|
Identify FormsAuthentication Timeout
I have a forms authentication website that has a page where users spend a lot
of time on. So somebody spends an hour on the page and then presses submit and gets redirected to the logon page. Followed by a redirect back to where they were minus all the data they typed in. Is their a way to handle time outs without loosing data on the redirect. Maybe popup a logon page versus a redirect or something. |
Re: Identify FormsAuthentication Timeout
On Jun 3, 5:17*pm, Chuck <nosp...@nospam.nospam> wrote:
> I have a forms authentication website that has a page where users spend alot > of time on. *So somebody spends an hour on the page and then presses submit > and gets redirected to the logon page. *Followed by a redirect back to where > they were minus all the data they typed in. > > Is their a way to handle time outs without loosing data on the redirect. > Maybe popup a logon page versus a redirect or something. Hi Chuck you can try to prevent the timeout by placing an iframe in the page that hits another page. See: http://www.codeproject.com/KB/sessio...brillator.aspx Another approach is to add js with timeout which is less then the ASP.NET timeout http://jeremywadsworth.com/Default.aspx?blogentryid=41 Hope this helps |
Re: Identify FormsAuthentication Timeout
Thanks,
Interesting technique, but I can't use it. The users credentials are security sensitive so we do need to have authentication deactivated after the timeout period expires. "Alexey Smirnov" wrote: > On Jun 3, 5:17 pm, Chuck <nosp...@nospam.nospam> wrote: > > I have a forms authentication website that has a page where users spend a lot > > of time on. So somebody spends an hour on the page and then presses submit > > and gets redirected to the logon page. Followed by a redirect back to where > > they were minus all the data they typed in. > > > > Is their a way to handle time outs without loosing data on the redirect. > > Maybe popup a logon page versus a redirect or something. > > Hi Chuck > > you can try to prevent the timeout by placing an iframe in the page > that hits another page. See: > > http://www.codeproject.com/KB/sessio...brillator.aspx > > Another approach is to add js with timeout which is less then the > ASP.NET timeout > > http://jeremywadsworth.com/Default.aspx?blogentryid=41 > > Hope this helps > |
Re: Identify FormsAuthentication Timeout
The better thing to do here is to design the app so that it can easily
handle holding data that is in an intermediate state of completion (not yet "submitted") and provide code that allows features like auto save to work and to make the current transaction "GET friendly" so that if the user is redirected away from the page they've been working on and then redirected back, they are returned to their in process transaction with the data as it was last saved either through some sort of auto save feature or via a user interaction. You can also make it such that the forms auth does not time out at all (or takes a very long time to), but that may not be desirable from a security perspective. Obviously there is some significant rework involved to make the app behave like this. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net "Chuck" <nospam2@nospam.nospam> wrote in message news:76C88928-236B-4E09-BB40-74F1AE486D9F@microsoft.com... > Thanks, > Interesting technique, but I can't use it. The users credentials are > security sensitive so we do need to have authentication deactivated after > the > timeout period expires. > > > "Alexey Smirnov" wrote: > >> On Jun 3, 5:17 pm, Chuck <nosp...@nospam.nospam> wrote: >> > I have a forms authentication website that has a page where users spend >> > a lot >> > of time on. So somebody spends an hour on the page and then presses >> > submit >> > and gets redirected to the logon page. Followed by a redirect back to >> > where >> > they were minus all the data they typed in. >> > >> > Is their a way to handle time outs without loosing data on the >> > redirect. >> > Maybe popup a logon page versus a redirect or something. >> >> Hi Chuck >> >> you can try to prevent the timeout by placing an iframe in the page >> that hits another page. See: >> >> http://www.codeproject.com/KB/sessio...brillator.aspx >> >> Another approach is to add js with timeout which is less then the >> ASP.NET timeout >> >> http://jeremywadsworth.com/Default.aspx?blogentryid=41 >> >> Hope this helps >> |
Re: Identify FormsAuthentication Timeout
Thanks,
