Security :: Session Variable After Authentication?
Jan 21, 2011
Is there any way that I can create a session variable AFTER authentication? It needs to be populated from the users record in a sql database. Basically I tried using Application_AuthenticateRequest in global.asax with an application variable but this made it available to all users. Using session_start is not working as when this runs my user is not currently logged in, so the variable is always empty when I try and grab it's value.
View 3 Replies
Similar Messages:
May 1, 2010
I'm hoping this is a simple configuration setting that I have incorrectly defined. I have an application that has a secure (members) area. If a customer tries to browse directly to the secured page (http://www.mysite/members/memberpage.aspx) asp.net loads up my login.aspx page. When the user successfully authenticates from the login.aspx page in they are taken to the secured page they originally requested (so far so good!).The problem I have is that I run some SQL using the User.Identity.Name on the secured page as a reference to who the logged in user is. This way I can show some customer specific information. When I take the login route outlined above, the SQL doesn't seem to run (or the Session Variables aren't loaded yet?)... my page loads up with no customer information in it. If I browse to another page and then back the customer information shows up and all is well.
View 1 Replies
Aug 28, 2010
I am using Forms Based Authentication. I have extended the Forms Authentication Tables creating a custom table called Profile_Contact that holds the user's GUID, username, email address, and other information. I have another table called Profile_Account which holds company account information such as Company Name, address info, phone numbers etc. This table has a Key Field called IDProfileAccount. I include the IDProfileAccount field in the ProfileContact user table so I can associate the user with a specific Company. For the login page, I am using a basic login page created with using the Visual Studio login controls. When the user logs in, they are sent to the appropriate page as identified by the role the user has been given. This all works great.
Now I need to extend the login page so that when the user logs in not only is the user's name and GUID placed in session, I would also like to have the IDProfileAccount record placed in session as well so that I can filter the records the user sees as only those records of the Company the user is associated with. I know how to add static variable to a session and how to retrieve them to filter data, what I need to know is how to retrieve the data from the SQL table on login and sending it to the session. I would think it would be something along these lines:
[Code]....
View 3 Replies
Apr 2, 2010
i got one register page and register confirmation pagethe first page i use it to let user enter all the data to registerfor the second page, i put a createuserwizard and use session to display all the entered data here problem is, all the data in label form can show except username, password and e-mailWhich i make them textboxI have declare them in the Page_Load (I use username only as example since all field is about the same)
[Code]...
View 1 Replies
Dec 3, 2010
I am building a web app that is limited to one database, therefore I cannot use the ASP.NET config tool. As a quick means of getting this app online, I tried to use a simple session variable. The login page verifies the user's credentials, and if they pass, it sets the session variable to a certain value. All other pages check in the page_load event whether or not the session variable is equal to that value. The problem is that once being logged in for a short while and sending and recieving some data, the session variable resets, and I'm returned to the login page to repeat the process. Here's the basic code from my webforms:
[code]....
Is there some setting I need to change in the web.config file to adjust the cookie timeout or is that only for the config tool authentication methods?
View 5 Replies
Nov 19, 2010
I have a question regarding Form Authentication Session Timeout
I have a form authentication and i have set the session timeout in my webconfig.
After I login to website using my form authentication, the session is not timing out even after i login more than 30 minutes.
It seems i'm still authenticated and can access everything.
Is it normal ? I thought if we set the timeout in webconfig it will automatically log you out because the session expire.
<authentication mode="Forms">
<forms name=".authentication" loginUrl="Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="true" domain="" />
</authentication>
View 2 Replies
Dec 18, 2010
I'm currently developing a website using .net MVC 3 and I'm on the authentication layer...Here is the scenario: user is logged with the "remember me" option checked : a user Session is created on the server as well as the authentication cookie on the client side.The Session timeout is set to 20 minutes.After 25 minutes of inactivity the user goes back onto the website and Session, now expired, does not exist anymore but the authentication cookie still exists
View 1 Replies
May 13, 2010
I have 3 seperate applications (under the same domain) for which I use Forms authentication with single sign-on.
The 3 applications have different session timeout periods. I was on various articles that when we use forms authentication and specify the loginurl in the <Forms> tag in the web.config, it should automatically get redirected to the login page, when the session timesout. But in my case, it doesn't happen, I think because of different timeout values.
View 6 Replies
Jul 2, 2010
here's what I have:
My asp.net 3.5 app uses Forms Authentication.
I create an authentication cookie (ticket) with an expiration date of one day.The cookie'sIsPersistent is set to true.
I do not use any session variables.
Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the cookie and the session worked independently. Shouldn't the user remain logged in as long as the cookie hasn't expired?
View 1 Replies
Apr 19, 2010
I am using form based authentication in one of my website. I issue AuthenticationTicket on successful login and use this ticket to validate request. but now I need to store other variables immidiately after authenticating request (just like adding session for username, email etc. variable after successful login).
My question is if I make use of session to store variables, do I need to concern about it as form based authemtication is cookie based and it is not related with session timeout.
View 3 Replies
Nov 22, 2010
Currently in an .aspx file, I am storing a value (filename that was created in that session) in an hidden text box. When the user clicks on the "Print" labeled Hyperlink control, it opens the file that was stored in the hidden text box control. But when the user goes to different screen (in the same session), I loose the filename value that is stored in the hidden text box control. So I would like to store the filename variable in a session variable. So that if the user leaves this .aspx file and comes back to this .aspx file I can load the value into the hidden text box from the session variable.
