FormsAuthentication doesn't automatically redirect upon timeout

Discussion in 'ASP .Net' started by christine.nguyen@gmail.com, Feb 5, 2008.

  1. Guest

    I am using Forms Authentication under Windows Server 2003 in .NET
    2.0. It appears that the auth ticket is expiring when it's supposed
    to but it doesn't automatically redirect the user to the login page.
    Here is some watered down sample code I had to put in the onLoad of my
    page in order to properly redirect the user upon expiration of the
    login. It appears that once the auth ticket is expired, the name of
    the Identity is lost (which makes sense) and then I redirect the user.

    protected override void OnLoad(EventArgs e)
    string userName = HttpContext.Current.User.Identity.Name;
    if(String.IsNullOrEmpty(userName)
    Response.Redirect(redirectUrl);
    }

    My question is whether I really have to include such code in my page
    to handle the the empty Identity name or should the framework be
    redirecting on its own once the auth ticket has expired and the
    identity name is empty?

    Thanks,
    Christine
    , Feb 5, 2008
    #1
    1. Advertising

  2. Hi Christine,

    Normally, you don't have to implement the redirection by yourself.
    Specifiying the login url should solve your problem. By doing that, the user
    must be automatically redirected to the login page at his/her first request
    to a secured path.

    <forms name=".aspxlogin" loginUrl="~/Login.aspx" />



    --
    All the best,
    Coskun SUNALI
    MVP ASP/ASP.NET
    http://sunali.com
    http://www.propeople.dk

    <> wrote in message
    news:...
    >I am using Forms Authentication under Windows Server 2003 in .NET
    > 2.0. It appears that the auth ticket is expiring when it's supposed
    > to but it doesn't automatically redirect the user to the login page.
    > Here is some watered down sample code I had to put in the onLoad of my
    > page in order to properly redirect the user upon expiration of the
    > login. It appears that once the auth ticket is expired, the name of
    > the Identity is lost (which makes sense) and then I redirect the user.
    >
    > protected override void OnLoad(EventArgs e)
    > string userName = HttpContext.Current.User.Identity.Name;
    > if(String.IsNullOrEmpty(userName)
    > Response.Redirect(redirectUrl);
    > }
    >
    > My question is whether I really have to include such code in my page
    > to handle the the empty Identity name or should the framework be
    > redirecting on its own once the auth ticket has expired and the
    > identity name is empty?
    >
    > Thanks,
    > Christine
    >
    >
    Coskun SUNALI [MVP], Feb 5, 2008
    #2
    1. Advertising

  3. Guest

    Hello,

    I do specify the login url in web.config, but for whatever reason it
    doesn't redirect upon timeout when a secured resource is accessed.
    Instead it throws an exception when I try to access and use the value
    in HttpContext.Current.User.Identity.Name (which is now empty). This
    is why i put code into the onLoad in order to prevent the exception.
    Is there a reason why it wouldn't redirect even though I have the
    login url specified in web.config?


    Thanks,
    Christine
    , Feb 5, 2008
    #3
  4. Hi,

    Yes. If you have a HttpModule that logs and then cleans the errors on the
    server, ASP.NET doesn't redirect.

    --
    All the best,
    Coskun SUNALI
    MVP ASP/ASP.NET
    http://sunali.com
    http://www.propeople.dk

    <> wrote in message
    news:...
    > Hello,
    >
    > I do specify the login url in web.config, but for whatever reason it
    > doesn't redirect upon timeout when a secured resource is accessed.
    > Instead it throws an exception when I try to access and use the value
    > in HttpContext.Current.User.Identity.Name (which is now empty). This
    > is why i put code into the onLoad in order to prevent the exception.
    > Is there a reason why it wouldn't redirect even though I have the
    > login url specified in web.config?
    >
    >
    > Thanks,
    > Christine
    Coskun SUNALI [MVP], Feb 6, 2008
    #4
  5. Hi,

    Sorry for my previous message. It has nothing to do with your problem.

    Can you please attach a project in a zip file to reproduce the problem you
    have.

    I will try to correct it and send it back.

    --
    All the best,
    Coskun SUNALI
    MVP ASP/ASP.NET
    http://sunali.com
    http://www.propeople.dk

    "Coskun SUNALI [MVP]" <> wrote in message
    news:%23$...
    > Hi,
    >
    > Yes. If you have a HttpModule that logs and then cleans the errors on the
    > server, ASP.NET doesn't redirect.
    >
    > --
    > All the best,
    > Coskun SUNALI
    > MVP ASP/ASP.NET
    > http://sunali.com
    > http://www.propeople.dk
    >
    > <> wrote in message
    > news:...
    >> Hello,
    >>
    >> I do specify the login url in web.config, but for whatever reason it
    >> doesn't redirect upon timeout when a secured resource is accessed.
    >> Instead it throws an exception when I try to access and use the value
    >> in HttpContext.Current.User.Identity.Name (which is now empty). This
    >> is why i put code into the onLoad in order to prevent the exception.
    >> Is there a reason why it wouldn't redirect even though I have the
    >> login url specified in web.config?
    >>
    >>
    >> Thanks,
    >> Christine

    >
    Coskun SUNALI [MVP], Feb 6, 2008
    #5
  6. I figured out what the problem is, I needed to add the following setting to
    the web.config.

