473,385 Members | 1,400 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > formsauthentication.signout and default.aspx

Join Bytes to post your question to a community of 473,385 software developers and data experts.

FormsAuthentication.SignOut and default.aspx

24
Hi everyone!!
I have a litle problem with an ASP.net application.
My default.aspx page can be accessed only by the registered users.
after user signs-out, it is transfered to the login.aspx form:
Expand|Select|Wrap|Line Numbers
  1. FormsAuthentication.SignOut();
  2. Response.Redirect('login.aspx');
The problem is that if i type in the browser http://localhost/website/default.aspx the page is accesible. Why??
All the other pages can-t be accesed directly.
I think the problem is in the name of the page 'default.aspx'.
How to secure the default.aspx page???

p.s. my web.config
Expand|Select|Wrap|Line Numbers
  1. <authorization>
  2.  <deny users="?" />
  3. </authorization>
Jun 13 '07 #1
3 3735
nateraaaa
663 Expert 512MB
Hi everyone!!
I have a litle problem with an ASP.net application.
My default.aspx page can be accessed only by the registered users.
after user signs-out, it is transfered to the login.aspx form:
Expand|Select|Wrap|Line Numbers
  1. FormsAuthentication.SignOut();
  2. Response.Redirect('login.aspx');
The problem is that if i type in the browser http://localhost/website/default.aspx the page is accesible. Why??
All the other pages can-t be accesed directly.
I think the problem is in the name of the page 'default.aspx'.
How to secure the default.aspx page???

p.s. my web.config
Expand|Select|Wrap|Line Numbers
  1. <authorization>
  2.  <deny users="?" />
  3. </authorization>
In the Page_Load event of default.aspx are you checking to see if there is a logged in user? If not you should add some code that will redirect the user to the login.aspx if there is no Session or Cookie created for the user. Give that a try and let us know what you get.

Nathan
Jun 13 '07 #2
radcaesar
759 Expert 512MB
Calling the SignOut method only removes the forms authentication cookie. The Web server does not store valid and expired authentication tickets for later comparison.
In each page load of each page you should have to check it yourself.

Set a session value when authentication is success.
Check that value on all the page loads else redirect to login page.

:)
Jun 13 '07 #3
c83
24
Calling the SignOut method only removes the forms authentication cookie. The Web server does not store valid and expired authentication tickets for later comparison.
In each page load of each page you should have to check it yourself.

Set a session value when authentication is success.
Check that value on all the page loads else redirect to login page.

:)
I found that after signout the last visited page was accesible, i thought that it was a page caching problem so I added this to my aspx page:
Expand|Select|Wrap|Line Numbers
  1. <%@ OutputCache Duration="1" VaryByParam="none"%>
and i must say that it is working. Is this a good ideea or i should do some other checking??
Jun 13 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

5
FormsAuthentication.SignOut not working within subfolder
by: Jeff Johnson | last post by:
I'm using forms authentication to protect a subfolder within my site. I've got it working fine except for two issues: (1) When I do a RedirectFromLogin page I have to put a cookie path ("/"...
ASP.NET
2
FormsAuthentication Cookie Q
by: George Durzi | last post by:
When you call FormsAuthentication.SignOut(), is the FormsAuthentication cookie supposed to be destroyed automatically? I'm creating my FormsAuthentication cookie by doing: HttpCookie oCookie =...
ASP.NET
0
FormsAuthentication.SignOut not working
by: Ed West | last post by:
Hello This SignOut code is not working, people are still logged in after it redirects to default.aspx. any ideas? Thanks. public class logout : System.Web.UI.Page { private void...
ASP.NET
3
Clearing FormsAuthentication cookie manually
by: tshad | last post by:
Is there a way to manually clear the FormsAuthentication cookie? I want to be able to clear the cookie before going to a specific page to force the logon page to be called before the page. ...
ASP.NET
4
FormsAuthentication.SignOut() not working when manually creatinga ticket?
by: Matthias S. | last post by:
Hi there, I've created an application which is using Forms-based authentification. My Login-Button event handler looks somewhat like this: // validate the input, etc... // sUserName holds now...
ASP.NET
9
FormsAuthentication.SignOut() not working in UserControl
by: Patrick Olurotimi Ige | last post by:
When i add the following code below to a userControl it doesn't fire. Any ideas? Sub SignOut(ByVal objSender As Object, ByVal objArgs As EventArgs) FormsAuthentication.SignOut()...
ASP.NET
3
FormsAuthentication.SignOut() and User.Identity
by: Mark Olbert | last post by:
FormsAuthentication.SignOut() removes the authorization ticket from a user (and the user's roles), but does not change the user's identity. I need to be able to either revert the user to the...
ASP.NET
2
FormsAuthentication.SignOut() not working
by: parez | last post by:
Hi ALl, I had problem with FormsAuthentication.SignOut(). It wasnt working. Looked arround and saw a lot of posts and different solutions to the problem. And some how (i dont nkow what...
ASP.NET
0
FormsAuthentication.SignOut() not fully signing off
by: IfThenElse | last post by:
Hi, I am still able to navigate back to secure area even after calling FormsAuthentication.SignOut() on the logoff.aspx I read some place that I need to clear the cookie, expire it etc.. ...
ASP.NET
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!