Go Back   Access World Forums > Apps and Windows > Web Design and Development > ASP and ASP.NET

 
Reply
 
Thread Tools Rating: Thread Rating: 4 votes, 5.00 average. Display Modes
Old 01-13-2006, 07:01 AM   #1
EndersG
Registered User
 
Join Date: Feb 2000
Location: New York, NY, USA
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
EndersG
Send a message via AIM to EndersG Send a message via Yahoo to EndersG
Question Forms Authentication

I'm using Forms Authentication for my ASP.NET web application. When the session times out and the user tries to navigate to a different page, he/she will be redirected to the login page (based on the loginUrl) where he/she will be prompted to re-enter his/her credentials.

HOWEVER, I don't want this to apply to the LogOut link of my web application. I want the user to be able to log out immediately (regardless of whether or not the authorization ticket/cookie expired or not). It doesn't seem to make sense that you should receive a login prompt and have to reauthenticate yourself just so you can log out.

Anyone have any ideas how I can accomplish this?

__________________
Treat your passwords like your toothbrush. Don't let anyone else use it and change it at least every three months.
EndersG is offline   Reply With Quote
Old 01-13-2006, 10:12 AM   #2
Kodo
"The Shoe"
 
Kodo's Avatar
 
Join Date: Jan 2004
Location: Syracuse NY
Posts: 707
Thanks: 0
Thanked 1 Time in 1 Post
Kodo is on a distinguished road
Send a message via MSN to Kodo
well, that logic won't work because if the session expired then they are already "logged out" so to speak so if you have a logout page that requires authentication to get to (which appears to be the case) then you should change your forms auth so that the logout page does not require authentication to get to. On the logout page use

Session.Abandon()
FormsAuthentication.SignOut()
__________________
Message boards: The only place where multiple personality disorders are treated with a "welcome" post.
Kodo is offline   Reply With Quote
Old 01-13-2006, 11:46 AM   #3
EndersG
Registered User
 
Join Date: Feb 2000
Location: New York, NY, USA
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
EndersG
Send a message via AIM to EndersG Send a message via Yahoo to EndersG
No. You misunderstand. I have a menubar on top of my main web page and there are links that take you to different pages. My last menu item is a LogOut link that allows you to exit the system completely. However, if there has been inactivity for a predetermined amount of time beyond the session expiry date/time, if you try to click on any of the links it will take you back to the login screen. Which is fine. I want it to work in that exact sequence. EXCEPT however, if you click on the logout link. If you click on the logout link, it should exit you out gracefully from the application regardless if you've timed out or not. Unfortunately, that's not happening. It's bring up the logon screen, the user enters the username and password, and only then does it finally display the logout page. It's too many steps just to exit the app and I want to eliminate the intermediary one (the login page)

__________________
Treat your passwords like your toothbrush. Don't let anyone else use it and change it at least every three months.
EndersG is offline   Reply With Quote
Old 01-13-2006, 05:19 PM   #4
Kodo
"The Shoe"
 
Kodo's Avatar
 
Join Date: Jan 2004
Location: Syracuse NY
Posts: 707
Thanks: 0
Thanked 1 Time in 1 Post
Kodo is on a distinguished road
Send a message via MSN to Kodo
that's what I'm saying. Your logout "section" is within the layer that is being protected with FormsAuth. You need to remove it from being protected by FormsAuth for it to do what you're asking. So, have the link go to a Logout.aspx page that does the logging out for you.


so. click LOGOUT.. redirect to unprotected LOGOUT.ASPX which does
session.abandon
formsAuthentication.signout()
'redirect to some other page if desired
__________________
Message boards: The only place where multiple personality disorders are treated with a "welcome" post.
Kodo is offline   Reply With Quote
Old 01-17-2006, 05:59 AM   #5
EndersG
Registered User
 
Join Date: Feb 2000
Location: New York, NY, USA
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
EndersG
Send a message via AIM to EndersG Send a message via Yahoo to EndersG
Question

