Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / July 2005

Tip: Looking for answers? Try searching our database.

Form Based Authentication Issue

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Frank Walsh - 14 Jul 2005 23:33 GMT
Can anyone tell me if this is possible in asp.net, I want to use form-based
authentication to authenticate my users, however a employee of the company
is attempting to be logged in as administrator and as a client in two
browser windows. When the FormsAuthentication.Signout is called on one of
the windows, it kills both authentications for both browser windows. When
the user attempts to do something in the other window, they are directed to
the login screen. I'm assuming my cookie is being replaced by the second
login, and then destroyed, i'm wondering if i can somehow make the
form-based authentication specific to the browser window as I am assuming a
new browser window means a new session is being created.

Thank You,

Frank Walsh
Frank.Walsh@gmail.com
Reply to this Message
Karl Seguin - 15 Jul 2005 14:17 GMT
Frank:
I think you're right about why it's working the way it is (shared cookies by
browser).  ASP.Net 2.0 will have cookieless formsauthentication (similar to
the current implementation of cookieless sessions).    The only real
solution I can think of is that you bake your own cookieless code, using Url
Rewriting.  Certainly not ideal, not sure I'd go through the trouble unless
absolutely necessary.

Karl

Signature

MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)

> Can anyone tell me if this is possible in asp.net, I want to use
> form-based authentication to authenticate my users, however a employee of
[quoted text clipped - 11 lines]
> Frank Walsh
> Frank.Walsh@gmail.com
Reply to this Message
Ben Amada - 15 Jul 2005 18:15 GMT
> Frank:
> I think you're right about why it's working the way it is (shared cookies
[quoted text clipped - 5 lines]
>
> Karl

Karl,

Just curious, but do you know how 2.0's cookieless forms authentication
differs from the current (v1.1) cookieless sessions?

Thanks!
Ben
Reply to this Message
Karl Seguin - 15 Jul 2005 19:35 GMT
AFAIK it's pretty much the same except one applies to the sessionid the
other to the auth cookie.  Configured in web.config also..

Karl

Signature

MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)

>
>> Frank:
[quoted text clipped - 14 lines]
> Thanks!
> Ben
Reply to this Message
Ben Amada - 16 Jul 2005 07:48 GMT
> AFAIK it's pretty much the same except one applies to the sessionid the
> other to the auth cookie.  Configured in web.config also..
>
> Karl

ok -- thanks!
Reply to this Message
Karl Seguin - 15 Jul 2005 19:34 GMT
Looks like there are some pre-built solutions for 1.1:
http://www.codeproject.com/aspnet/cookieless.asp

Karl

Signature

MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)

> Frank:
> I think you're right about why it's working the way it is (shared cookies
[quoted text clipped - 22 lines]
>> Frank Walsh
>> Frank.Walsh@gmail.com
Reply to this Message
Donald Scott - 15 Jul 2005 14:47 GMT
I think it has a lot to do with how the client is opening the multiple
browsers.  If you lauch two windows seperately, for example double click on
the internet explorer icon on the desktop twice to get two open windows, you
should not see this problem.  We use forms authentication and I have multiple
windows open with seperate logins in each window and none of them ever
interferre with the others.  However if the client opens one window then hits
Crtl-N or Clicks on the File menu-> New Window, the new window will open
however it will share the same "session" (shared cookies, shared history,
etc) which I think is causing the problem you are referring to.  

> Can anyone tell me if this is possible in asp.net, I want to use form-based
> authentication to authenticate my users, however a employee of the company
[quoted text clipped - 11 lines]
> Frank Walsh
> Frank.Walsh@gmail.com
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.