Re: how to prevent auth ticket expiration

Ok, I'll have to setyp a test later to see if I can get this to work. As for looking at the MS code, it's all there to see witih reflector:

http://www.aisto.com/roeder/dotnet/

-Brock
DevelopMentor
http://staff.develop.com/ballen



Here is the code exactly as I have it in the global.asax.

Sub FormsAuthentication_OnAuthenticate(ByVal s As Object, ByVal e
As
FormsAuthenticationEventArgs)
If HttpContext.Current.Request.Path =
"/ArgoWeb/ReminderCheck.aspx"
Then
e.User = New GenericPrincipal(New
GenericIdentity(String.Empty,
String.Empty), New String() {""})
End If
End Sub
I stepped through it and the function does get called on every page
and the
IF statement does give way on the correct page.
The expiration ticket however still gets refreshed when I inspect it
in the
OnLoad event of the "ReminderCheck.aspx" page. Both IssuedDate and
ExpireDate get new values on every request. I have tested this with 2
min
login timeout and "ReminderCheck.aspx" being called every 5 seconds to
expedite the test.
How do you know what code is in the OnAuthenticate() method? Isn't
that compiled in the MS library? Is there away to override this
method?

Thanks
Perry
"Brock Allen" <ballen@xxxxxxxxxxxxxxxxx> wrote in message
news:1024541632581904642440668@xxxxxxxxxxxxxxxxxxxxxxx

Are you sure setting e.User = something doesn't work? Here's the code
from the FormsAuthModule where it renews the ticket:

private void OnAuthenticate(FormsAuthenticationEventArgs e)
{
HttpCookie cookie1 = null;
if (this._eventHandler != null)
{
this._eventHandler(this, e);
}
if ((e.Context.User != null) || (e.User != null))
{
e.Context.User = (e.Context.User == null) ? e.User :
e.Context.User;
}
else
{
//  does the work to renew the ticket
}
}
the line where it calls "this._eventHandler(this, e);" should be your
code in global.asax. So inspecting this code says to me that if the
event assigns a User then there's no need to renew the ticket.

-Brock
DevelopMentor
http://staff.develop.com/ballen

Ok I got the event in the global.asax and it does fire however this
is just an event not an override so unfortunately the expiration
timeout is still refreshed since the MS Authenticate code is still
executing. Not only that but setting the e.User as you have in the
example makes that page get redirected to the login screen because
it fails authentication.

Got any more ideas?

Thanks
Perry
"Brock Allen" <ballen@xxxxxxxxxxxxxxxxx> wrote in message
news:1023235632581768712759072@xxxxxxxxxxxxxxxxxxxxxxx

The event handler goes in global.asax. Modules that fire events can
have those events handled in global.asax via ModuleName_EventName
syntax. Here's the event decl:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cp
re
f/html/frlrfsystemwebsecurityformsauthenticationmoduleclassauthenti
ca tetopic.asp?frame=true

-Brock
DevelopMentor
http://staff.develop.com/ballen

I searched the whole MSDN library and there is no OnAuthenticate
event. This is a good idea but how do I override this event and
where is this event?

The closest I could find is "AddOnAuthenticateRequestAsync" but I
have no idea how to implement this. It does not even show in the
methods that can be overriden in the IDE. It passes two delegates
and this async stuff makes me shudder. I could not find any
examples of how this works.

Thanks
Perry

Maybe there is another way to prevent the auth ticket from
updating for a specified page. Can't this process be intercepted
and overriden in some place?

Actually, there is one other idea. The FormsAuthModule fires a
OnAuthenticate event which you can use to specify the user. If
you specify a method:

void FormsAuthentication_Authenticate(object s,
FormsAuthenticationEventArgs e)
{
if (HttpContext.Current.Request.Path ==
"ThePathIWantToIgnore.aspx")
{
e.User = new GenericPrincipal(new GenericIdentity(string.Empty,
string.Empty), new string[0]);
}
}
If you specify the identity, it won't be read from the forms auth
cookie, and you won't get the extention of the cookie timeout. I
don't know why I didn't think of this earlier.
-Brock
DevelopMentor
http://staff.develop.com/ballen




.

Relevant Pages

  • Re: how to prevent auth ticket expiration
    ... just an event not an override so unfortunately the expiration timeout is still refreshed since the MS Authenticate code is still executing. ... If you specify the identity, it won't be read from the forms auth cookie, and you won't get the extention of the cookie timeout. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: COBOL question: Why cant we use "RECORD CONTAINS 0 CHARACTERS" for RECFM=V files?
    ... Overriding LRECL for varying-length files simply works. ... Specify LRECL=32756 and be done with it. ... So yes you need a JCL override that matches the program. ...
    (bit.listserv.ibm-main)
  • Re: how to prevent auth ticket expiration
    ... Is it possible that there's another request being made to the server which is resetting your timeout? ... Both IssuedDate and ExpireDate get new values on every request. ... Is there away to override this method? ... If you specify the identity, it won't be read from the forms auth cookie, and you won't get the extention of the cookie timeout. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: OUTPUT JESDS= statement
    ... you would need to override that in your OUTPUT statement. ... a "dummy" SYSOUT class to suppress the job output, ... specify a different SYSOUT class, ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: how to prevent auth ticket expiration
    ... The event handler goes in global.asax. ... This is a good idea but how do I override this event and where is this event? ... If you specify the identity, it won't be read from the forms auth cookie, and you won't get the extention of the cookie timeout. ...
    (microsoft.public.dotnet.framework.aspnet)
Loading