如何强制退出网站的所有用户？

正如Joe建议的那样，您可以编写一个HttpModule来使给定DateTime之前存在的任何cookie无效。 如果将其放在配置文件中，则可以在必要时添加/删除它。 例如，

Web.config文件：

MyAssembly.dll中的HttpModule：

 public class LogoutModule: IHttpModule { #region IHttpModule Members void IHttpModule.Dispose() { } void IHttpModule.Init(HttpApplication context) { context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest); } #endregion /// 
 /// Handle the authentication request and force logouts according to web.config /// 
 /// See "How To Implement IPrincipal" in MSDN private void context_AuthenticateRequest(object sender, EventArgs e) { HttpApplication a = (HttpApplication)sender; HttpContext context = a.Context; // Extract the forms authentication cookie string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = context.Request.Cookies[cookieName]; DateTime? logoutTime = ConfigurationManager.AppSettings["forcedLogout"] as DateTime?; if (authCookie != null && logoutTime != null && authCookie.Expires < logoutTime.Value) { // Delete the auth cookie and let them start over. authCookie.Expires = DateTime.Now.AddDays(-1); context.Response.Cookies.Add(authCookie); context.Response.Redirect(FormsAuthentication.LoginUrl); context.Response.End(); } } }