How to open a secure aspx page in a window without 'chrome'

Discussion in 'ASP .Net' started by =?Utf-8?B?a2VybWl0?=, Dec 27, 2004.

  1. Hi,
    I am hoping this is a foolish or simple question.
    I am creating a multiuser app. consisit of a login page and a dataentry
    page. If the user leaves the data entry page (other than exiting the
    browser). I want them to 'have' to go back through the login screen and
    re-login.

    My problem is the browser's (IE 6) Back and Forward buttons.
    If the user clicks the Back button from the data entry screen they go to the
    login in screen and if they click the Forward button from there, they arrive
    at the data entry screen without loggin in.
    I have tried messing with cache and cannot seem to prevent this.

    For now I have them enter the app via a html page (splach screen) which then
    does an open.window to launch the app in a chrome-less window. Works great,
    but I have the initial splash screen html page still open.

    All suggestions are appreciated! I know I must be missing something in the
    security concept.
    =?Utf-8?B?a2VybWl0?=, Dec 27, 2004
    #1
    1. Advertising

  2. have you ever hit [alt] + [arrow left] ?

    what you can do is call

    opener.close();

    maybe...

    --
    Daniel Fisher(lennybacon)
    MCP ASP.NET C#
    Blog: http://www.lennybacon.com/


    "kermit" <> wrote in message
    news:...
    > Hi,
    > I am hoping this is a foolish or simple question.
    > I am creating a multiuser app. consisit of a login page and a dataentry
    > page. If the user leaves the data entry page (other than exiting the
    > browser). I want them to 'have' to go back through the login screen and
    > re-login.
    >
    > My problem is the browser's (IE 6) Back and Forward buttons.
    > If the user clicks the Back button from the data entry screen they go to
    > the
    > login in screen and if they click the Forward button from there, they
    > arrive
    > at the data entry screen without loggin in.
    > I have tried messing with cache and cannot seem to prevent this.
    >
    > For now I have them enter the app via a html page (splach screen) which
    > then
    > does an open.window to launch the app in a chrome-less window. Works
    > great,
    > but I have the initial splash screen html page still open.
    >
    > All suggestions are appreciated! I know I must be missing something in
    > the
    > security concept.
    Daniel Fisher\(lennybacon\), Dec 28, 2004
    #2
    1. Advertising

  3. Thank you for your response.

    I put opener.close() in today.
    It does what I want, if I could just get rid of the 'are you sure' message.

    Learn something new everyday. I had never used Alt + arrow R/L before. I
    am working on a limited user intra net app. and I suspect most (none) know of
    the keyboard shortcut either.

    "Daniel Fisher(lennybacon)" wrote:

    > have you ever hit [alt] + [arrow left] ?
    >
    > what you can do is call
    >
    > opener.close();
    >
    > maybe...
    >
    > --
    > Daniel Fisher(lennybacon)
    > MCP ASP.NET C#
    > Blog: http://www.lennybacon.com/
    >
    >
    > "kermit" <> wrote in message
    > news:...
    > > Hi,
    > > I am hoping this is a foolish or simple question.
    > > I am creating a multiuser app. consisit of a login page and a dataentry
    > > page. If the user leaves the data entry page (other than exiting the
    > > browser). I want them to 'have' to go back through the login screen and
    > > re-login.
    > >
    > > My problem is the browser's (IE 6) Back and Forward buttons.
    > > If the user clicks the Back button from the data entry screen they go to
    > > the
    > > login in screen and if they click the Forward button from there, they
    > > arrive
    > > at the data entry screen without loggin in.
    > > I have tried messing with cache and cannot seem to prevent this.
    > >
    > > For now I have them enter the app via a html page (splach screen) which
    > > then
    > > does an open.window to launch the app in a chrome-less window. Works
    > > great,
    > > but I have the initial splash screen html page still open.
    > >
    > > All suggestions are appreciated! I know I must be missing something in
    > > the
    > > security concept.

