Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > forms authentication not making users reauthenticate

Reply
Thread Tools

forms authentication not making users reauthenticate

 
 
Travis Parrent
Guest
Posts: n/a
 
      02-10-2004
I'm having a problem where my application forces the user to log on
intially, but then never forces them to reauthenticate. Following is the
login code currently but I've tried several different things. I can walk
away from the app for an hour and come back and it will still not force them
to log back in. Where can i look?

Here's current login code :
Private Sub btnLogon_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogon.Click
Dim passwordVerified As Boolean = False
Try
'passwordVerified = VerifyPassword(txtUserName.Text,
txtPassword.Text)
'currently commented out until I get this working
passwordVerified = True
Catch ex As Exception
lblMessage.Text = ex.Message
Return
End Try
If passwordVerified = True Then

Dim intReset As Boolean
'intReset = Session("Reset") 'once again forcing value until
i get reauthenticate working
intReset = False
If intReset = True Then
Me.btnLogon.Visible = False
Me.btnReset.Visible = True
lblMessage.Text = "YOU MUST RESET YOUR PASSWORD TO CONTINUE!
Please enter a NEW password in the box above and click the Reset Password
button. You will then have to log in again."
Else
'Dim roles As String = GetCustomers(txtUserName.Text) '
'Trying to force it to timeout right away to test to make
sure it reauthenticates
Dim authTicket As New
System.Web.Security.FormsAuthenticationTicket(1, txtUserName.Text,
DateTime.Now, DateTime.Now.AddSeconds(10), False, "blah")
Dim encryptedTicket As String =
System.Web.Security.FormsAuthentication.Encrypt(au thTicket)
Dim authCookie As New
HttpCookie(System.Web.Security.FormsAuthentication .FormsCookieName,
encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect(Request("ReturnURL"))
'other things i've tried...

'System.Web.Security.FormsAuthentication.GetRedire ctUrl(txtUserName.Text,
False))
'FormsAuthentication.RedirectFromLoginPage(txtUser Name.Text,
False)
End If

Else
lblMessage.Text = "Invalid username or password"
End If
End Sub 'btnLogon_Click

Here's current web.config settings for authentication and authorization:

<authentication mode="Forms">
<forms loginUrl="login.aspx" name="sqlAuthCookie" timeout="1" path="/"
slidingExpiration="false"></forms>
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

Any help appreciated,
Travis




 
Reply With Quote
 
 
 
 
Travis Parrent
Guest
Posts: n/a
 
      02-10-2004
I may have answered my own question. I found this code in global.asax.vb:

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the use
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
Return
End If
Dim authTicket As FormsAuthenticationTicket = Nothing
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
Return
End Try
If authTicket Is Nothing Then
Return
End If
Dim role As String() = authTicket.UserData.Split(New Char() {"|"c})
Dim id As New FormsIdentity(authTicket)
Dim principal As New GenericPrincipal(id, role)
Context.User = principal
End Sub

I didn't write this app, and I'm pretty new to asp.net, but can someone
quickly explain what this code it doing.

It must somehow be re-authenticating the user automatically. I want to
remove it but not sure what effects that will have overall and not sure why
it was put here to begin with??

Thanks,
Travis


"Travis Parrent" <(E-Mail Removed)> wrote in message
news:%232mMnO$(E-Mail Removed)...
> I'm having a problem where my application forces the user to log on
> intially, but then never forces them to reauthenticate. Following is the
> login code currently but I've tried several different things. I can walk
> away from the app for an hour and come back and it will still not force

them
> to log back in. Where can i look?



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Help me in making users/deleting users in active directory Sara rafiee ASP .Net 3 10-04-2004 01:35 PM
Help me in making users/deleting users in active directory Sara rafiee ASP .Net Web Controls 1 10-04-2004 12:00 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments