Re: how to prevent auth ticket expiration
- From: Brock Allen <ballen@xxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Jul 2005 20:34:24 -0700
Are you sure setting e.User = something doesn't work? Here's the code from the FormsAuthModule where it renews the ticket:
private void OnAuthenticate(FormsAuthenticationEventArgs e)
{
HttpCookie cookie1 = null;
if (this._eventHandler != null)
{
this._eventHandler(this, e);
}
if ((e.Context.User != null) || (e.User != null))
{
e.Context.User = (e.Context.User == null) ? e.User : e.Context.User;
}
else
{
// does the work to renew the ticket
}
}the line where it calls "this._eventHandler(this, e);" should be your code in global.asax. So inspecting this code says to me that if the event assigns a User then there's no need to renew the ticket.
-Brock DevelopMentor http://staff.develop.com/ballen
Ok I got the event in the global.asax and it does fire however this is just an event not an override so unfortunately the expiration timeout is still refreshed since the MS Authenticate code is still executing. Not only that but setting the e.User as you have in the example makes that page get redirected to the login screen because it fails authentication.
Got any more ideas?
Thanks Perry "Brock Allen" <ballen@xxxxxxxxxxxxxxxxx> wrote in message news:1023235632581768712759072@xxxxxxxxxxxxxxxxxxxxxxx
The event handler goes in global.asax. Modules that fire events can have those events handled in global.asax via ModuleName_EventName syntax. Here's the event decl:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpre f/html/frlrfsystemwebsecurityformsauthenticationmoduleclassauthentica tetopic.asp?frame=true
-Brock DevelopMentor http://staff.develop.com/ballenI searched the whole MSDN library and there is no OnAuthenticate event. This is a good idea but how do I override this event and where is this event?
The closest I could find is "AddOnAuthenticateRequestAsync" but I have no idea how to implement this. It does not even show in the methods that can be overriden in the IDE. It passes two delegates and this async stuff makes me shudder. I could not find any examples of how this works.
Thanks PerryMaybe there is another way to prevent the auth ticket from updating for a specified page. Can't this process be intercepted and overriden in some place?
Actually, there is one other idea. The FormsAuthModule fires a OnAuthenticate event which you can use to specify the user. If you specify a method:
void FormsAuthentication_Authenticate(object s, FormsAuthenticationEventArgs e) { if (HttpContext.Current.Request.Path == "ThePathIWantToIgnore.aspx") { e.User = new GenericPrincipal(new GenericIdentity(string.Empty, string.Empty), new string[0]); } } If you specify the identity, it won't be read from the forms auth cookie, and you won't get the extention of the cookie timeout. I don't know why I didn't think of this earlier. -Brock DevelopMentor http://staff.develop.com/ballen
.
- Follow-Ups:
- Re: how to prevent auth ticket expiration
- From: Perecli Manole
- Re: how to prevent auth ticket expiration
- References:
- Re: how to prevent auth ticket expiration
- From: Perecli Manole
- Re: how to prevent auth ticket expiration
- Prev by Date: Re: Response.Redirect not working
- Next by Date: Update Control Size!
- Previous by thread: Re: how to prevent auth ticket expiration
- Next by thread: Re: how to prevent auth ticket expiration
- Index(es):
Relevant Pages
|
