Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <formstimeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.
Any suggestions gratefully received!
Mat
4  1612 
Mat,
Although I'm using 1.1 Forms Auth I had a few gotcha's.....
Login.aspx FormsAuthentica tion.Initialize ()
Although I have a login page, its purpose is to either login w/an ID or via
querystring passing in the ID.
My formsAuth method is contained in my Common.vb for reusability in other
web projects.
PageLoad event for all pages....
'Check security token
If Not Session("securi tyToken") Is Nothing Then
If Not CType(Session(" securityToken") ,
Common.Security Token).IsLogged In Then
Response.Redire ct("./LogOut.aspx")
End If
Else : Response.Redire ct("./LogOut.aspx")
End If
I'm not sure if this helps but in my searching there were many suggestions
that there may also be an issue w/the machine.config
HTH
JeffP....
<mw****@mbasys. co.ukwrote in message
news:11******** **************@ e63g2000cwd.goo glegroups.com.. .
Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <formstimeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.
Any suggestions gratefully received!
Mat
Hi,
thanks for the reply. I found an article http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!
Mat
Mat, Since it is htm, prehaps you could write an aspx wrapper for the entire
site and javaScript to check for isLoggedIn, or use a VB6 dll that checks
the cookie... good luck.... JeffP...
<mw****@mbasys. co.ukwrote in message
news:11******** **************@ b28g2000cwb.goo glegroups.com.. .
Hi,
thanks for the reply. I found an article
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!
Mat
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Senthil |
last post by:
1. Created a new C# web application project
2. Change the name of webform1 to login.aspx
3. And in the .cs file change the name of the class to login, and include
System.web.security namespace.
4. Place a textbox and a button in the login.aspx form.
5. Have the following code in the button click event.
if (true)
{
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, false)
|
by: ElmoWatson |
last post by:
I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the...
|
by: Kian Goh |
last post by:
Hi there,
I am trying to use an entry level security for my resources website. I
followed the procedures in the MS published Self-Paced Training Kit,
everything seems working as expected. However, I found that the
authentication cookie never expires.
I thought the default timeout is 30 minutes. Please tell me if I miss any
step...
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I cannot write to web.config so I cannot dynamically update the
credentials while the site is up. Since the
FormsAuthentication.Authenticate() method's documentations claims the
following:
"Attempts to validate the credentials against those contained...
|
by: Eric |
last post by:
I am trying to build an app where the stuff in the root directory is open to
all, but anything under the Restricted directory requires you to login and I
want to use Forms to do it. I'm having trouble getting the web.config to
work properly.
First I tried to have a second web.config in the sub directory with
authentication and authorization set to forms, but it blew up.
Next, I tried to modify the root web.config in the following manner...
| | |
by: Andrew Robinson |
last post by:
Is there any way to dynamically set the timeout while using forms based
authentication? I want to change this value depending on the type of user
that logs into my system. I understand that this value lives in the config
file but can I change it in code?
Thanks,
-Andy
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
<configuration>
<system.web>
<customErrors mode="Off"/>
|
by: Max2006 |
last post by:
Hi,
We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application;
however we have to use Active Directory for user name and password storage.
Is that possible? Is there any sample application to do this?
Thank you,
Max
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the creation of content which adjusts based
on the user.
I have several pages which require a user to be logged on and several which
do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session...
|
by: =?Utf-8?B?TWlrZSBDb2xsaW5z?= |
last post by:
I have a web application that I started building. I created a master page
with some javascript in the head:
<script src="<%# Request.ApplicationPath%>/Scripts/Main.js"
type="text/javascript"></script>
I am also using themes and set my default theme in webconfig:
<pages theme="Default">
<controls>
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
