Ask a Question related to ASP.NET Security, Design and Development.
-
Danny #1
forms authentication automatic logout without timers?
Hello,
I have a web application that uses forms authentication. I have been asked to implement a feature that logs users out automatically if they navigate to a page outside of the secured portion of the web app. This request means that cookie timeouts won't work, it needs to be an instant thing - you leave the site -> the door gets locked on your way out even if you haven't explicitly logged out yourself.
Does anyone know if this is possible?
Regards,
Danny
Danny Guest
-
Automatic windows authentication login
Hi I have 2 intranet sites: Intranet_1 and Intranet_2 both secured using integrated windows authentication in IIS. Using ASP.NET, is there a way... -
How logout in code that using Window Authentication?
Hi, We using Window Autoentication, but we want logout in our code, how should i do? Thanks. Neil. -
Basic Authentication Logout
I have an app with basic authentication turned on. I want to have a logout button. What code do I need to supply in my asp.net to logoff the user... -
Automatic htaccess authentication via PHP
Hi NG, is it possible to achieve an automatic authentication via PHP? What I'm trying to do is, protect one subfolder with htaccess, and then... -
Automatic Login - Forms Authentication - Request.ServerVariables["LOGON_USER"]
Hi there, I'm busy building a site that authenticates users from a database but would like Windows authenticated users to bypass the logon screen... -
ranganh #2 RE: forms authentication automatic logout without timers?
Dear Danny,
In the Page_Load event of the page where you want to logout the users, put the following code:-
if(User.Identity.IsAuthenticated)
{
FormsAuthentication.Signout();
}
this will automatically signout user's who are logged in.
hope it helps.
"Danny" wrote:
> Hello,
>
> I have a web application that uses forms authentication. I have been asked to implement a feature that logs users out automatically if they navigate to a page outside of the secured portion of the web app. This request means that cookie timeouts won't work, it needs to be an instant thing - you leave the site -> the door gets locked on your way out even if you haven't explicitly logged out yourself.
>
> Does anyone know if this is possible?
>
> Regards,
>
> Dannyranganh Guest
-
Sam #3 forms authentication automatic logout without timers?
In the Global.asax AuthorizeRequest event, you can add
code that will check if the user is authenticated and if
the current url is secure or not. Then, sign the user out
accordingly:
Private Sub Global_AuthorizeRequest(ByVal sender As
Object, ByVal e As System.EventArgs) Handles
MyBase.AuthorizeRequest
If User.Identity.IsAuthenticated Then
If Not
HttpContext.Current.Request.IsSecureConnection Then
System.Web.Security.FormsAuthentication.SignOut()
End If
End If
End Sub
I have been asked to implement a feature that logs users>-----Original Message-----
>Hello,
>
>I have a web application that uses forms authentication.
out automatically if they navigate to a page outside of
the secured portion of the web app. This request means
that cookie timeouts won't work, it needs to be an instant
thing - you leave the site -> the door gets locked on your
way out even if you haven't explicitly logged out
yourself.>
>Does anyone know if this is possible?
>
>Regards,
>
>Danny
>.
>Sam Guest
-
Danny #4 RE: forms authentication automatic logout without timers?
Thank you for the replies.
Unfortunately I realised last night when I got home that I didn't really state my question correctly so I am closing this question and moving it to a new posting titled 'can you prevent malicious use of browser back button in forms authentication'
What I actually want to do is this...
User is logged in and authenticated to use secure sections of site. User then proceeds to navigate to some site outside of the secure sections of the web app (could be any url) but forgets to log out then eventually gets up and walks away from their machine. Some other malicious user then comes along and presses the back button on their browser to see what forgetful user has been looking at.
I've been asked to somehow prevent that malicious user from being able to gain access to secure content if fogetful user didn't logout and the forms authentication timer on the auth cookie hasn't yet expired.
I'm really not sure if this is possible.
"Sam" wrote:
> In the Global.asax AuthorizeRequest event, you can add
> code that will check if the user is authenticated and if
> the current url is secure or not. Then, sign the user out
> accordingly:
>
> Private Sub Global_AuthorizeRequest(ByVal sender As
> Object, ByVal e As System.EventArgs) Handles
> MyBase.AuthorizeRequest
> If User.Identity.IsAuthenticated Then
> If Not
> HttpContext.Current.Request.IsSecureConnection Then
>
> System.Web.Security.FormsAuthentication.SignOut()
> End If
> End If
> End Sub
>> I have been asked to implement a feature that logs users> >-----Original Message-----
> >Hello,
> >
> >I have a web application that uses forms authentication.
> out automatically if they navigate to a page outside of
> the secured portion of the web app. This request means
> that cookie timeouts won't work, it needs to be an instant
> thing - you leave the site -> the door gets locked on your
> way out even if you haven't explicitly logged out
> yourself.>> >
> >Does anyone know if this is possible?
> >
> >Regards,
> >
> >Danny
> >.
> >Danny Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
