RE: A little problem with Forms authentication :-(

Simon
What you suspect is 100% correct. Use a different method to get them to the
destination page.
Peter

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com




"Simon Harvey" wrote:

Hi All,

I'm hoping somebody could help me with the following problem.

I'm using forms authentication and the user is getting authenticated no
problem. Once authenticated the user can look at all the appropriate
pages and so on.

When the user is inactive for a set period of time, I want their
authentication ticket to expire. As I understand it, the next time the
user attempts to access the site after this has happened, the user
should be redirected to the login page. The problem is, this isn't
happening. I've set the time out for the cookie to the test value of 1
min in both the web config file and in code but the user is still
allowed to look around after 1 minute has elapsed. I can't figure out
why though.

In the Web Config file I have:

<authentication mode="Forms">
<forms name="QRVMToken" timeout="1" loginUrl="Login.aspx"
defaultUrl="Secure/Default.aspx"/>
</authentication>

Then in code I have:

// Create a ticket to expire in 1 minute

ticket = new FormsAuthenticationTicket(1, currentUser.QualifiedUsername,
DateTime.Now, DateTime.Now.AddMinutes(1), false, "",
FormsAuthentication.FormsCookiePath);

secureTicket = FormsAuthentication.Encrypt(ticket);

// Add to the cookie collection
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
secureTicket));

// Redirect from Login

FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);

I'm not sure but I think the problem might be something to do with the
redirect from login bit because as I understand it, that method also
adds a cookie and so maybe screwing with the one I've already attached.
The reason why I actually make one is because there doesnt seem to be
anyway to set the expiration of the RedirectFromLoginPage cookie

If anyone could offer some assistance on this I would be very very grateful

Kindest Regards

Simon

.

Relevant Pages

  • Re: Default.aspx - newbie Q`
    ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Default.aspx - newbie Q`
    ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP 2.0 Membership API
    ... After successful authentication, you want to redirect back to the original application, but the returnURL parameter contains only /App1 as the URL. ... The solution to that problem is adding a local login page to the application that does a manual redirect to the central authentication application. ... if not you have to use cookieless auth ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Accessing and displaying SSL web pages and cookies from a windows form
    ... or LoadXML calls to urls on the website in order to get data or post data to ... first redirected to a SSL login page, if a particular cookie is not present, ... cookie is not present instead of getting the data. ... >> the data in the cookie and also not redirect to the login page. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Detecting Failed Authorization
    ... after every authentication request and before the user ... is redirected to any login page. ... > "Ken Dopierala Jr." ... >> 'Redirect where you want the user to go. ...
    (microsoft.public.dotnet.framework.aspnet)