Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > How to prevent user from authenticating

Reply
Thread Tools

How to prevent user from authenticating

 
 
salickc@gmail.com
Guest
Posts: n/a
 
      09-09-2005
Hello,

I'm using Forms Authentication.
When the user logins for the first time, i create a persistent cookie,
so the user will login automatically every time he browse the site.

But suppose after I a week, i deleted the user from my DB.
He still has the cookie on his computer, and will connect automatically
when he browse.

How can I prevent this situation, but still use persistent cookies?
Can i re-validate users with authentication cookies also?

 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-09-2005
Hello http://www.velocityreviews.com/forums/(E-Mail Removed),

well - you basically give the user the key to you application you could
at least limit the lifetime of the persistent cookie to something like 30
days e.g.

there are other solution that come to my mind, like keeping a list of deleted
users but thats hacky,too. Or you could keep the user in the db and mark
him as locked out.

persistent cookie are evil, simply put.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hello,
>
> I'm using Forms Authentication.
> When the user logins for the first time, i create a persistent cookie,
> so the user will login automatically every time he browse the site.
> But suppose after I a week, i deleted the user from my DB.
> He still has the cookie on his computer, and will connect
> automatically
> when he browse.
> How can I prevent this situation, but still use persistent cookies?
> Can i re-validate users with authentication cookies also?
>




 
Reply With Quote
 
 
 
 
salickc@gmail.com
Guest
Posts: n/a
 
      09-09-2005
marking users as locked out, means that i need to check the username on
every page which requires authenticaton. grrr
well, i guess that's an idea

any other ideas?

 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-09-2005
Hello (E-Mail Removed),

write a HttpModule that handles AuthenticateRequest and check there.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> marking users as locked out, means that i need to check the username
> on
> every page which requires authenticaton. grrr
> well, i guess that's an idea
> any other ideas?
>




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
Authenticating users against Windows NT User GROUPS Jr. BTS dev! ASP .Net 2 01-27-2006 02:55 AM
Authenticating user logon with barcode teddysnips@hotmail.com ASP .Net 4 10-13-2005 09:24 AM
Authenticating a user by secure login H ASP .Net 2 02-02-2005 01:36 PM
How do you figure out the LDAP://? ("Error authenticating. Error authenticating user. The specified domain either does not exist or could not be contacted") mrwoopey ASP .Net 3 06-30-2003 10:11 PM



Advertisments