    <authorization>
    <deny users="?" />
    </authorization>

    Thanks for trying to help!
    Christine


    "Christine Nguyen" <> wrote in message
    news:...
    > Hello,
    >
    > Here is a sample website I set up to illustrate what's going on. Thanks!
    >
    > -Christine
    >
    >
    > "Coskun SUNALI [MVP]" <> wrote in message
    > news:...
    >> Hi,
    >>
    >> Sorry for my previous message. It has nothing to do with your problem.
    >>
    >> Can you please attach a project in a zip file to reproduce the problem
    >> you
    >> have.
    >>
    >> I will try to correct it and send it back.
    >>
    >> --
    >> All the best,
    >> Coskun SUNALI
    >> MVP ASP/ASP.NET
    >> http://sunali.com
    >> http://www.propeople.dk
    >>
    >> "Coskun SUNALI [MVP]" <> wrote in message
    >> news:%23$...
    >>> Hi,
    >>>
    >>> Yes. If you have a HttpModule that logs and then cleans the errors on
    >>> the
    >>> server, ASP.NET doesn't redirect.
    >>>
    >>> --
    >>> All the best,
    >>> Coskun SUNALI
    >>> MVP ASP/ASP.NET
    >>> http://sunali.com
    >>> http://www.propeople.dk
    >>>
    >>> <> wrote in message
    >>> news:...
    >>>> Hello,
    >>>>
    >>>> I do specify the login url in web.config, but for whatever reason it
    >>>> doesn't redirect upon timeout when a secured resource is accessed.
    >>>> Instead it throws an exception when I try to access and use the value
    >>>> in HttpContext.Current.User.Identity.Name (which is now empty). This
    >>>> is why i put code into the onLoad in order to prevent the exception.
    >>>> Is there a reason why it wouldn't redirect even though I have the
    >>>> login url specified in web.config?
    >>>>
    >>>>
    >>>> Thanks,
    >>>> Christine
    >>>

    >>

    >
    >
    >
    Christine Nguyen, Feb 6, 2008
    #6
  7. Yes, ASP.NET needs to know if the visitor is authorized to view that path or
    not. Glad that you found what was wrong.

    --
    All the best,
    Coskun SUNALI
    MVP ASP/ASP.NET
    http://sunali.com
    http://www.propeople.dk

    "Christine Nguyen" <> wrote in message
    news:egdpe%...
    >I figured out what the problem is, I needed to add the following setting to
    >the web.config.
    >
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > Thanks for trying to help!
    > Christine
    >
    >
    > "Christine Nguyen" <> wrote in message
    > news:...
    >> Hello,
    >>
    >> Here is a sample website I set up to illustrate what's going on. Thanks!
    >>
    >> -Christine
    >>
    >>
    >> "Coskun SUNALI [MVP]" <> wrote in message
    >> news:...
    >>> Hi,
    >>>
    >>> Sorry for my previous message. It has nothing to do with your problem.
    >>>
    >>> Can you please attach a project in a zip file to reproduce the problem
    >>> you
    >>> have.
    >>>
    >>> I will try to correct it and send it back.
    >>>
    >>> --
    >>> All the best,
    >>> Coskun SUNALI
    >>> MVP ASP/ASP.NET
    >>> http://sunali.com
    >>> http://www.propeople.dk
    >>>
    >>> "Coskun SUNALI [MVP]" <> wrote in message
    >>> news:%23$...
    >>>> Hi,
    >>>>
    >>>> Yes. If you have a HttpModule that logs and then cleans the errors on
    >>>> the
    >>>> server, ASP.NET doesn't redirect.
    >>>>
    >>>> --
    >>>> All the best,
    >>>> Coskun SUNALI
    >>>> MVP ASP/ASP.NET
    >>>> http://sunali.com
    >>>> http://www.propeople.dk
    >>>>
    >>>> <> wrote in message
    >>>> news:...
    >>>>> Hello,
    >>>>>
    >>>>> I do specify the login url in web.config, but for whatever reason it
    >>>>> doesn't redirect upon timeout when a secured resource is accessed.
    >>>>> Instead it throws an exception when I try to access and use the value
    >>>>> in HttpContext.Current.User.Identity.Name (which is now empty). This
    >>>>> is why i put code into the onLoad in order to prevent the exception.
    >>>>> Is there a reason why it wouldn't redirect even though I have the
    >>>>> login url specified in web.config?
    >>>>>
    >>>>>
    >>>>> Thanks,
    >>>>> Christine
    >>>>
    >>>

    >>
    >>
    >>

    >
    >
    Coskun SUNALI [MVP], Feb 6, 2008
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Danny
    Replies:
    1
    Views:
    1,331
    Craig Deelsnyder
    Jun 17, 2004
  2. =?Utf-8?B?Q3JhaWc=?=

    formsauthentication timeout & session timeout

    =?Utf-8?B?Q3JhaWc=?=, Aug 10, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,636
    =?Utf-8?B?RU5JWklO?= .enizin.net>
    Aug 10, 2005
  3. =?Utf-8?B?c3Rzb25n?=

    1.x FormsAuthentication.GetRedirectUrl doesn't redirect

    =?Utf-8?B?c3Rzb25n?=, Apr 10, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    1,175
    =?Utf-8?B?c3Rzb25n?=
    Apr 10, 2006
  4. Replies:
    2
    Views:
    1,800
  5. Danny
    Replies:
    0
    Views:
    134
    Danny
    Jun 17, 2004
Loading...

Share This Page