hi,
I have implemented forms authentication and it is woking well however I am
experiencing a slightly frustrating problem.
The "Admin" directory of my site is password protected, however if a user
successfully logs in to this section then will see a small menu at the top
of the page on
ANY page they are logged into, even it is outside the "Admin" directory.
Basically if you are an admin you see this menu and if you are not you
don't.
I achieve this with the following code
Dim encTicket As String
Dim ticket As System.Web.Security.FormsAuthenticationTicket
Dim currentUsername
Dim cookie As System.Web.HttpCookie
cookie =
Request.Cookies(System.Web.Security.FormsAuthentic ation.FormsCookieName)
If cookie Is Nothing Then
'The user is not logged in so do not display the menu
MenuLabel.Visible = False
Else
encTicket = cookie.Value
ticket =
System.Web.Security.FormsAuthentication.Decrypt(en cTicket)
currentUsername = ticket.Name
MenuLabel.Visible = True
End If
Now if a user logs in successfully and the has no activity on the client for
a certain period they are logged out and have to log back in again. This
also wors fine.
However if the user has been logged out the above code still thinks that the
user is still logged in. I guess the cookie is still on the client although
it has probabally expired.
My question is what would I have to add to the above code to determine that
the cookie has not expired.
cheers
Alex. 4 1379
"Alex" <al**************@yahoo.com> wrote in message
news:#j*************@TK2MSFTNGP10.phx.gbl... hi,
I have implemented forms authentication and it is woking well however I am experiencing a slightly frustrating problem. The "Admin" directory of my site is password protected, however if a user successfully logs in to this section then will see a small menu at the top of the page on ANY page they are logged into, even it is outside the "Admin" directory. Basically if you are an admin you see this menu and if you are not you don't. I achieve this with the following code Dim encTicket As String Dim ticket As System.Web.Security.FormsAuthenticationTicket Dim currentUsername Dim cookie As System.Web.HttpCookie cookie = Request.Cookies(System.Web.Security.FormsAuthentic ation.FormsCookieName) If cookie Is Nothing Then 'The user is not logged in so do not display the menu MenuLabel.Visible = False Else encTicket = cookie.Value ticket = System.Web.Security.FormsAuthentication.Decrypt(en cTicket) currentUsername = ticket.Name MenuLabel.Visible = True End If
Now if a user logs in successfully and the has no activity on the client
for a certain period they are logged out and have to log back in again. This also wors fine. However if the user has been logged out the above code still thinks that
the user is still logged in. I guess the cookie is still on the client
although it has probabally expired. My question is what would I have to add to the above code to determine
that the cookie has not expired.
Don't play with the cookie for that purpose. Use Request.IsAuthenticated and
User.IsInRole("Admin").
--
John
"Alex" <al**************@yahoo.com> wrote in message
news:#j*************@TK2MSFTNGP10.phx.gbl... hi,
I have implemented forms authentication and it is woking well however I am experiencing a slightly frustrating problem. The "Admin" directory of my site is password protected, however if a user successfully logs in to this section then will see a small menu at the top of the page on ANY page they are logged into, even it is outside the "Admin" directory. Basically if you are an admin you see this menu and if you are not you don't. I achieve this with the following code Dim encTicket As String Dim ticket As System.Web.Security.FormsAuthenticationTicket Dim currentUsername Dim cookie As System.Web.HttpCookie cookie = Request.Cookies(System.Web.Security.FormsAuthentic ation.FormsCookieName) If cookie Is Nothing Then 'The user is not logged in so do not display the menu MenuLabel.Visible = False Else encTicket = cookie.Value ticket = System.Web.Security.FormsAuthentication.Decrypt(en cTicket) currentUsername = ticket.Name MenuLabel.Visible = True End If
Now if a user logs in successfully and the has no activity on the client
for a certain period they are logged out and have to log back in again. This also wors fine. However if the user has been logged out the above code still thinks that
the user is still logged in. I guess the cookie is still on the client
although it has probabally expired. My question is what would I have to add to the above code to determine
that the cookie has not expired.
Don't play with the cookie for that purpose. Use Request.IsAuthenticated and
User.IsInRole("Admin").
--
John
Cheers Again John.
I'll take your advice.