Can't really redesign the application. I have a heavily customized FormsAuthetication provider. I would rather just customize it so that regardless of the application using FormsAuthentication, the current page data would not be lost. I was thinking of adding somesort of check in EndRequest that would inject a client script to create a javascript newwindow that is actually the login page. In EndRequest if you check for HttpContext.Current.Response.StatusCode == 302 && HttpContext.Current.Response.RedirectLocation.ToUp per().StartsWith(FormsAuthentication.LoginUrl.ToUp per())) Then you know your being redirected by forms authentication. Having some trouble with that so far. "Joe Kaplan" wrote: > The better thing to do here is to design the app so that it can easily > handle holding data that is in an intermediate state of completion (not yet > "submitted") and provide code that allows features like auto save to work > and to make the current transaction "GET friendly" so that if the user is > redirected away from the page they've been working on and then redirected > back, they are returned to their in process transaction with the data as it > was last saved either through some sort of auto save feature or via a user > interaction. > > You can also make it such that the forms auth does not time out at all (or > takes a very long time to), but that may not be desirable from a security > perspective. > > Obviously there is some significant rework involved to make the app behave > like this. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > "Chuck" <nospam2@nospam.nospam> wrote in message > news:76C88928-236B-4E09-BB40-74F1AE486D9F@microsoft.com... > > Thanks, > > Interesting technique, but I can't use it. The users credentials are > > security sensitive so we do need to have authentication deactivated after > > the > > timeout period expires. > > > > > > "Alexey Smirnov" wrote: > > > >> On Jun 3, 5:17 pm, Chuck <nosp...@nospam.nospam> wrote: > >> > I have a forms authentication website that has a page where users spend > >> > a lot > >> > of time on. So somebody spends an hour on the page and then presses > >> > submit > >> > and gets redirected to the logon page. Followed by a redirect back to > >> > where > >> > they were minus all the data they typed in. > >> > > >> > Is their a way to handle time outs without loosing data on the > >> > redirect. > >> > Maybe popup a logon page versus a redirect or something. > >> > >> Hi Chuck > >> > >> you can try to prevent the timeout by placing an iframe in the page > >> that hits another page. See: > >> > >> http://www.codeproject.com/KB/sessio...brillator.aspx > >> > >> Another approach is to add js with timeout which is less then the > >> ASP.NET timeout > >> > >> http://jeremywadsworth.com/Default.aspx?blogentryid=41 > >> > >> Hope this helps > >> > > |
Re: Identify FormsAuthentication Timeout
On Jun 4, 12:14*am, Chuck <nosp...@nospam.nospam> wrote:
> Thanks, > Can't really redesign the application. *I have a heavily customized > FormsAuthetication provider. *I would rather just customize it so that > regardless of the application using FormsAuthentication, the current page > data would not be lost. > > I was thinking of adding somesort of check in EndRequest that would inject a > client script to create a javascript newwindow that is actually the login > page. *In EndRequest *if you check for * > HttpContext.Current.Response.StatusCode == 302 > * * * * * * *&& > HttpContext.Current.Response.RedirectLocation.ToUp per().StartsWith(FormsAut hentication.LoginUrl.ToUpper())) > Then you know your being redirected by forms authentication. > > * Having some trouble with that so far. > > "Joe Kaplan" wrote: > > The better thing to do here is to design the app so that it can easily > > handle holding data that is in an intermediate state of completion (notyet > > "submitted") and provide code that allows features like auto save to work > > and to make the current transaction "GET friendly" so that if the user is > > redirected away from the page they've been working on and then redirected > > back, they are returned to their in process transaction with the data as it > > was last saved either through some sort of auto save feature or via a user > > interaction. > > > You can also make it such that the forms auth does not time out at all (or > > takes a very long time to), but that may not be desirable from a security > > perspective. > > > Obviously there is some significant rework involved to make the app behave > > like this. > > > -- > > Joe Kaplan-MS MVP Directory Services Programming > > Co-author of "The .NET Developer's Guide to Directory Services Programming" > >http://www.directoryprogramming.net > > "Chuck" <nosp...