Forms Login Page Not Login Out

Discussion in 'ASP .Net' started by Hermit Dave, Jan 12, 2004.

  1. Hermit Dave

    Hermit Dave Guest

    i have seen that behavior (to a certain extent) on local machine but once i
    put it on my host it does behave...

    the behavior i noticed was that if you logged in using forms authentication
    and didnot explicitly signout.. ie invalidating the cookie.. . you can still
    open a new browser window and you can go straight through... but only for
    the period of time where the ticket is valid... ( the session is again
    dependant on browser instance.. so i will have a new session)

    ie i explicity create forms ticket and i specify a valid till time of 30
    mins...

    session is a different story all togather... session is not bound by forms
    authentication rather by itself it based on whether it receives any request
    from client... 20 mins i think is the default timeout... so you can still
    hav a valid cookie but can have new session if you log in and not use you
    site for 25 mins.. and then start browsing again...

    they are two different things (session and authentication) and dont confuse
    them.... when you design you app just be sure that you know how exactly it
    behaves.

    --
    Regards,

    HD

    "Kenneth Keeley" <> wrote in message
    news:...
    > Hi,
    > I have a web app that has forms authentication and I can login to the
    > page the first time I go there but it never times me out if I come back in
    > 24 hours a hit the refresh key the page loads and I am still logged in. My
    > session details are gone but I am still logged.
    >
    > These are the settings I am using are they right or do I need to change
    > them?
    > <system.web>
    > <authentication mode="Forms">
    > <forms name=".ASPXAUTH" loginUrl="login.aspx"
    > protection="Validation" timeout="20" />
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    >
    >
    > Thanks for the Help
    > Kenneth
    >
    >
    Hermit Dave, Jan 12, 2004
    #1
    1. Advertising

  2. Hi,
    I have a web app that has forms authentication and I can login to the
    page the first time I go there but it never times me out if I come back in
    24 hours a hit the refresh key the page loads and I am still logged in. My
    session details are gone but I am still logged.

    These are the settings I am using are they right or do I need to change
    them?
    <system.web>
    <authentication mode="Forms">
    <forms name=".ASPXAUTH" loginUrl="login.aspx"
    protection="Validation" timeout="20" />
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>


    Thanks for the Help
    Kenneth
    Kenneth Keeley, Jan 12, 2004
    #2
    1. Advertising

  3. Hermit Dave

    Hermit Dave Guest

    should be alright.. its always worth a try...

    here's the code... copying it from my post a few days back...

    Here's bit of forms authentication from my project

    // Register.aspx.cs - register and log user the first time

    private void btnRegister_Click(object sender, System.EventArgs e)
    {
    if(Page.IsValid)
    {
    FormsAuthentication.Initialize();
    UserDetail myUser = new UserDetail();
    myUser.Email = txtEmail.Text;
    myUser.PasswordHash =
    FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text,
    "md5");
    UsersDB myUserDB = new UsersDB();

    bool UserAdded = myUserDB.SetUserInfo(ref myUser);
    if(UserAdded == false)
    {
    lblUserExists.Visible = true;
    return;
    }
    else
    {
    LoggedUserInfo myUserInfo = myUserDB.GetRoles(myUser.Email,
    myUser.PasswordHash);
    if(myUserInfo.Role != null && myUserInfo.Role != "")
    {
    Security.SetUserInfo(myUserInfo, false);
    // Redirect to the requested URL
    string returnURL;
    if(ViewState["returnURL"] != null)
    returnURL = (string)ViewState["returnURL"];
    else
    returnURL = "/";

    Response.Redirect(returnURL);
    }
    }
    }
    }

    ----------------------------------------------------------------------------
    ------------------
    // Security.cs containing Security Class // used to set the authentication
    ticket and cookie
    public static void SetUserInfo(LoggedUserInfo myUser, bool persistant)
    {
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
    (
    1, // Ticket Version
    myUser.UserID + ", " + myUser.Name, // UserName associated with the
    ticket
    DateTime.Now, // Date time issued
    DateTime.Now.AddMinutes(30), // date time to expire
    persistant, // cookie persistance
    myUser.Role, // user data
    FormsAuthentication.FormsCookiePath // cookie path configured
    );
    // Encrypt the cookie using machine key for secure transport
    string hash = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
    hash);


    // set cookie's expiration time to ticket's expiration time
    if(ticket.IsPersistent)
    cookie.Expires = ticket.Expiration;
    HttpContext.Current.Response.Cookies.Add(cookie);
    }