"John Saunders" <john.saunders at surfcontrol.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl... "Alex" <al**************@yahoo.com> wrote in message news:#j*************@TK2MSFTNGP10.phx.gbl... hi,
I have implemented forms authentication and it is woking well however I
am experiencing a slightly frustrating problem. The "Admin" directory of my site is password protected, however if a
user successfully logs in to this section then will see a small menu at the
top of the page on ANY page they are logged into, even it is outside the "Admin" directory. Basically if you are an admin you see this menu and if you are not you don't. I achieve this with the following code Dim encTicket As String Dim ticket As System.Web.Security.FormsAuthenticationTicket Dim currentUsername Dim cookie As System.Web.HttpCookie cookie = Request.Cookies(System.Web.Security.FormsAuthentic ation.FormsCookieName) If cookie Is Nothing Then 'The user is not logged in so do not display the menu MenuLabel.Visible = False Else encTicket = cookie.Value ticket = System.Web.Security.FormsAuthentication.Decrypt(en cTicket) currentUsername = ticket.Name MenuLabel.Visible = True End If
Now if a user logs in successfully and the has no activity on the client for a certain period they are logged out and have to log back in again. This also wors fine. However if the user has been logged out the above code still thinks that the user is still logged in. I guess the cookie is still on the client although it has probabally expired. My question is what would I have to add to the above code to determine that the cookie has not expired.
Don't play with the cookie for that purpose. Use Request.IsAuthenticated
and User.IsInRole("Admin").
-- John
Cheers Again John.
I'll take your advice.
"John Saunders" <john.saunders at surfcontrol.com> wrote in message
news:eQ**************@TK2MSFTNGP10.phx.gbl... "Alex" <al**************@yahoo.com> wrote in message news:#j*************@TK2MSFTNGP10.phx.gbl... hi,
I have implemented forms authentication and it is woking well however I
am experiencing a slightly frustrating problem. The "Admin" directory of my site is password protected, however if a
user successfully logs in to this section then will see a small menu at the
top of the page on ANY page they are logged into, even it is outside the "Admin" directory. Basically if you are an admin you see this menu and if you are not you don't. I achieve this with the following code Dim encTicket As String Dim ticket As System.Web.Security.FormsAuthenticationTicket Dim currentUsername Dim cookie As System.Web.HttpCookie cookie = Request.Cookies(System.Web.Security.FormsAuthentic ation.FormsCookieName) If cookie Is Nothing Then 'The user is not logged in so do not display the menu MenuLabel.Visible = False Else encTicket = cookie.Value ticket = System.Web.Security.FormsAuthentication.Decrypt(en cTicket) currentUsername = ticket.Name MenuLabel.Visible = True End If
Now if a user logs in successfully and the has no activity on the client for a certain period they are logged out and have to log back in again. This also wors fine. However if the user has been logged out the above code still thinks that the user is still logged in. I guess the cookie is still on the client although it has probabally expired. My question is what would I have to add to the above code to determine that the cookie has not expired.
Don't play with the cookie for that purpose. Use Request.IsAuthenticated
and User.IsInRole("Admin").
-- John
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: jsWalter |
last post by:
I have an extension Class to Auth and I'm looking for some folks to hammer
on it a bit and give feed back.
Class: AuthUser
- add user (well, Auth does that now, so its gone)
- remove user...
|
by: Dan Stromberg |
last post by:
If I wanted to write a python script that performs basic auth, gets a
cookie, and then does an http POST using the cookie for authentication,
what would be the best python API to write to?
Does...
|
by: Chris |
last post by:
Hi,
I am using an authentication cookie (generated on page load) of my asp.net
application. I'm giving the cookie a lifespan of 20 minutes.
If a user does something within that 20 minutes, it...
|
by: Alex |
last post by:
hi,
I have implemented forms authentication and it is woking well however I am
experiencing a slightly frustrating problem.
The "Admin" directory of my site is password protected, however if a...
|
by: 23s |
last post by:
I had this problem in the past, after a server reformat it went away, and
now after another server reformat it's back again - no clue what's doing it.
Here's the flow:
Website root is public, no...
|
by: Param R. |
last post by:
Hi all, we are experiencing an issue with regards to the auth cookie and a
load balanced server farm. The user may randomly hit any box in the server
farm. If the users authenticates against 1 box...
|
by: Bill Borg |
last post by:
Hello all,
Not sure I can describe this adequately, but I am creating an endless loop
when an authenticated user signs out.
When the user signs out, I want to remove authentication, abandon...
|
by: Perecli Manole |
last post by:
In the forms authentication construct, I need a way to prevent ticket
IssueDate and Expiration from being updated for a specific page only. By
default forms authentication updates these two values...
|
by: J. Frank Parnell |
last post by:
The goal here is to use basic authentication for a user to log in, but keep a
cookie so that they dont have to log in every browser session.
<?
$user = "user";
$pass = "pass";
...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |