473,320 Members | 1,876 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

How can I Unauthorize a .NET session

I have an app that requires the user to login before accessing a
Register.aspx form. I am using Forms authorization so the lines in the
Web.config file are:

<authentication mode="Forms">
<forms loginUrl="Login.aspx">
</forms>
</authentication>

<authorization>
<deny users="?" /> <!--deny unauthorized users -->
<allow users="*" /> <!-- Allow all authorized users -->
</authorization>

Sure enough when the user browses to the page inside the folder they are
sent to the Login.aspx file. Inside this login file, I check the user
credentials and return to the original page via:

// return to the original page
FormsAuthentication.RedirectFromLoginPage(UserID.T ext, false);

In the registration page the user enters some information and then clicks
the Submit button that puts stuff in the SQL server database and transitions
to a confirmation page.

The question now comes, how can I remove the authorization at this point.
If the user goes back to the Registration.aspx (the original page) they can
view the info directly. I want to make the user go through the Login.aspx
sequence again each time they push the Submit button on the information
collecting page.

I don't know how to unauthorize a user session from within the C# code that
is handling the Submit command.

I am using Visual Studio .NET 2003 and C#.

Any advice would be appreciated.

Ed
--
Edward E.L. Mitchell
Phone: (239)415-7039
6707 Daniel Court
Fort Myers, FL 33908
Jul 21 '05 #1
3 1290
Hi Ed,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that when the user clicks the submit button,
you need him to login again. If there is any misunderstanding, please feel
free to let me know.

If you need the user login again, you can try to remove the authentication
ticket by calling FormsAuthentication.SignOut method. So next time, the
user's trying to access the registration page, he is required to login
again. You can check the following link for more information.

http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebSecurityFormsAuthenticationClassSign OutTopic.asp

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Jul 21 '05 #2
Kevin,

That worked like a charm. Just the functionality that I was looking for.

Thanks for the feedback.

Ed
"Kevin Yu [MSFT]" <v-****@online.microsoft.com> wrote in message
news:vT**************@TK2MSFTNGXA02.phx.gbl...
Hi Ed,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that when the user clicks the submit
button,
you need him to login again. If there is any misunderstanding, please feel
free to let me know.

If you need the user login again, you can try to remove the authentication
ticket by calling FormsAuthentication.SignOut method. So next time, the
user's trying to access the registration page, he is required to login
again. You can check the following link for more information.

http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebSecurityFormsAuthenticationClassSign OutTopic.asp

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Jul 21 '05 #3
You're welcome, Ed.

Thanks for sharing your experience with all the people here. If you have
any questions, please feel free to post them in the community.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Jul 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Paul | last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and session.use_trans_sid = 1 in my php.ini file. Index.php contains:...
27
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
2
by: Damien | last post by:
Hi to all, I'm currently re-designing our intranet : nice and lean CSS2, cleaned-up PHP 4.3.7, better-normalized MySQL ;o). So I've started using the $_SESSION variable instead of register_globals...
3
by: Edward Mitchell | last post by:
I have an app that requires the user to login before accessing a Register.aspx form. I am using Forms authorization so the lines in the Web.config file are: <authentication mode="Forms">...
0
by: joseph conrad | last post by:
Hi, I tried to implement my own session handler in order to keep control on the process the drawback I foun it is not creating and storing in my cookie the PHPSESSID variable anymore. reading te...
14
by: aroraamit81 | last post by:
Hi, I am facing a trouble. I have some Session variables in my code and somehow my session variables are getting mixed up with other users. For example User A has access to 10 companies and...
7
by: aroraamit81 | last post by:
Well Guys, Here is a very strange trouble. When more than one users request tto same page at the same time then our session gets conflicted. Moreover I printed my SessionID, strangely but true I...
1
by: Santosh | last post by:
Dear All i am writting a code sending mail with attachement. i am writting code for sending mail in one page and code for attaching a file in the next page. aftet attaching a file i am taking...
5
by: lyealain | last post by:
<% If Session("username") = "" Then Response.Redirect("/CLS/Login.asp") End If Dim conn Dim connectstr Dim db_name, db_username, db_userpassword Dim db_server Dim res
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.