Forms Auth and FormsAuthentication.SignOut()Question

[Patrick.O.Ige]

I'm using Form Auth.
I 'm using the FormsAuthentication.SignOut() to sign out
But when the user logins in and later logs out using
FormsAuthentication.SignOut()
When the user clicks the back button he is still authenticated on the PAGE
why!!
Is there anyway i can remove the cache or something..
Any ideas?????

[WJ]

The back button on the Browser will only show the page that is already on
the client, this makes you think that you are authenticated but infact you
are not because you just did a "FormsAuthentication.SignOut();" , none of
your code on the page that is caused by the "Back" button at this point is
executed because the page itself has not been back to the server yet. Now,
if you attempt to push a button that does something on the server, then you
will be presented a proper Login page.

John


"Patrick.O.Ige" <PatrickOIge@discussions.microsoft.com> wrote in message
news:CCF22CF5-3EBD-4850-BCD3-BCCF9F6E990C@microsoft.com...

> I'm using Form Auth.
> I 'm using the FormsAuthentication.SignOut() to sign out
> But when the user logins in and later logs out using
> FormsAuthentication.SignOut()
> When the user clicks the back button he is still authenticated on the PAGE
> why!!
> Is there anyway i can remove the cache or something..
> Any ideas?????

[Patrick.O.Ige]

ok then John.
I would try that out.
But do you have any idea how to have a role based Forms Authentication when
using Active Directory as a data store.I want to validate my users against
ROLES in the Active Directory..
Thanks


"WJ" wrote:

> The back button on the Browser will only show the page that is already on
> the client, this makes you think that you are authenticated but infact you
> are not because you just did a "FormsAuthentication.SignOut();" , none of
> your code on the page that is caused by the "Back" button at this point is
> executed because the page itself has not been back to the server yet. Now,
> if you attempt to push a button that does something on the server, then you
> will be presented a proper Login page.
>
> John
>
>
> "Patrick.O.Ige" <PatrickOIge@discussions.microsoft.com> wrote in message
> news:CCF22CF5-3EBD-4850-BCD3-BCCF9F6E990C@microsoft.com...

> > I'm using Form Auth.
> > I 'm using the FormsAuthentication.SignOut() to sign out
> > But when the user logins in and later logs out using
> > FormsAuthentication.SignOut()
> > When the user clicks the back button he is still authenticated on the PAGE
> > why!!
> > Is there anyway i can remove the cache or something..
> > Any ideas?????

>
>
>

[WJ]

"Patrick.O.Ige" <PatrickOIge@discussions.microsoft.com> wrote in message
news:26EACC01-B5B6-41D6-BB33-F70A89038ECC@microsoft.com...

> ok then John.
> I would try that out.
> But do you have any idea how to have a role based Forms Authentication
> when
> using Active Directory as a data store.I want to validate my users against
> ROLES in the Active Directory..
> Thanks
>

We donot allow AD integrated with IIS and Web based applications over
internet. So as a result, I am not very familiar with this type of
implementation. However, Google has a couple of good articles about this
subject that may serve your needs. Here they are:

[url]http://dotnet.org.za/stuartg/articles/1415.aspx[/url]

[url]http://support.microsoft.com/kb/311495/EN-US/[/url]

Hope you do well,

John

[Naveen]

Hi Patrick..

Pls find this article which throws light on different types of Forms based
authentication..

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod03.asp[/url]

HTH

With Best Regards
Naveen K S

"Patrick.O.Ige" wrote:

> I'm using Form Auth.
> I 'm using the FormsAuthentication.SignOut() to sign out
> But when the user logins in and later logs out using
> FormsAuthentication.SignOut()
> When the user clicks the back button he is still authenticated on the PAGE
> why!!
> Is there anyway i can remove the cache or something..
> Any ideas?????

[Patrick.O.Ige]

Thanks John.
Sorry i forgot to mention that its not internet but intranet!
So the links u sent were good!
But what 'm looking for is to actually use Active Directory as a datastore
which i'm using and then perform authorisation that means the user in the
domain can validate against roles(which is the same as Window Groups).
So both my authentication and authorisation process would rely solely on
Active Directory.
What i want to know is how to create a GenericPrincipal object (or a custom
IPrincipal object) and populate it with a set of roles obtained from a custom
authentication data store like Active Directory
Thanks all..

"WJ" wrote:

>
> "Patrick.O.Ige" <PatrickOIge@discussions.microsoft.com> wrote in message
> news:26EACC01-B5B6-41D6-BB33-F70A89038ECC@microsoft.com...

> > ok then John.
> > I would try that out.
> > But do you have any idea how to have a role based Forms Authentication
> > when
> > using Active Directory as a data store.I want to validate my users against
> > ROLES in the Active Directory..
> > Thanks
> >

>
> We donot allow AD integrated with IIS and Web based applications over
> internet. So as a result, I am not very familiar with this type of
> implementation. However, Google has a couple of good articles about this
> subject that may serve your needs. Here they are:
>
> [url]http://dotnet.org.za/stuartg/articles/1415.aspx[/url]
>
> [url]http://support.microsoft.com/kb/311495/EN-US/[/url]
>
> Hope you do well,
>
> John
>
>
>