Ask a Question related to ASP.NET General, Design and Development.
-
Kristofer Liljeblad #1
Where does IIS and ASP.Net save Authentication info? (sessionState mode="SQLServer")
Hi,
I've successfully setup my machine to use: sessionState mode="SQLServer".
All is up and running so no problems so far. Because I curious person, I
started to play around with the two new tables created on my SQLServer.
Here is what I've done.
1. I've created a web projectec consisting of two webforms. The first form
(default.aspx) is my testform and it doesn't do much at all. (Actually it
displays the time when you press a button).
2. The second form (login.aspx) handles login requests. If you press a
button then the following code fires:
FormsAuthentication.RedirectFromLoginPage("MyUser" , false);
3. I've allso setup my web.config file as following:
<authentication mode="Forms">
<forms
loginUrl = "Login.aspx"
name = ".ASPXFORMSAUTH"
protection ="All"
timeout ="20"/>
</authentication>
<authorization>
<deny users="?" /> <!-- Allow all users -->
</authorization>
4. So basically I have a project that doesn't do much at all. Now to my
test. I start my application by requesting the default.aspx and gets
redirected to the login page. I login by pressing the button (as mentioned
above) and I'm back at the first page (default.aspx) and can watch the time
as I press a button.
5. So what I would like as an administrator of this application is to logoff
this user. I thought I could go into the table ASPStateTempSessions and
delete the corresponding row (or all rows to logoff all users) BUT if I do
that, then the user still remains loggedin and can still watch the clock
change as he clicks the button?!?!?
So what i've done is to remove all information in the to tables
ASPStateTempApplications and ASPStateTempSessions.
6. So the user can still click the button and see what time it is (through
the button on default.aspx) and if look in the table ASPStateTempSessions,
the session Id is back and as it seems, the user is still logged on to my
web site?!?!
Now to my questions:
* Doesn't IIS and ASP.NET store authentication information such as UserId in
the session variables?
* If I delete all session information shouldn't the user be logged out?
* Where does IIS and ASP.NET store authentication information if I use
sessionState mode="SQLServer"?
/Kristofer
Kristofer Liljeblad Guest
-
#12029 [Com]: "--with-apxs" can cause the error "MySQL: Unable to save result set in"
ID: 12029 Comment by: sietzepost at streetwisedd dot nl Reported By: root at byone dot com Status: Bogus Bug... -
Force Popup with authentication mode="Windows"
Is there a way to make my intranet web application NOT automatically use the logged in user when using the "Windows" authentication mode? I want to... -
"save", "selective color" menu go too slow. Please help!
have intel pentium 4 cpu and photoshop 7. when im using "selective color" or "save" menu (im a novice of photoshop), i have to wait kind of long... -
Session Expired (sessionState mode="SQLServer")
Hi All, We have developmented Web project with ASP.Net and SQL server Database. In this project we have configured "SessionState" mode as... -
"Save As" and "Save target as" missing
I'm using a new computer with Windows XP. When I right- click on a picture or file, "Save as" and "Save target as" are never on the menu. Not...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
