Can anyone tell me if this is possible in asp.net, I want to use form-based
authentication to authenticate my users, however a employee of the company
is attempting to be logged in as administrator and as a client in two
browser windows. When the FormsAuthentication.Signout is called on one of
the windows, it kills both authentications for both browser windows. When
the user attempts to do something in the other window, they are directed to
the login screen. I'm assuming my cookie is being replaced by the second
login, and then destroyed, i'm wondering if i can somehow make the
form-based authentication specific to the browser window as I am assuming a
new browser window means a new session is being created.
Thank You,
Frank Walsh Fr*********@gmail.com 6 1357
Frank:
I think you're right about why it's working the way it is (shared cookies by
browser). ASP.Net 2.0 will have cookieless formsauthentication (similar to
the current implementation of cookieless sessions). The only real
solution I can think of is that you bake your own cookieless code, using Url
Rewriting. Certainly not ideal, not sure I'd go through the trouble unless
absolutely necessary.
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Frank Walsh" <Fr*********@gmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Can anyone tell me if this is possible in asp.net, I want to use form-based authentication to authenticate my users, however a employee of the company is attempting to be logged in as administrator and as a client in two browser windows. When the FormsAuthentication.Signout is called on one of the windows, it kills both authentications for both browser windows. When the user attempts to do something in the other window, they are directed to the login screen. I'm assuming my cookie is being replaced by the second login, and then destroyed, i'm wondering if i can somehow make the form-based authentication specific to the browser window as I am assuming a new browser window means a new session is being created.
Thank You,
Frank Walsh Fr*********@gmail.com
I think it has a lot to do with how the client is opening the multiple
browsers. If you lauch two windows seperately, for example double click on
the internet explorer icon on the desktop twice to get two open windows, you
should not see this problem. We use forms authentication and I have multiple
windows open with seperate logins in each window and none of them ever
interferre with the others. However if the client opens one window then hits
Crtl-N or Clicks on the File menu-> New Window, the new window will open
however it will share the same "session" (shared cookies, shared history,
etc) which I think is causing the problem you are referring to.
"Frank Walsh" wrote: Can anyone tell me if this is possible in asp.net, I want to use form-based authentication to authenticate my users, however a employee of the company is attempting to be logged in as administrator and as a client in two browser windows. When the FormsAuthentication.Signout is called on one of the windows, it kills both authentications for both browser windows. When the user attempts to do something in the other window, they are directed to the login screen. I'm assuming my cookie is being replaced by the second login, and then destroyed, i'm wondering if i can somehow make the form-based authentication specific to the browser window as I am assuming a new browser window means a new session is being created.
Thank You,
Frank Walsh Fr*********@gmail.com
Karl Seguin wrote: Frank: I think you're right about why it's working the way it is (shared cookies by browser). ASP.Net 2.0 will have cookieless formsauthentication (similar to the current implementation of cookieless sessions). The only real solution I can think of is that you bake your own cookieless code, using Url Rewriting. Certainly not ideal, not sure I'd go through the trouble unless absolutely necessary.
Karl
Karl,
Just curious, but do you know how 2.0's cookieless forms authentication
differs from the current (v1.1) cookieless sessions?
Thanks!
Ben
Looks like there are some pre-built solutions for 1.1: http://www.codeproject.com/aspnet/cookieless.asp
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:OM****************@TK2MSFTNGP15.phx.gbl... Frank: I think you're right about why it's working the way it is (shared cookies by browser). ASP.Net 2.0 will have cookieless formsauthentication (similar to the current implementation of cookieless sessions). The only real solution I can think of is that you bake your own cookieless code, using Url Rewriting. Certainly not ideal, not sure I'd go through the trouble unless absolutely necessary.
Karl
-- MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to come!) "Frank Walsh" <Fr*********@gmail.com> wrote in message news:%2****************@tk2msftngp13.phx.gbl... Can anyone tell me if this is possible in asp.net, I want to use form-based authentication to authenticate my users, however a employee of the company is attempting to be logged in as administrator and as a client in two browser windows. When the FormsAuthentication.Signout is called on one of the windows, it kills both authentications for both browser windows. When the user attempts to do something in the other window, they are directed to the login screen. I'm assuming my cookie is being replaced by the second login, and then destroyed, i'm wondering if i can somehow make the form-based authentication specific to the browser window as I am assuming a new browser window means a new session is being created.
Thank You,
Frank Walsh Fr*********@gmail.com
AFAIK it's pretty much the same except one applies to the sessionid the
other to the auth cookie. Configured in web.config also..
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Ben Amada" <be*@REpoMOweVErpick.com> wrote in message
news:ew**************@TK2MSFTNGP10.phx.gbl... Karl Seguin wrote:
Frank: I think you're right about why it's working the way it is (shared cookies by browser). ASP.Net 2.0 will have cookieless formsauthentication (similar to the current implementation of cookieless sessions). The only real solution I can think of is that you bake your own cookieless code, using Url Rewriting. Certainly not ideal, not sure I'd go through the trouble unless absolutely necessary.
Karl
Karl,
Just curious, but do you know how 2.0's cookieless forms authentication differs from the current (v1.1) cookieless sessions?
Thanks! Ben
Karl Seguin wrote: AFAIK it's pretty much the same except one applies to the sessionid the other to the auth cookie. Configured in web.config also..
Karl
ok -- thanks! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: CK |
last post by:
Hi all,
I know this question is stupid. But i need some advice for this. I
am trying to develop a website, which will allow the user send to order form
to the admin email. I am planning to use the...
|
by: Laurent Bertin |
last post by:
Hi i got a strange problem but it's true i don't make thing like anyone...
First Config:
+ IIS5.0 SP2 (yes i know...)
WebSite Security
Root : Digest Authentication, NT Authenticated
SubFolders...
|
by: Lamberti Fabrizio |
last post by:
Hi all,
I've to access to a network file from an asp pages.
I've red a lot of things on old posts and on Microsoft article but I can't
still solve my problem.
I've got two server inside the...
|
by: Malik Asif Joyia |
last post by:
Hello
I want to implement the forms based authentication. for a sub directory in my webapplication.
I have allready applied Forms based authentication in my webapplication ,,
I have added a folder...
|
by: Chris Gatto |
last post by:
Hi,
I'm having what should be a minor problem but has turned into a 2 day slug
fest with ASP.Net. I am simply attempting to authenticate my asp.net
application users against users in an AD...
|
by: david |
last post by:
I can not figure out what is the problem that I can protect ASP.NEt form
resource but not some other type of files, for example, images.
All my aspx forms located in Demo folder and image files...
|
by: |
last post by:
One thing I did a lot of in Classic ASP involved showing page elements
conditionally based on whether a user was logged in or not. Logged in users
or "superusers" would get more content and/or more...
|
by: david |
last post by:
I have developed login.aspx for Web form based authentication, and configured
IIS and Web.config. It has been working until two days ago. I believe that
some other people changed the IIS...
|
by: Max |
last post by:
Following the tutorial at http://personalpages.tds.net/~kent37/kk/00010.html,
I understand how to access HTTP basic authenticated pages or form-
based authenticated pages. How would I access a page...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |