Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Forms Authentication Persistent Cookies Problem

Reply
Thread Tools

Forms Authentication Persistent Cookies Problem

 
 
Joey Powell
Guest
Posts: n/a
 
      12-12-2003
Hello, I originally configured my application to use persistent
cookies in error. Now, I need to find a way to disable those cookies.
I have tried changing usernames and passwords for all of the users,
but that doesn't help - they can still access our site using their old
persistent cookies. How can I disable them and force the users to log
in again?
 
Reply With Quote
 
 
 
 
Jacob Yang [MSFT]
Guest
Posts: n/a
 
      12-12-2003
Hi Joey,

Based on my research and experience, we have two solutions for this issue.

1. Clean the cookies on the client side.

2. Call the FormsAuthentication.SignOut Method.

Please refer to the following URLs for the detailed information regarding
this issue.

FormsAuthentication.SignOut Method
http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebSecurityFormsAuthenticationClassSign OutTopic.asp
"...
This removes either durable or session cookies.
..."

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default...b;en-us;301240

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default...b;EN-US;308157

Does it answer your question? If I have misunderstood your concern, please
feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ĘC www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 
Reply With Quote
 
 
 
 
Joey Powell
Guest
Posts: n/a
 
      12-12-2003
Jacob, I understand that. But neither of these solutions is practical,
because I don't have access to the client machines. Doesn't it make
sense to assume that asp.net would provide some way for me to control
access to *my* application, and from *my* web server.

If I want to "turn off" the user's access to my application, are you
saying that I will have to travel hundreds of miles and visit dozens
of machines to manually remove persistent cookies? If that is the case
then I am the developer of a web application that I cannot control
access to. This does not make any sense to me. Please advise.

http://www.velocityreviews.com/forums/(E-Mail Removed) (Jacob Yang [MSFT]) wrote in message news:<7nd8#(E-Mail Removed)>...
> Hi Joey,
>
> Based on my research and experience, we have two solutions for this issue.
>
> 1. Clean the cookies on the client side.
>
> 2. Call the FormsAuthentication.SignOut Method.
>
> Please refer to the following URLs for the detailed information regarding
> this issue.
>
> FormsAuthentication.SignOut Method
> http://msdn.microsoft.com/library/de...us/cpref/html/
> frlrfSystemWebSecurityFormsAuthenticationClassSign OutTopic.asp
> "...
> This removes either durable or session cookies.
> .."
>
> HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
> Using C# .NET
> http://support.microsoft.com/default...b;en-us;301240
>
> HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
> Using Visual Basic .NET
> http://support.microsoft.com/default...b;EN-US;308157
>
> Does it answer your question? If I have misunderstood your concern, please
> feel free to let me know.
>
> Best regards,
>
> Jacob Yang
> Microsoft Online Partner Support
> Get Secure! ĘC www.microsoft.com/security
> This posting is provided "as is" with no warranties and confers no rights.

 
Reply With Quote
 
Jacob Yang [MSFT]
Guest
Posts: n/a
 
      12-15-2003
Hi Joey,

Thank you for your update. It seems that there is some misunderstanding in
this issue.

As I understand, what you really want is:

1. Disable the cookies so that the user cannot access the web page without
login.

2. You still want to use the persistent cookies feature in your web
application.

My meaning of my past post is not that you have to travel hundreds of miles
and visit dozens of machines. I think that you can ask your customers to do
it on the client side. I apologize for it if there is any misunderstanding.
Since the two solutions in my past post are not practical to you, I have
another solution for your reference. Please check the following articles
carefully which I have mentioned in my past post:

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default...b;en-us;301240

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default...b;EN-US;308157

In the web.config file, we can find the following code:
...
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
...

Please change the value of the "name" (name=".ASPXFORMSDEMO") and rebuild
your web application. In addition, would you please tell me the value of
the "timeout" on your side?

If I have misunderstood your concern, please feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ĘC www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 
Reply With Quote
 
Joey Powell
Guest
Posts: n/a
 
      12-26-2003
Thanks guys for your help. I finally got it. I did not realize that I
all I needed to do was change the name of the cookie!

(E-Mail Removed) (Jacob Yang [MSFT]) wrote in message news:<(E-Mail Removed)>...
> Hi Joey,
>
> Thank you for your update. It seems that there is some misunderstanding in
> this issue.
>
> As I understand, what you really want is:
>
> 1. Disable the cookies so that the user cannot access the web page without
> login.
>
> 2. You still want to use the persistent cookies feature in your web
> application.
>
> My meaning of my past post is not that you have to travel hundreds of miles
> and visit dozens of machines. I think that you can ask your customers to do
> it on the client side. I apologize for it if there is any misunderstanding.
> Since the two solutions in my past post are not practical to you, I have
> another solution for your reference. Please check the following articles
> carefully which I have mentioned in my past post:
>
> HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
> Using C# .NET
> http://support.microsoft.com/default...b;en-us;301240
>
> HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
> Using Visual Basic .NET
> http://support.microsoft.com/default...b;EN-US;308157
>
> In the web.config file, we can find the following code:
> ..
> <authentication mode="Forms">
> <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
> protection="All" path="/" timeout="30" />
> </authentication>
> ..
>
> Please change the value of the "name" (name=".ASPXFORMSDEMO") and rebuild
> your web application. In addition, would you please tell me the value of
> the "timeout" on your side?
>
> If I have misunderstood your concern, please feel free to let me know.
>
> Best regards,
>
> Jacob Yang
> Microsoft Online Partner Support
> Get Secure! ĘC www.microsoft.com/security
> This posting is provided "as is" with no warranties and confers no rights.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Persistent field and Persistent properties - difference gk Java 7 10-12-2010 09:43 PM
Give Request.Cookies and Response.Cookies is there any reason to use another method to use cookies? _Who ASP .Net 7 09-18-2008 07:49 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
LOGON API and persistent cookies (Windows and Form authentication) Ben Ong ASP .Net Web Services 0 02-01-2005 11:50 PM
Persistent Cookies vs. session cookies Andy Fish Java 3 11-06-2003 10:44 AM



Advertisments