473,387 Members | 3,810 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > authentication and session

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Authentication and Session

210 Expert 100+
I have an web application that requires users to log in to access the feature. The problems i am running in to is even thought the users sessions expires, button events are firing. The solution to fix this problems is checking if user is authenticated on the button click event.

My question is instead of having this check in every button event is that any other way to prevent the button to fire click event if user session expires?
Dec 4 '09 #1

✓ answered by Frinavale

It shouldn't happen.

Your code should not be executed because ASP.NET should redirect your user if they are not authenticated.

The only thing that I can think of is that you haven't placed the restricted webpage into a folder that specifies that no un-authenticated user can access those resources.

Check your web.config for the folder that the page exists in. Make sure that you have restricted access to the resources within that folder correctly by denying any user that is not authenticated.

-Frinny

7 1893
Frinavale
9,735 Expert Mod 8TB
Do your check in the Page Load event.

If session has expired then redirect the user somewhere in your Page Load event so that no event handling code will be executed (this includes more than just button click events, it will cover every type of event) .

Better yet, use forms authentication instead.
ASP.NET doesn't use Session for this. It creates a Principal object that is authenticated before your code is even executed. If the user is no longer authenticated, ASP.NET will automatically do this redirect before your code is executed, saving time and resources.

-Frinny
Dec 4 '09 #2
semomaniz
210 Expert 100+
i have form authentication setup, but still dont know why the buttons are firing the click event what i have is a text box which fires a text change event and updates the database but when the user leave the page up for some time and then make the change it fires the change event and makes changes to the database. I dont think this is supposed to happen when form authentication is being used. Any ideas whats causing it ?
Dec 4 '09 #3
Frinavale
9,735 Expert Mod 8TB
Are you storing the user's information in Session (old school way of authentication)?

-Frinny
Dec 4 '09 #4
semomaniz
210 Expert 100+
Nope i am using Sql Membership class
Dec 4 '09 #5
Frinavale
9,735 Expert Mod 8TB
So this has nothing really to do with Session..this has to do with the authentication ticket expiring right?

(Sorry trying to understand the problem better)

-Frinny
Dec 4 '09 #6
semomaniz
210 Expert 100+
yes even though the user is not authenticated the text change fires instead of redirecting it to login page.

I am guessing this has to do something with the update panel since the text box is inside an update panel. This is kind of weird . I will place a criteria to check if user is authenticates on the text change event for a quick fix . But i am still wondering why the text change is being fired event thought the authentication has expired
Dec 4 '09 #7
Frinavale
9,735 Expert Mod 8TB
It shouldn't happen.

Your code should not be executed because ASP.NET should redirect your user if they are not authenticated.

The only thing that I can think of is that you haven't placed the restricted webpage into a folder that specifies that no un-authenticated user can access those resources.

Check your web.config for the folder that the page exists in. Make sure that you have restricted access to the resources within that folder correctly by denying any user that is not authenticated.

-Frinny
Dec 4 '09 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

1
HTTP Authentication .vs. Session Authentication
by: Anonymous | last post by:
Greetings. I am designing a PHP application (yes, I have investigated using existing applications). I cannot use HTTPS for reasons I shall not disclose. I must authenticate users against a...
PHP
10
Authentication with sessions...
by: Mark H | last post by:
Hey all-- I'm building a database and I basically need to keep out people who aren't authorized, but it's not like I need top security here. I'm just doing basic user/pass of a SQL database, and...
PHP
3
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
ASP.NET
5
Multiple sessions and forms-based authentication
by: Rob | last post by:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The...
ASP.NET
4
3-Tier Web Application, forms authentication, persistence of user
by: Trevor Andrew | last post by:
Hi There, Hopefully this isn't too difficult a question to express here. I have a 3 tier application. 1. Presentation Tier: ASP.NET web application. 2. Middle Tier: ASP.NET Web Services that...
ASP.NET
3
Authentication question
by: Joe Fallon | last post by:
I use Forms authentication and State Server and Cookies are enabled. Is this correct? If the session is set to timeout in 20 minutes that means that if there is no activity for 20 minutes then...
ASP.NET
1
Authentication in ASP.NET. Need an opinion.
by: Shapper | last post by:
Hello, I am developing a web site where half of the pages are public and the other half are accessible only to registered users. The pages which are accessible only to registered users have...
ASP.NET
18
Forms authentication and session expiration
by: Rippo | last post by:
Hi I am using role base forms authentication in asp.net and have come across a problem that I would like advice on. On a successful login a session variable is set to identify a user. This is...
ASP.NET
0
Authentication: multiple auth types for one site
by: stevecnz | last post by:
I'm looking for feedback on an authentication solution we are considering for an ASP.NET 2.0 project. The site will be accessed by both internal users who are logged into the Windows domain, and...
ASP / Active Server Pages
4
Forms authentication vs session variable
by: Bjorn Sagbakken | last post by:
In a web-application with login creds (user, pwd), these are checked against a user table on a SQL server. On a positive validation I have saved the userID, name, custno and role-settings in a...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!