    ----------------------------------------------------------------------------
    ---------------------
    // Login.aspx - Log user in
    private void btnLogin_Click(object sender, System.EventArgs e)
    {
    if(Page.IsValid)
    {
    FormsAuthentication.Initialize();
    UsersDB myUser = new UsersDB();

    string email, passwordHash;
    email = txtEmail.Text;
    passwordHash =
    FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text,
    "md5");
    LoggedUserInfo myUserInfo = myUser.GetRoles(email, passwordHash);
    if(myUserInfo.Role != null && myUserInfo.Role != "")
    {
    Security.SetUserInfo(myUserInfo, chkRememberMe.Checked);

    // Redirect to the requested URL
    string returnURL;
    if(ViewState["returnURL"] != null)
    returnURL = (string)ViewState["returnURL"];
    else
    returnURL = "/";

    Response.Redirect(returnURL);
    }
    else
    {
    lblErrorMsg.Text = "UserName / Password Incorrect Please try again.";
    }
    }

    }

    ----------------------------------------------------------------------------
    ---------------------------------
    // Web.config file
    // under configuration >> system.web
    <authentication mode="Forms">
    <forms name=".ASPXAUTH"
    loginUrl="Login.aspx"
    timeout = "30"
    slidingExpiration="true"
    protection="All"
    path="/" />
    </authentication>

    ----------------------------------------------------------------------------
    ----------------------------------
    // Last but not the least....
    // Global.asax.cs
    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
    if(HttpContext.Current.User != null)
    {
    if(HttpContext.Current.User.Identity.IsAuthenticated)
    {
    if(HttpContext.Current.User.Identity is FormsIdentity)
    {
    FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;

    // get data stored in cookie
    string userData = ticket.UserData;
    string[] roles = userData.Split(',');
    HttpContext.Current.User = new GenericPrincipal(id, roles);
    }
    }
    }
    }
    ----------------------------------------------------------------------------
    --------

    i can access my user info using
    HttpContext.Current.User
    can validate whether user is in a particular role or what his name is or his
    id is.

    hope this helps... know its a long post but didnt have an option...
    --
    Regards,

    HD


    --
    Regards,

    HD

    "Kenneth Keeley" <> wrote in message
    news:%...
    > Hi,
    >
    > "Hermit Dave" <> wrote in message
    > news:%...
    > > i have seen that behavior (to a certain extent) on local machine but

    once
    > i
    > > put it on my host it does behave...

    > So do you think that Mine will be ok?
    >
    > > ie i explicity create forms ticket and i specify a valid till time of 30
    > > mins...

    > How did you do that.
    >
    > Thanks
    >
    >
    Hermit Dave, Jan 13, 2004
    #3
  4. Hi,

    "Hermit Dave" <> wrote in message
    news:%...
    > i have seen that behavior (to a certain extent) on local machine but once

    i
    > put it on my host it does behave...

    So do you think that Mine will be ok?

    > ie i explicity create forms ticket and i specify a valid till time of 30
    > mins...

    How did you do that.

    Thanks
    Kenneth Keeley, Jan 13, 2004
    #4
  5. Hi,
    Thanks for the sample, But I found it hard to understand and have not been
    able to get it to work. I use VB.Net and an SQL database for the user
    accounts, Could you help me to make your sample work with this
    configuration.

    Thanks
    Kenneth
    Kenneth Keeley, Jan 13, 2004
    #5
  6. Hermit Dave

    Hermit Dave Guest

    Kenneth,

    I will try and do some VB.NET code but might take some time as i dont
    normally use VB.NET

    --
    Regards,

    HD

    "Kenneth Keeley" <> wrote in message
    news:%...
    > Hi,
    > Thanks for the sample, But I found it hard to understand and have not

    been
    > able to get it to work. I use VB.Net and an SQL database for the user
    > accounts, Could you help me to make your sample work with this
    > configuration.
    >
    > Thanks
    > Kenneth
    >
    >
    Hermit Dave, Jan 13, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pradeep Pise
    Replies:
    0
    Views:
    527
    Pradeep Pise
    Jul 9, 2004
  2. Pascal Blanchard
    Replies:
    0
    Views:
    245
    Pascal Blanchard
    Aug 17, 2004
  3. Pascal Blanchard
    Replies:
    1
    Views:
    278
    Pascal Blanchard
    Aug 18, 2004
  4. Keltex
    Replies:
    1
    Views:
    395
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    498
Loading...

Share This Page