forms authentication not making users reauthenticate

T

Travis Parrent

I'm having a problem where my application forces the user to log on
intially, but then never forces them to reauthenticate. Following is the
login code currently but I've tried several different things. I can walk
away from the app for an hour and come back and it will still not force them
to log back in. Where can i look?

Here's current login code :
Private Sub btnLogon_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogon.Click
Dim passwordVerified As Boolean = False
Try
'passwordVerified = VerifyPassword(txtUserName.Text,
txtPassword.Text)
'currently commented out until I get this working
passwordVerified = True
Catch ex As Exception
lblMessage.Text = ex.Message
Return
End Try
If passwordVerified = True Then

Dim intReset As Boolean
'intReset = Session("Reset") 'once again forcing value until
i get reauthenticate working
intReset = False
If intReset = True Then
Me.btnLogon.Visible = False
Me.btnReset.Visible = True
lblMessage.Text = "YOU MUST RESET YOUR PASSWORD TO CONTINUE!
Please enter a NEW password in the box above and click the Reset Password
button. You will then have to log in again."
Else
'Dim roles As String = GetCustomers(txtUserName.Text) '
'Trying to force it to timeout right away to test to make
sure it reauthenticates
Dim authTicket As New
System.Web.Security.FormsAuthenticationTicket(1, txtUserName.Text,
DateTime.Now, DateTime.Now.AddSeconds(10), False, "blah")
Dim encryptedTicket As String =
System.Web.Security.FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName,
encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect(Request("ReturnURL"))
'other things i've tried...

'System.Web.Security.FormsAuthentication.GetRedirectUrl(txtUserName.Text,
False))
'FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
False)
End If

Else
lblMessage.Text = "Invalid username or password"
End If
End Sub 'btnLogon_Click

Here's current web.config settings for authentication and authorization:

<authentication mode="Forms">
<forms loginUrl="login.aspx" name="sqlAuthCookie" timeout="1" path="/"
slidingExpiration="false"></forms>
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

Any help appreciated,
Travis
 
T

Travis Parrent

I may have answered my own question. I found this code in global.asax.vb:

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the use
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
Return
End If
Dim authTicket As FormsAuthenticationTicket = Nothing
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
Return
End Try
If authTicket Is Nothing Then
Return
End If
Dim role As String() = authTicket.UserData.Split(New Char() {"|"c})
Dim id As New FormsIdentity(authTicket)
Dim principal As New GenericPrincipal(id, role)
Context.User = principal
End Sub

I didn't write this app, and I'm pretty new to asp.net, but can someone
quickly explain what this code it doing.

It must somehow be re-authenticating the user automatically. I want to
remove it but not sure what effects that will have overall and not sure why
it was put here to begin with??

Thanks,
Travis
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top