Ask a Question related to ASP.NET Security, Design and Development.
-
Will Gillen #1
Windows Authentication and Session State
I have an ASP.NET application that is using windows authentication (basic).
It prompts the user for their Windows Credentials when they first load the
page.
Now, I want to have the "session" timeout in 3 minutes, so that the page
will again prompt them for their credentials if this timeout has elapsed.
I have tried setting the "Session.timeout = 3" in the page_load method of
the page I want to secure.
I notice that the "Session_End" method in Global.Asax does fire, but the
Authentication Ticket appears to "stay valid" even after the Session has
ended.
Is there a way to force the page to prompt again for Windows Credentials at
specified timeouts?
Please let me know.
Thanks.
-- Will Gillen
Will Gillen Guest
-
#39250 [NEW]: Session problem on PHP using authentication on Windows 2003 IIS 6.0
From: gutosantos82 at gmail dot com Operating system: Windows 2003 PHP version: 5.1.6 PHP Bug Type: IIS related Bug... -
Session state IIS (Machine Key | Load Balanced Session)
This is a classic ASP group. Try microsoft.public.dotnet.framework.aspnet "Fred" <me@me.com> wrote in message... -
Windows re-authentication in ASP.NET using C# after session timeout
Good day, We have developed an intranet site for one of our clients. We are using Windows Authentication successfully. Our problem lies in the... -
User Session issue with ASP.NET Forms authentication & Windows 2003
Hi, I first posted this query in just the aspnet ng but didn't get a reply so I'm posting here (probably more appropriate) Hope one of you guys... -
Forms Authentication with Session State
Hey All. Currently, I have a login page that creates an encrypted Authentication Cookie (using FormsAuthenticationTicket). This happens after... -
Nico den Boer #2 Re: Windows Authentication and Session State
I'm new to .NET, but hopefully you can use this...
I've included the following code in global.asax:
protected void Session_End(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
// User is still authenticated
FormsAuthentication.SignOut();
}
}
This makes the Authentication Ticket invalid.
Nico
Nico den Boer Guest
-
Will Gillen #3 Re: Windows Authentication and Session State
"FormsAuthentication.SignOut();" doesn't appear to work on "Windows
Integrated" Authentication.
My application is using "Windows Integrated" Authentication, and not Forms
based authentication. This means that IIS is handling the authentication
and creating an identity. M question is: how can I "un-authenticate" the
identity at a specified time interval (without having to have the users
close all their browser windows)?
This approach that you provided is in the direction that I'm looking for,
but when i tried to implement, it didn't seem to work with "Windows
Integrated" Authentication.
Any other ideas?
-- Will G.
"Nico den Boer" <nicodenboer@home.nl> wrote in message
news:eVqbqUjxEHA.1392@tk2msftngp13.phx.gbl...> I'm new to .NET, but hopefully you can use this...
>
> I've included the following code in global.asax:
>
> protected void Session_End(Object sender, EventArgs e)
> {
> if (User.Identity.IsAuthenticated)
> {
> // User is still authenticated
> FormsAuthentication.SignOut();
> }
> }
>
> This makes the Authentication Ticket invalid.
>
> Nico
>
>
Will Gillen Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
