Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Windows Authentication and Session State

Reply
Thread Tools

Windows Authentication and Session State

 
 
Will Gillen
Guest
Posts: n/a
 
      11-08-2004
I have an ASP.NET application that is using windows authentication (basic).
It prompts the user for their Windows Credentials when they first load the
page.

Now, I want to have the "session" timeout in 3 minutes, so that the page
will again prompt them for their credentials if this timeout has elapsed.

I have tried setting the "Session.timeout = 3" in the page_load method of
the page I want to secure.

I notice that the "Session_End" method in Global.Asax does fire, but the
Authentication Ticket appears to "stay valid" even after the Session has
ended.

Is there a way to force the page to prompt again for Windows Credentials at
specified timeouts?

Please let me know.

Thanks.

-- Will Gillen


 
Reply With Quote
 
 
 
 
Nico den Boer
Guest
Posts: n/a
 
      11-09-2004
I'm new to .NET, but hopefully you can use this...

I've included the following code in global.asax:

protected void Session_End(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
// User is still authenticated
FormsAuthentication.SignOut();
}
}

This makes the Authentication Ticket invalid.

Nico


 
Reply With Quote
 
 
 
 
Will Gillen
Guest
Posts: n/a
 
      11-09-2004
"FormsAuthentication.SignOut();" doesn't appear to work on "Windows
Integrated" Authentication.

My application is using "Windows Integrated" Authentication, and not Forms
based authentication. This means that IIS is handling the authentication
and creating an identity. M question is: how can I "un-authenticate" the
identity at a specified time interval (without having to have the users
close all their browser windows)?

This approach that you provided is in the direction that I'm looking for,
but when i tried to implement, it didn't seem to work with "Windows
Integrated" Authentication.

Any other ideas?

-- Will G.


"Nico den Boer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm new to .NET, but hopefully you can use this...
>
> I've included the following code in global.asax:
>
> protected void Session_End(Object sender, EventArgs e)
> {
> if (User.Identity.IsAuthenticated)
> {
> // User is still authenticated
> FormsAuthentication.SignOut();
> }
> }
>
> This makes the Authentication Ticket invalid.
>
> Nico
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
difference between asp session state and asp.net session state. archana ASP .Net 0 03-13-2007 11:42 AM
ASP.NET 2.0 Session State and ASP.NET 1.1 Session State jnickfl1 ASP .Net 0 09-18-2006 03:23 PM
Unable to serialize the session state. Please note that non-serializable objects or MarshalByRef objects are not permitted when session state mode is 'StateServer' or 'SQLServer'. Mike Larkin ASP .Net 1 05-23-2005 12:33 PM
Unable to make the session state request to the session state server Not Liking Dot Net Today ASP .Net 0 04-21-2004 11:54 AM
unable to make the session state request to the session state server shamanthakamani ASP .Net 1 11-20-2003 04:51 AM



Advertisments