473,320 Members | 1,936 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Forms Authentication and recycling web.config

Hi,

I'm noticing that if web.config is changed, the web app is restarted and all Sessions are restarted as expected, but with Web Form authentication, it seems like the user is still authenticated. This allows the user to keep on trucking, but without any session state.

Adding the following code to Session_Start in global.aspx.cs

protected void Session_Start(Object sender, EventArgs e)
{ if ( User.Identity.IsAuthenticated ) { FormsAuthentication.SignOut(); }}
Fixes the problem, but I'm shocked that a google of ASP.NET Session_Start IsAuthenticated SignOut doesn't return a bunch of info and an explanation.

Can anyone explain this?

TIA
geo
Nov 18 '05 #1
3 1952
authentication is independant of session management (you can turn session support off like I do and still use authenication). it done with either url munging or cookies, your choice. you can also pick session management handlers (any non-inproc) that do not recycle on site changes.

-- bruce (sqlwork.com)
"DotNetGruven" <ms********@javagruven.com> wrote in message news:O7**************@TK2MSFTNGP11.phx.gbl...
Hi,

I'm noticing that if web.config is changed, the web app is restarted and all Sessions are restarted as expected, but with Web Form authentication, it seems like the user is still authenticated. This allows the user to keep on trucking, but without any session state.

Adding the following code to Session_Start in global.aspx.cs

protected void Session_Start(Object sender, EventArgs e)
{ if ( User.Identity.IsAuthenticated ) { FormsAuthentication.SignOut(); }}
Fixes the problem, but I'm shocked that a google of ASP.NET Session_Start IsAuthenticated SignOut doesn't return a bunch of info and an explanation.

Can anyone explain this?

TIA
geo
Nov 18 '05 #2
Hi Geo,

I think Bruce's suggestions are quite reasonable. Generally the asp.net
formsauthentication 's token is stored in cookie. Cookie is some files
stored in the client user's machine that's why it can remain even afte the
web application is restarted.
#Basics of Cookies in ASP.NET
http://msdn.microsoft.com/library/en...hASPNETCookies
101.asp?frame=true

And the session state are server side resources and by default it stored
in the server's memory and will be lost when the applicaiton restarted. The
session state has no relation with the formsauthentcaiont's token
maintainance.
#ASP.NET Session State
http://msdn.microsoft.com/library/en...000.asp?frame=
true

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #3
Hi Geo,

Have you had a chance to check out the suggestions in the former replies or
have you got any further ideas on this issue? If you have anything unclear
or if there're anything else we can help, please feel free to post here.
Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
Nov 18 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
1
by: MJ | last post by:
I'm building an application that has a file structure similar to the following: /myapp/user_login.aspx /myapp/user_page_1.aspx /myapp/user_page_2.aspx /myapp/user_page_3.aspx...
11
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...
3
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
2
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having...
0
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
5
by: Gavin Stevens | last post by:
I'm trying to figure out the ASP.NET Forms Auth I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want...
1
by: Sumaira Ahmad | last post by:
Hi, Please help me with this.. I am trying to use Forms Authentication in a sample project. I basically want to have two folders in my application , one in which I store pages that can be...
7
by: Adrian Parker | last post by:
We have an application that's running ok on most of our customers machines, but on one of them we get an error. They're running on windows 2003 server with iis6. In the web.config, the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.