Ask a Question related to ASP.NET Security, Design and Development.
-
Richard #1
Checking IsAuthenticated for new ASP.NET session
How can I check to see if a user has previously been authenticated with
FormsAuthentication on a page that is defined as viewable by everyone
in web.config?
For example, index.aspx and login.aspx allows everyone to see it via
web.config entries:
<authorization>
<allow users="*" />
</authorization>
Then, when someone logs in I use forms authentication, and the user has
the opportunity to keep the cookie/ticket persistent:
FormsAuthentication.RedirectFromLoginPage(username , True)
When the user closes out the session and returns to the website later,
I would like to check if they had been previously authenticated using
the index.aspx and login.aspx pages. Initially on those pages,
Request.IsAuthenticated returns False, but if the user enters a
restricted page, they are allowed to enter and Request.IsAuthenticated
returns True from then on.
Is this possible? Do I need to get into the cookie? If so, how?
Thanks in advanced.
Richard Guest
-
checking for session variable
I have this session variable in this page and I'm checking at the very top of the page if it does not exist go to and but it still go thru the page... -
Why check request.isAuthenticated
When using Forms security, aren't all pages protected by default ???? -
Checking For Session
I am trying to check for an active session on several pages located inside a directory. If the session does not exist, the user is taken to a login... -
Checking for ASP Session IDs
Is there a way to query a webserver to see how many, and which, ASP Session ID numbers are still current? (ie: not expired). I'm working on a way... -
[PHP] CHECKING IF A SESSION IS ACTIVE OR NOT
There is no reliable way for the server (Apache, PHP, etc) to know when a user closes a session by closing his browser window. That's one reason... -
Chris Rolon #2 RE: Checking IsAuthenticated for new ASP.NET session
In order to force authentication to occure you will have to disable the
anonymous user. The framework will verify that the user has been
authenticated and if not will redirect the user to the defined login page.
Here is a good sample:
[url]http://samples.gotdotnet.com/quickstart/aspplus/default.aspx?url=/quickstart/aspplus/doc/formsauth.aspx[/url]
Chris Rolon
"Richard" wrote:
> How can I check to see if a user has previously been authenticated with
> FormsAuthentication on a page that is defined as viewable by everyone
> in web.config?
>
> For example, index.aspx and login.aspx allows everyone to see it via
> web.config entries:
> <authorization>
> <allow users="*" />
> </authorization>
>
> Then, when someone logs in I use forms authentication, and the user has
> the opportunity to keep the cookie/ticket persistent:
> FormsAuthentication.RedirectFromLoginPage(username , True)
>
> When the user closes out the session and returns to the website later,
> I would like to check if they had been previously authenticated using
> the index.aspx and login.aspx pages. Initially on those pages,
> Request.IsAuthenticated returns False, but if the user enters a
> restricted page, they are allowed to enter and Request.IsAuthenticated
> returns True from then on.
>
> Is this possible? Do I need to get into the cookie? If so, how?
> Thanks in advanced.
>
>Chris Rolon Guest
-
Richard #3 Re: Checking IsAuthenticated for new ASP.NET session
I already have formsauthentication set up. Read my original post over
again...my issue is that I do not want to redirect a user to the login
page if they go to my index.aspx page. However, on my index.aspx page I
would like to grab user specific information IF they have a persistant
cookie.
With formsauthentication, I am stuck with 2 options that do not work
for my site:
1) force authentication by denying authorization to index.aspx for all
users. Thus, making login.aspx my new default page for new users.
2) allow authorization for all to see index.aspx, but will not be able
to tell if they are persistantly authorized (cookie). Thus, no "hello
'siteUser', you are currently logged in", and no menu specific changes
on the site.
To be more specific, lets say you are an admin user and this is your
first time to the site. When you come to my site without ever having
logged in, you see 4 javascript menus on the home page, just as any
other visitor would. Once you log in as admin, you are redirected to
the home page, but all the pages now have 5 javascript menus. Keep in
mind, chkPersistantCookie.Checked = true during the login process.
Now, the session is completely closed...no more browser windows.
What happens on next visit:
User as admin goes to the home page and sees 4 menus, even though the
cookie is persistant and they have already been authorized. If the user
goes to a protected page, from there on there are 5 menus again. So,
the user doesn't think he is initially logged in and typically goes to
the login page without needing to (even though it doesn't look it, but
the user is authorized).
What needs to happen on next visit:
User as admin goes to the home page and sees the 5th menu. Now the user
knows he is logged in and can navigate to the pages under the 5th menu.
Richard Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
