I have a typical ASP.NET 2.0 Forms authentication application which
authenticates against Active Directory. I use non-persistent cookie so
that the user is NOT remembered across browser sessions. The timeout
is set to 10 minutes. Here is the important code snippets that I took
from my original code:
string roleToCheck = .....;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
member.UserName, DateTime.Now, DateTime.Now.AddMinutes(10), false,
roleToCheck, FormsAuthentication.FormsCookiePath);
string encryptedTicket =
FormsAuthentication.Encrypt(ticket);
HttpCookie authSessionCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authSessionCookie.HttpOnly = true;
authSessionCookie.Expires = ticket.Expiration;
Response.Cookies.Add(authSessionCookie);
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
Note that I'm setting the 2nd parameter to false which means that it
creates non-persistent cookie. Now I opened the IE browser and logged
in by entering the user credentials. I closed the window and there was
no other instance of IE running. I opened another IE and entered the
URL and it straight away went to default page instead of Login page.
1. Why is the cookie not expiring even after I close the browser?
2. If that's how the ASP.NET works, is there any work around so that
whenever the user closes IE and opens another IE, he should be forced
to login once again?
Thanks,
Hari.
3  3513 
Hari,
If you authenticate against the Active Directory, why not host your solution
under intergrated security?
That would solve a lot of your problems.
Kind regards,
Matthijs Krempel
<rh******@gmail.comschreef in bericht
news:3d**********************************@59g2000h sb.googlegroups.com...
I have a typical ASP.NET 2.0 Forms authentication application which
authenticates against Active Directory. I use non-persistent cookie so
that the user is NOT remembered across browser sessions. The timeout
is set to 10 minutes. Here is the important code snippets that I took
from my original code:
string roleToCheck = .....;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
member.UserName, DateTime.Now, DateTime.Now.AddMinutes(10), false,
roleToCheck, FormsAuthentication.FormsCookiePath);
string encryptedTicket =
FormsAuthentication.Encrypt(ticket);
HttpCookie authSessionCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authSessionCookie.HttpOnly = true;
authSessionCookie.Expires = ticket.Expiration;
Response.Cookies.Add(authSessionCookie);
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
Note that I'm setting the 2nd parameter to false which means that it
creates non-persistent cookie. Now I opened the IE browser and logged
in by entering the user credentials. I closed the window and there was
no other instance of IE running. I opened another IE and entered the
URL and it straight away went to default page instead of Login page.
1. Why is the cookie not expiring even after I close the browser?
2. If that's how the ASP.NET works, is there any work around so that
whenever the user closes IE and opens another IE, he should be forced
to login once again?
Thanks,
Hari.
Hi Matthijs - The reason that we are not using Integrated Security and
using Forms is because we have some external (limited) users who
access the application out of our network.
-Hari.
On Apr 9, 1:25*am, "Matthijs Krempel" <matthijs.krem...@hotmail.com>
wrote:
Hari,
If you authenticate against the Active Directory, why not host your solution
under intergrated security?
That would solve a lot of your problems.
Kind regards,
Matthijs Krempel
Hi Hari,
You can write a custom membershipprovider, that uses both your custom
authentication scenario and uses the activedirectorymembershipprovider.
Forms authentication will do the rest for you, no mucking about with writing
custom authentication logic.
With kind regards,
Matthijs Krempel
<rh******@gmail.comschreef in bericht
news:eb**********************************@b64g2000 hsa.googlegroups.com...
Hi Matthijs - The reason that we are not using Integrated Security and
using Forms is because we have some external (limited) users who
access the application out of our network.
-Hari.
On Apr 9, 1:25 am, "Matthijs Krempel" <matthijs.krem...@hotmail.com>
wrote:
>Hari,
If you authenticate against the Active Directory, why not host your
solution
under intergrated security?
That would solve a lot of your problems.
Kind regards,
Matthijs Krempel
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: Nick |
last post by:
I am working a new application...well actually a series of applications for
my company. They want internal users to be able to go to a site and
everything regarding security is transparent,...
|
by: Summa |
last post by:
Hi,
In ASP.NET, i've written a class that handles URLRewrite. So that all
requests to say "default.aspx?id=2&basic=1" is returned as "basic.1/2.aspx".
It works beautifully...But but but....Using...
|
by: Peter |
last post by:
I have a site which uses forms authentication but I would
like to exclude certain pages on the site from
authentication. In other words I would like the user to be
able to get to these pages...
|
by: Eric |
last post by:
I am trying to build an app where the stuff in the root directory is open to
all, but anything under the Restricted directory requires you to login and I
want to use Forms to do it. I'm having...
|
by: Rippo |
last post by:
Hi
I am using role base forms authentication in asp.net and have come
across a problem that I would like advice on.
On a successful login a session variable is set to identify a user.
This is...
|
by: Samba |
last post by:
Hi,
I've a web application and I'm using Forms authentication. My app contains
some pages that can be viewed by everyone and it doesn't require any
authentication or authoization and these pages...
|
by: Max2006 |
last post by:
Hi,
We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application;
however we have to use Active Directory for user name and password storage.
Is that possible? Is there any sample...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the...
|
by: djnokturnal |
last post by:
Hey guys/gals,
I have successfully implemented forms authentication on my site:
<authentication mode="Forms">
<forms loginUrl="/Members/Login.aspx" timeout="20"...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
