 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / June 2004forms authentication automatic logout without timers?
Hello, I have a web application that uses forms authentication. I have been asked to implement a feature that logs users out automatically if they navigate to a page outside of the secured portion of the web app. This request means that cookie timeouts won't work, it needs to be an instant thing - you leave the site -> the door gets locked on your way out even if you haven't explicitly logged out yourself. Does anyone know if this is possible? Regards, Danny Dear Danny, In the Page_Load event of the page where you want to logout the users, put the following code:- if(User.Identity.IsAuthenticated) { FormsAuthentication.Signout(); } this will automatically signout user's who are logged in. hope it helps. > Hello, > [quoted text clipped - 5 lines] > > Danny In the Global.asax AuthorizeRequest event, you can add code that will check if the user is authenticated and if the current url is secure or not. Then, sign the user out accordingly: Private Sub Global_AuthorizeRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.AuthorizeRequest If User.Identity.IsAuthenticated Then If Not HttpContext.Current.Request.IsSecureConnection Then System.Web.Security.FormsAuthentication.SignOut() End If End If End Sub >-----Original Message----- >Hello, > >I have a web application that uses forms authentication. I have been asked to implement a feature that logs users out automatically if they navigate to a page outside of the secured portion of the web app. This request means that cookie timeouts won't work, it needs to be an instant thing - you leave the site -> the door gets locked on your way out even if you haven't explicitly logged out yourself. >Does anyone know if this is possible? > >Regards, > >Danny >. Thank you for the replies. Unfortunately I realised last night when I got home that I didn't really state my question correctly so I am closing this question and moving it to a new posting titled 'can you prevent malicious use of browser back button in forms authentication' What I actually want to do is this... User is logged in and authenticated to use secure sections of site. User then proceeds to navigate to some site outside of the secure sections of the web app (could be any url) but forgets to log out then eventually gets up and walks away from their machine. Some other malicious user then comes along and presses the back button on their browser to see what forgetful user has been looking at. I've been asked to somehow prevent that malicious user from being able to gain access to secure content if fogetful user didn't logout and the forms authentication timer on the auth cookie hasn't yet expired. I'm really not sure if this is possible. > In the Global.asax AuthorizeRequest event, you can add > code that will check if the user is authenticated and if [quoted text clipped - 31 lines] > >Danny > >. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.