Forms Auth and FormsAuthentication.SignOut()Question

[Patrick.O.Ige]

I'm using Form Auth.
I 'm using the FormsAuthentication.SignOut() to sign out
But when the user logins in and later logs out using
FormsAuthentication.SignOut()
When the user clicks the back button he is still authenticated on the PAGE
why!!
Is there anyway i can remove the cache or something..
Any ideas?????

 

[WJ]

The back button on the Browser will only show the page that is already on
the client, this makes you think that you are authenticated but infact you
are not because you just did a "FormsAuthentication.SignOut();" , none of
your code on the page that is caused by the "Back" button at this point is
executed because the page itself has not been back to the server yet. Now,
if you attempt to push a button that does something on the server, then you
will be presented a proper Login page.

John

 

[Patrick.O.Ige]

ok then John.
I would try that out.
But do you have any idea how to have a role based Forms Authentication when
using Active Directory as a data store.I want to validate my users against
ROLES in the Active Directory..
Thanks

 

[WJ]

ok then John.
I would try that out.
But do you have any idea how to have a role based Forms Authentication
when
using Active Directory as a data store.I want to validate my users against
ROLES in the Active Directory..
Thanks

We donot allow AD integrated with IIS and Web based applications over
internet. So as a result, I am not very familiar with this type of
implementation. However, Google has a couple of good articles about this
subject that may serve your needs. Here they are:

http://dotnet.org.za/stuartg/articles/1415.aspx

http://support.microsoft.com/kb/311495/EN-US/

Hope you do well,

John

 

[Naveen]

Hi Patrick..

Pls find this article which throws light on different types of Forms based
authentication..

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod03.asp

HTH

With Best Regards
Naveen K S

 

[Patrick.O.Ige]

Thanks John.
Sorry i forgot to mention that its not internet but intranet!
So the links u sent were good!
But what 'm looking for is to actually use Active Directory as a datastore
which i'm using and then perform authorisation that means the user in the
domain can validate against roles(which is the same as Window Groups).
So both my authentication and authorisation process would rely solely on
Active Directory.
What i want to know is how to create a GenericPrincipal object (or a custom
IPrincipal object) and populate it with a set of roles obtained from a custom
authentication data store like Active Directory
Thanks all..