@nospam.nospam> wrote in message > >news:76C88928-236B-4E09-BB40-74F1AE486D9F@microsoft.com... > > > Thanks, > > > Interesting technique, but I can't use it. *The users credentials are > > > security sensitive so we do need to have authentication deactivated after > > > the > > > timeout period expires. > > > > "Alexey Smirnov" wrote: > > > >> On Jun 3, 5:17 pm, Chuck <nosp...@nospam.nospam> wrote: > > >> > I have a forms authentication website that has a page where users spend > > >> > a lot > > >> > of time on. *So somebody spends an hour on the page and then presses > > >> > submit > > >> > and gets redirected to the logon page. *Followed by a redirect back to > > >> > where > > >> > they were minus all the data they typed in. > > > >> > Is their a way to handle time outs without loosing data on the > > >> > redirect. > > >> > Maybe popup a logon page versus a redirect or something. > > > >> Hi Chuck > > > >> you can try to prevent the timeout by placing an iframe in the page > > >> that hits another page. See: > > > >>http://www.codeproject.com/KB/sessio...brillator.aspx > > > >> Another approach is to add js with timeout which is less then the > > >> ASP.NET timeout > > > >>http://jeremywadsworth.com/Default.aspx?blogentryid=41 > > > >> Hope this helps I think that "auto save" can be easily done without major changes in the application. It can be implemented using javascript and its setTimeOut function that can be executed after certain period of time (e.g. every 1 minute) and keep the form data stored as a draft... The only thing that need to be changed is an initial load of the form where you would need to check if there is any draft or not. |
Re: Identify FormsAuthentication Timeout
Would have to be an unattended autosave, incase the user is away from the desk.
Also would have to change the logic of the save to not require required fields before saving. Which involve removing constraints from the database or changing to some sort of temporary data storage. Not trivial or even a good idea IMHO. |
Re: Identify FormsAuthentication Timeout
Probably your best best is to change the forms auth ticket so that it
doesn't expire or takes a very long time to expire. Your app is not well designed to deal with a long running process on the client side like filling out a very long form, so you really can't afford to allow the app to redirect the user to a different page in the middle of this. If you still want the auth to time out, you'll probably need to invest in some client side javascript that will "test" whether the form post can be submitted without a timeout via some type of AJAX call and if it is going to fail, instead pop up a new window (or some type of overlay) that allows the user to reauthenticate without a change to the underlying page. Basically, if the server redirects the user to log in again as a result of an authentication failure and issues a 302 redirect to the browser, the user will lose all their data so you'll need to make sure the page never submits an action that will cause this to happen. Client side script is the only thing I can think of here. In the future, you may also want to consider allowing the app to auto save and allow for violations of the business rules for intermediate (not submitted) data. Basically, you need a function like email clients have to "save as draft" with auto save. Gmail and OWA do a nice job with this in the browser. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net "Chuck" <nospam2@nospam.nospam> wrote in message news:24F49CB1-3F4C-4C92-BF34-5B3CDB788685@microsoft.com... > Would have to be an unattended autosave, incase the user is away from the > desk. > Also would have to change the logic of the save to not require required > fields before saving. Which involve removing constraints from the > database > or changing to some sort of temporary data storage. Not trivial or even a > good idea IMHO. > > |
Re: Identify FormsAuthentication Timeout
We use the forms authentication timeout for security purposes. So coding to
defeat the timeout using javascript or chaning the timeout value, would not be looked upon kindly. I have about 50 sites that use the same FormsAuthentication site, so rewriting 50 websites or chaning or methodology on any of them would be hugely expensive. Also it is somewhat repulsive to me to have to change a data access methodology when a possible two line coding solution could be available. Hence my post for asking specfically about handlinge time outs without loosing data on the redirect. Maybe popup a logon page versus a redirect or something |
Re: Identify FormsAuthentication Timeout
Anyway to get a response from a MS support engineer within 48 hours? |
| All times are GMT. The time now is 11:20 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.