    >
    >
    >
    =?Utf-8?B?a2VybWl0?=, Dec 28, 2004
    #3
  4. For those who may be interested, my real problem was the the back button
    bypassing authentication.

    The finall resolution was to disable Caching in code on the Form_Load event
    (it must run on every form load event); and to compare time stamps (one in
    view state and one in Session State) in the form load event to verify they
    are the same.
    Works great (Ref: Murach's ASP.Net, Chapter 19, "Back-Button Control")

    Disable Cache on Form_Load event
    Response.Cache.SetCacheability(HttpCacheability.NoCache)
    Response.Cache.SetExpires(Now().AddSeconds(-1)
    Response.Cache.SetNoStore()
    Response.AddHeader("Pragma", "no-cache")

    If IsExpired() then
    Response.Redirect("expired.aspx")
    Else
    SaveTimeStamps()
    End If


    Private Function IsExpired() as Boolean
    If Session("Doc_TimeStamp") Is Nothing then
    return False
    elseif ViewState("TimeStamp") Is Nothing then
    return False
    elseif ViewState("TimeStamp").ToString = Session("Doc_TimeStamp").ToString
    then
    return False
    else
    return True
    End If
    End Function

    Private Sub SaveTimeStamps()
    Dim dTime as DateTime = Now()
    ViewState.Add("TimeStamp"), dTime)
    Session.Add("Doc_TimeStamp"), dTime)
    End Sub

    Hope this helps someone else.







    "kermit" wrote:

    > Thank you for your response.
    >
    > I put opener.close() in today.
    > It does what I want, if I could just get rid of the 'are you sure' message.
    >
    > Learn something new everyday. I had never used Alt + arrow R/L before. I
    > am working on a limited user intra net app. and I suspect most (none) know of
    > the keyboard shortcut either.
    >
    > "Daniel Fisher(lennybacon)" wrote:
    >
    > > have you ever hit [alt] + [arrow left] ?
    > >
    > > what you can do is call
    > >
    > > opener.close();
    > >
    > > maybe...
    > >
    > > --
    > > Daniel Fisher(lennybacon)
    > > MCP ASP.NET C#
    > > Blog: http://www.lennybacon.com/
    > >
    > >
    > > "kermit" <> wrote in message
    > > news:...
    > > > Hi,
    > > > I am hoping this is a foolish or simple question.
    > > > I am creating a multiuser app. consisit of a login page and a dataentry
    > > > page. If the user leaves the data entry page (other than exiting the
    > > > browser). I want them to 'have' to go back through the login screen and
    > > > re-login.
    > > >
    > > > My problem is the browser's (IE 6) Back and Forward buttons.
    > > > If the user clicks the Back button from the data entry screen they go to
    > > > the
    > > > login in screen and if they click the Forward button from there, they
    > > > arrive
    > > > at the data entry screen without loggin in.
    > > > I have tried messing with cache and cannot seem to prevent this.
    > > >
    > > > For now I have them enter the app via a html page (splach screen) which
    > > > then
    > > > does an open.window to launch the app in a chrome-less window. Works
    > > > great,
    > > > but I have the initial splash screen html page still open.
    > > >
    > > > All suggestions are appreciated! I know I must be missing something in
    > > > the
    > > > security concept.

    > >
    > >
    > >
    =?Utf-8?B?a2VybWl0?=, Jan 2, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,419
    Teemu Keiski
    Jun 8, 2004
  2. net
    Replies:
    2
    Views:
    497
    -Art-
    Nov 29, 2003
  3. Replies:
    0
    Views:
    547
  4. Replies:
    8
    Views:
    568
    Adrienne Boswell
    Jan 10, 2007
  5. Oriane

    Web page without the chrome

    Oriane, Nov 1, 2007, in forum: ASP .Net
    Replies:
    3
    Views:
    312
    Oriane
    Nov 2, 2007
Loading...

Share This Page