Fair enough, Kodo. But I'm still not clear on how one would go about isolating a specific aspx page (i.e. LogOut.aspx) from being verified using Forms Authentication. Is that something I can set in the web.config file? If so, please advise how I would go about doing that. Much appreciated!
__________________
Treat your passwords like your toothbrush. Don't let anyone else use it and change it at least every three months.
EndersG is offline   Reply With Quote
Old 01-17-2006, 06:20 AM   #6
Kodo
"The Shoe"
 
Kodo's Avatar
 
Join Date: Jan 2004
Location: Syracuse NY
Posts: 707
Thanks: 0
Thanked 1 Time in 1 Post
Kodo is on a distinguished road
Send a message via MSN to Kodo
take a look here
http://www.devhood.com/tutorials/tut...tutorial_id=85

take note of the web.config that the author has displayed.
A section like this

<location path="public/">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

where path= your logout.aspx.

I just thought of something else. If your logout button doesn't go to another page, instead if it posts back, you can check for user.isauthenticated and do an IF THEN ESLE on that condition.
IF user.isauthenticated then
'do logout code
else
'redirect someplace else
end if

take your pick.
__________________
Message boards: The only place where multiple personality disorders are treated with a "welcome" post.
Kodo is offline   Reply With Quote
Old 01-18-2006, 08:07 AM   #7
EndersG
Registered User
 
Join Date: Feb 2000
Location: New York, NY, USA
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
EndersG
Send a message via AIM to EndersG Send a message via Yahoo to EndersG
Thanks for the code snippet, Kodo. I'll give it a try and see what happens.

__________________
Treat your passwords like your toothbrush. Don't let anyone else use it and change it at least every three months.
EndersG is offline   Reply With Quote
Old 01-18-2006, 08:23 AM   #8
EndersG
Registered User
 
Join Date: Feb 2000
Location: New York, NY, USA
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
EndersG
Send a message via AIM to EndersG Send a message via Yahoo to EndersG
It worked! Kudos to Kodo.
__________________
Treat your passwords like your toothbrush. Don't let anyone else use it and change it at least every three months.
EndersG is offline   Reply With Quote
Old 01-18-2006, 10:15 AM   #9
Kodo
"The Shoe"
 
Kodo's Avatar
 
Join Date: Jan 2004
Location: Syracuse NY
Posts: 707
Thanks: 0
Thanked 1 Time in 1 Post
Kodo is on a distinguished road
Send a message via MSN to Kodo
Glad you got it sorted.
Which method did you choose?
__________________
Message boards: The only place where multiple personality disorders are treated with a "welcome" post.
Kodo is offline   Reply With Quote
Old 01-20-2006, 05:58 AM   #10
EndersG
Registered User
 
Join Date: Feb 2000
Location: New York, NY, USA
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
EndersG
Send a message via AIM to EndersG Send a message via Yahoo to EndersG
I implemented the K.I.S.S. method. 'Keep it simple, stupid.' I just set the path attribute of the location element to LogOut.aspx and let the .Net framework handle the rest.... easy as pie. Thanks again.

__________________
Treat your passwords like your toothbrush. Don't let anyone else use it and change it at least every three months.
EndersG is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Synchronise multiple forms martineeac Forms 1 07-29-2005 11:50 AM
Trade off between datasheet and continuous forms... ifstar Forms 0 07-01-2004 10:08 AM
Hidden Forms Not Maximizing Matty Modules & VBA 3 06-26-2003 05:17 AM
Duplicate Record within Form and Linked Forms Melody Forms 0 04-05-2001 10:27 AM
[SOLVED] Main forms within main forms Donnabel Forms 1 11-13-1999 01:45 PM




All times are GMT -8. The time now is 06:28 AM.


Microsoft Access Help
General
Tables
Queries
Forms
Reports
Macros
Modules & VBA
Theory & Practice
Access FAQs
Code Repository
Sample Databases
Video Tutorials

Sponsored Links

How to advertise

Media Kit


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
(c) copyright 2017 Access World