is auth cookie still active

Discussion in 'ASP .Net' started by Alex, Oct 21, 2003.

  1. Alex

    Alex Guest

    hi,

    I have implemented forms authentication and it is woking well however I am
    experiencing a slightly frustrating problem.
    The "Admin" directory of my site is password protected, however if a user
    successfully logs in to this section then will see a small menu at the top
    of the page on
    ANY page they are logged into, even it is outside the "Admin" directory.
    Basically if you are an admin you see this menu and if you are not you
    don't.
    I achieve this with the following code
    Dim encTicket As String
    Dim ticket As System.Web.Security.FormsAuthenticationTicket
    Dim currentUsername
    Dim cookie As System.Web.HttpCookie
    cookie =
    Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
    If cookie Is Nothing Then
    'The user is not logged in so do not display the menu
    MenuLabel.Visible = False
    Else
    encTicket = cookie.Value
    ticket =
    System.Web.Security.FormsAuthentication.Decrypt(encTicket)
    currentUsername = ticket.Name
    MenuLabel.Visible = True
    End If

    Now if a user logs in successfully and the has no activity on the client for
    a certain period they are logged out and have to log back in again. This
    also wors fine.
    However if the user has been logged out the above code still thinks that the
    user is still logged in. I guess the cookie is still on the client although
    it has probabally expired.
    My question is what would I have to add to the above code to determine that
    the cookie has not expired.

    cheers

    Alex.
     
    Alex, Oct 21, 2003
    #1
    1. Advertising

  2. "Alex" <> wrote in message
    news:#...
    > hi,
    >
    > I have implemented forms authentication and it is woking well however I am
    > experiencing a slightly frustrating problem.
    > The "Admin" directory of my site is password protected, however if a user
    > successfully logs in to this section then will see a small menu at the top
    > of the page on
    > ANY page they are logged into, even it is outside the "Admin" directory.
    > Basically if you are an admin you see this menu and if you are not you
    > don't.
    > I achieve this with the following code
    > Dim encTicket As String
    > Dim ticket As System.Web.Security.FormsAuthenticationTicket
    > Dim currentUsername
    > Dim cookie As System.Web.HttpCookie
    > cookie =
    > Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
    > If cookie Is Nothing Then
    > 'The user is not logged in so do not display the menu
    > MenuLabel.Visible = False
    > Else
    > encTicket = cookie.Value
    > ticket =
    > System.Web.Security.FormsAuthentication.Decrypt(encTicket)
    > currentUsername = ticket.Name
    > MenuLabel.Visible = True
    > End If
    >
    > Now if a user logs in successfully and the has no activity on the client

    for
    > a certain period they are logged out and have to log back in again. This
    > also wors fine.
    > However if the user has been logged out the above code still thinks that

    the
    > user is still logged in. I guess the cookie is still on the client

    although
    > it has probabally expired.
    > My question is what would I have to add to the above code to determine

    that
    > the cookie has not expired.


    Don't play with the cookie for that purpose. Use Request.IsAuthenticated and
    User.IsInRole("Admin").

    --
    John
     
    John Saunders, Oct 22, 2003
    #2
    1. Advertising

  3. Alex

    Alex Guest

    Cheers Again John.

    I'll take your advice.


    "John Saunders" <john.saunders at surfcontrol.com> wrote in message
    news:...
    > "Alex" <> wrote in message
    > news:#...
    > > hi,
    > >
    > > I have implemented forms authentication and it is woking well however I

    am
    > > experiencing a slightly frustrating problem.
    > > The "Admin" directory of my site is password protected, however if a

    user
    > > successfully logs in to this section then will see a small menu at the

    top
    > > of the page on
    > > ANY page they are logged into, even it is outside the "Admin" directory.
    > > Basically if you are an admin you see this menu and if you are not you
    > > don't.
    > > I achieve this with the following code
    > > Dim encTicket As String
    > > Dim ticket As System.Web.Security.FormsAuthenticationTicket
    > > Dim currentUsername
    > > Dim cookie As System.Web.HttpCookie
    > > cookie =
    > > Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
    > > If cookie Is Nothing Then
    > > 'The user is not logged in so do not display the menu
    > > MenuLabel.Visible = False
    > > Else
    > > encTicket = cookie.Value
    > > ticket =
    > > System.Web.Security.FormsAuthentication.Decrypt(encTicket)
    > > currentUsername = ticket.Name
    > > MenuLabel.Visible = True
    > > End If
    > >
    > > Now if a user logs in successfully and the has no activity on the client

    > for
    > > a certain period they are logged out and have to log back in again. This
    > > also wors fine.
    > > However if the user has been logged out the above code still thinks that

    > the
    > > user is still logged in. I guess the cookie is still on the client

    > although
    > > it has probabally expired.
    > > My question is what would I have to add to the above code to determine

    > that
    > > the cookie has not expired.

    >
    > Don't play with the cookie for that purpose. Use Request.IsAuthenticated

    and
    > User.IsInRole("Admin").
    >
    > --
    > John
    >
    >
     
    Alex, Oct 22, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    760
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  2. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    611
    Elton Wang
    Jan 8, 2005
  3. Mark Chai
    Replies:
    1
    Views:
    755
    Christophe Vanfleteren
    Oct 1, 2003
  4. Chris Mohan

    Configuring Windows Auth & Forms Auth in Asp.Net

    Chris Mohan, Apr 28, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    476
    Chris Mohan
    Apr 29, 2004
  5. Forms Auth Info passed to Windows Auth?

    , Apr 28, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    262
    Hernan de Lahitte
    May 3, 2005
Loading...

Share This Page