Hi Dave,
As for windows authentication, it has different authenticate mechanism
which is quite different from FormsAuthentication(Membership service), it
depend on the windows authentication in IIS and the token forwarded from
IIS. And windows authentication doesn't use cookie to cache the
authenticated user token on client-side. And the "PostAuthenticateRequest"
event of the HttpApplication(global.asax) class Brock mentioend is one
possible place to hook he authentication event for each comming ASP.NET
request.
And as for
==============
Is there a way to set the session length and get an event when it times
out?
And once that happens, will they then hit this authenticate event again
when
they go to the site again?
==============
I'm afraid there is no such event which will actively call you when a
certain authenticated user's "logon session" has expired. Because for
windows authentication ,there is no such timeout, the session ended after
each request finishes. While for formsauthentication, the authenticated
token is stored in client-side cache, therefore only when the user request
the application again, the applicaiton has chance to check its token in the
cookie, if invalid(expired or corrupted), redirect the user to the login
page.
I'm still not quite clear on your new questions (below), would you provide
some further explanation?
==================
Ok, so they are user N+1 - I need to send them to a page to tell them that.
How can I set up my site so they can only go to that 1 page?
=================
Regards,
Steven Cheng
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)