View 11 Replies
Apr 9, 2010
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
View 5 Replies
May 31, 2010
I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
View 4 Replies
Dec 9, 2010
can we grab a global variable or Session or View State variable in the javascript or using jquery?
View 2 Replies
May 17, 2010
I have a web application which uses a session variable to store the logged in userid. If no user is logged in, of course this variable will be empty and the contents displayed on my website are meant for guests. If there is a user logged in, the user specific controls/access/links will then be a displayed.
I am now having issues with my hosting where on shared application pool, the worker recycle is triggered every 90 minutes, this will clear sessions causing all my users to be logged out. I opted for a dedicated application pool, which got worse because I am only allocated 50MB memory limit and if this is reached, the worker recycle is triggered and I lose my sessions again. I have tried as much as possible optimization techniques, e.g. dispose where possible, close connections, disable viewstate for static controls etc but my memory per instance keeps building up from page to page without any signs of improvement. I don't use loops nor store huge objects like bitmaps etc but my sessions are now gone even faster than 90 minutes in shared application pool before.
I have considered using SQL Session State but there isn't a simple guide on using this with MySQL. I am getting desperate and considering using a public variable, a string as a replacement to store logged in user id instead of in a session variable. I am pretty sure this will solve my issue with sessions being recycled but are there any negative consequences of doing this? One problem I can think of is if the user closes the browser, the system will never know that the user is now logged out and this public variable should be nothing. In this scenario, will the GC eventually clear this abandoned public variable.
View 10 Replies
Dec 2, 2010
What would be the proper syntax in ASP.NEt 3.5 C# to assign a TextBox value to a temporary or session variable to be manipulated (added, subtracted, multiplied, divided) at different points in the application? I want to add a decimal number to this variable in almost every instance as well.
View 3 Replies
Mar 29, 2011
For my current project I am using form authentication.What occasionally will happen is a user will timeout (unbeknownst to them),they try navigating to a different page (call it Page B) and they get kicked back to the login screen.This is fine and I have no problems with this.
However,after they enter their credentials and are authenticated they are redirected back to "Page B" and an error is produced because a session variable wasn't loaded. This is due to the fact that they were redirected to "Page B" instead of the page they would normally hit after a login (call it Page A).Is there anyway to force the user to go to Page A instead of Page B in these situation to avoid these errors?
View 2 Replies
May 25, 2010
I have the dataset. in this i am having total 20 tables with huge amount of data..I want use this data over all the page..so where i can keep this data..
before i used viewstate but the viewstate data is render to page every postback ..so this time the page size is increasing(interanlly viewstate is rendered to page)..so performence wise it was very slow..
Now i change my logic insted of viewstate to i used Globel Dataset on Page Level.. now the performence wise better than viewstate..
i used Like shared dsControls as Dataset at top of the page..so every time i use this dataset..
my quesation is session is better or Globel variable is better way use in my situavation..
View 3 Replies
Sep 14, 2010
I added the following code to global.asax to load up several session variable when a session starts. I'm assuming that when a page goes to use the variable that I should be
1) checking at the page level that the value is valid not 0 when its not expected to be 0, not a zero-length string when its expected to have a length
2) have code at the page level that sets the values if the values have not been set as when the Session timeout, ideally putting the code in a class derived from Page and then deriving all of my pages from the new class so that the code does not have to be repeated in every page
[Code]....
View 7 Replies
Nov 11, 2010
I have some code in my page load event where I just want to fire once when the user opens the Browser. The only issue is if you open a new tab with the same website the session variable does not reset. Is there a way to reset the session variable when you open a new tab or do you have to take the whole web browser down for it to clear the session variable.
In Global Page:
[code]....
View 2 Replies
Aug 5, 2010
I have been spending a better part of a week trying to track down why I am not able to clear all session variables in a web app (vs 2010, vb.net). What I have tracked it down to is that when I remove or abandon sessions that my html pages or codebehind access, it works, but for some reason in any of my class files where I use "Public Shared strConnection as String = HttpContext.Current.Session("strConnection").ToString" to access a session variable, it finds the old one and not the current one. I have to wait for it to time out, go in again, and it will find the new one.
I do not use Linq, and there is only one place in the whole web app that I place the connection string in a variable whcih is when a person logs in. It points them to the correct database. The sqlconnection is set for all of my listviews in Page_Init to make sure that they aren't using any session variable that they create on their own. Interestingly enough that if I use debug to go in each time, exit debug, enter debug again trying to access a different database, it works correct each time. I assume that debug is correctly killing the session variable for the classes for me.
View 4 Replies
Jul 29, 2010
I have some cascading dropdownlists using the ajax toolkit I have a set up datatables in an xsd file. Then use these in a webservice to populate all the fields ... this all works great but now i need to pass an additional paramter to the first dropdownlist ( a date) but don't know how to do this? The method is below...
[Code]....
The other code is:
[Code]....
The first change would be to the tableadapter to add a param to the code i.e
AuditWebDS.TeamsDataTable teams = teamsAdapter.GetTeams(calldate);
but how do i get the calldate param to the webservice method... i tried a session variable but it comes up with session is null ? Is there another better way?
View 1 Replies
Apr 21, 2010
I am new to asp.net Can you please guide me what is session and session variables ? Please I don't need a comparision of asp session and asp.net session because I don't know anything about asp. I have saw many articles on types of session as well. But still I cant understand exectly what is session and what are session variables in asp.net ?
View 9 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies