://www.devze.com 2023-03-24 02:37 出处:网络
we are developing MVC3 application such that most of our action methods are called via ajax calls and return partialviews. we come acr开发者_Python百科oss a situation where we need to identify if the

we are developing MVC3 application such that most of our action methods are called via ajax calls and return partialviews. we come acr开发者_Python百科oss a situation where we need to identify if the action method is called from Form Authentication time out.

public ActionResult LogOn()
{ 
 // I want to return View("LogOn"); if the call is coming from 
 // Form Authentication time out                       
    return PartialView(Model);
}

here is my web.config looks like:

<authentication mode="Forms">
  <forms loginUrl="~/Home/LogOn" timeout="20" />
</authentication>

Appreciate your input.


Your action will never be hit if the authentication cookie has timed out. The forms authentication module directly redirects to the logon page. One possibility for you to detect this happening from client scripting is to set a custom HTTP header in the controller action serving this logon page:

public ActionResult LogOn()
{
    var model = ...
    Response.AppendHeader("X-LOGON", "true");
    return View(model);
} 

and then when performing your AJAX request you could use the getResponseHeader method on the XHR object in order to verify if the X-LOGON header was set meaning that the server redirected to the logon page. In this case in your success AJAX handler instead of simply injecting the server response into the DOM or relying on the returned JSON you could show some alert message informing the user that his authentication session has timed out and he needs to login again. Another possibility is to automatically redirect him to the logon page using the window.location.href method:

$.ajax({
    url: '/home/some_protected_action',
    success: function (data, textStatus, XMLHttpRequest) {
        if (XMLHttpRequest.getResponseHeader('X-LOGON') === 'true') {
            // the LogOn page was displayed as a result of this request 
            // probably timeout => act accordingly
        }
    }
});


There is no way from the server to distinguish between the user loading the page normally versus performing a page refresh.

There are ways to tell the difference between a regular request and an AJAX request, but it doesn't sound like that's what you're asking for.


There is no easy way but if you apply Post-Redirect-Get, I am not sure you will have that problem.

0

精彩评论

暂无评论...
验证码 换一张
取 消