I have an app that requires the user to login before accessing a
Register.aspx form. I am using Forms authorization so the lines in the
Web.config file are:
<authenticati on mode="Forms">
<forms loginUrl="Login .aspx">
</forms>
</authentication>
<authorizatio n>
<deny users="?" /> <!--deny unauthorized users -->
<allow users="*" /> <!-- Allow all authorized users -->
</authorization>
Sure enough when the user browses to the page inside the folder they are
sent to the Login.aspx file. Inside this login file, I check the user
credentials and return to the original page via:
// return to the original page
FormsAuthentica tion.RedirectFr omLoginPage(Use rID.Text, false);
In the registration page the user enters some information and then clicks
the Submit button that puts stuff in the SQL server database and transitions
to a confirmation page.
The question now comes, how can I remove the authorization at this point.
If the user goes back to the Registration.as px (the original page) they can
view the info directly. I want to make the user go through the Login.aspx
sequence again each time they push the Submit button on the information
collecting page.
I don't know how to unauthorize a user session from within the C# code that
is handling the Submit command.
I am using Visual Studio .NET 2003 and C#.
Any advice would be appreciated.
Ed
--
Edward E.L. Mitchell
Phone: (239)415-7039
6707 Daniel Court
Fort Myers, FL 33908 3 1318
Hi Ed,
First of all, I would like to confirm my understanding of your issue. From
your description, I understand that when the user clicks the submit button,
you need him to login again. If there is any misunderstandin g, please feel
free to let me know.
If you need the user login again, you can try to remove the authentication
ticket by calling FormsAuthentica tion.SignOut method. So next time, the
user's trying to access the registration page, he is required to login
again. You can check the following link for more information. http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebS ecurityFormsAut henticationClas sSignOutTopic.a sp
HTH.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Kevin,
That worked like a charm. Just the functionality that I was looking for.
Thanks for the feedback.
Ed
"Kevin Yu [MSFT]" <v-****@online.mic rosoft.com> wrote in message
news:vT******** ******@TK2MSFTN GXA02.phx.gbl.. . Hi Ed,
First of all, I would like to confirm my understanding of your issue. From your description, I understand that when the user clicks the submit button, you need him to login again. If there is any misunderstandin g, please feel free to let me know.
If you need the user login again, you can try to remove the authentication ticket by calling FormsAuthentica tion.SignOut method. So next time, the user's trying to access the registration page, he is required to login again. You can check the following link for more information.
http://msdn.microsoft.com/library/de...us/cpref/html/ frlrfSystemWebS ecurityFormsAut henticationClas sSignOutTopic.a sp
HTH.
Kevin Yu ======= "This posting is provided "AS IS" with no warranties, and confers no rights."
You're welcome, Ed.
Thanks for sharing your experience with all the people here. If you have
any questions, please feel free to post them in the community.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights." This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Paul |
last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION = "";
$_SESSION = "";
echo "<form method='POST' action='login.php'>
|
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate a user from information you got from the
session. Each secure app on a site must challenge the user for name
and password, each and every time the user accesses it (not just once
and then store it in the session). If a secure app is multi-page,...
|
by: Damien |
last post by:
Hi to all,
I'm currently re-designing our intranet : nice and lean CSS2, cleaned-up
PHP 4.3.7, better-normalized MySQL ;o). So I've started using the
$_SESSION variable instead of register_globals and a couple "better
pratice" code. Not perfect, but better.
Problem : I'm testing everything with Firefox on my machine (IIS on
WinXP Pro), and everything is ok. As soon as I try MS IE 6, it doesn't
seem to keep the sessions from page to...
|
by: Edward Mitchell |
last post by:
I have an app that requires the user to login before accessing a
Register.aspx form. I am using Forms authorization so the lines in the
Web.config file are:
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
</forms>
</authentication>
<authorization>
|
by: joseph conrad |
last post by:
Hi,
I tried to implement my own session handler in order to keep control on
the process
the drawback I foun it is not creating and storing in my cookie the
PHPSESSID variable anymore.
reading te documentation it seems it should do it anyway
any advice?
| |
by: aroraamit81 |
last post by:
Hi,
I am facing a trouble. I have some Session variables in my code and
somehow my session variables are getting mixed up with other users.
For example User A has access to 10 companies and User B has access to
5, now when both of us hits to the server at the same time then their
session variables gets mixedup means either User A and USer B will have
now 5 companies or both have 10 companies. Now again when User A hits
to the server...
|
by: aroraamit81 |
last post by:
Well Guys, Here is a very strange trouble. When more than one users
request tto same page at the same time then our session gets
conflicted.
Moreover I printed my SessionID, strangely but true I got the exact
same SessionID as of other users's.
Well I guess nothing wrong with my code, do I need to set any property
in Web.Config file??
|
by: Santosh |
last post by:
Dear All
i am writting a code sending mail with attachement.
i am writting code for sending mail in one page and code for attaching
a file in the next page.
aftet attaching a file i am taking name of that file from attaching
file page to email page through in session file .i am giving a
facility of attaching five files to user . and i am taking names of
both files in session variables but user attach less than five five
|
by: lyealain |
last post by:
<%
If Session("username") = "" Then
Response.Redirect("/CLS/Login.asp")
End If
Dim conn
Dim connectstr
Dim db_name, db_username, db_userpassword
Dim db_server
Dim res
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |