I have created a simple website in asp.net using forms authendications but when I publish my website in IIS 6 on a Windows Server 2003 machine it keeps the users logged in for ever even though I have set the web.config to expire after 30 min. My website has 2 pages a login.aspx and a home.html. When I run the website in my development machine using the ASP.NET Development Server I have no problem the website works as expected meaning the users can not access the home.html unless the have been authendicated by the login.aspx page.
Also once loged in, after clearing the browser cookies the web site asks for login again which is again the behavior that I am trying to accomplish. However once the website is on IIS does not take in account the authendication that I have set up on my web.config. What is overriding my web.config? Do I need to make some changes to the global configuration of IIS?
i'v an enquiry form, user is operator as Role users fill enquiry form (enquiry.aspx) and view enquiry list done by thmselvs in viewEnquiry.aspx page in GridView im testing using different users accssing this application same time The Problem:
user1 has done 10 enquiries, and in viewEnquiry.aspx able to see is 8 enquiries the 2 remaining enquiries is reflecting in user2's profile or (in viewEnquiry.aspx page as logged in user2) what i'v done: i'v used "public static string UserName;" in Global class file clGlobal.cs in App_Code when user done login successful i stored UserName = dr.GetValue(2).toString(); and clGlobal.UserName = "" on Logout and on master page Load of User im checking (if clGlobal.UserName == "") then redirct to Login.aspx
I are building a web application which will be deployed to Windows Azure. I want user to set session timeout value which will be stored in Database. Currently I am aware of Web.Config method to set session timeout. i.e.
We have a problem when 2 users from different machines click on button to open the same modal window at the same time from the same page, they see the same data, which are not suppose to be.
i do my checks and see that they are getting the same page instance , i see that the page.GetHashCode and the page.SessionID is same for both users.
I have a default 30 min session timeout for normal users. Now i want to set 1 hour time out for admin users. Can someone guide me how to acomplish this.
I totally have no idea on how to do this. How can I get the time everytime the user use my system. We are using AD account here so we don't have login and log out. All I want is as long as the user browse to my system whether he is working or it or not become away or any, I will record its time and save it in my database then accumulate all the time he spent in my system for admin reporting.
I have to maintain session of two users on a sigle page.And the path is. UserPath:
1.User logins with his credentials((We retrive their credentials from login table) . 2.He invites some of his friends for a birthday party. 3.And send an url link to share some of the gifts with them in which gifts are provided in Share.aspx page. 4.Userlogouts.
Invites path:
1.Invite logs in with his credentials(We retrive their credentials from invites table). 2.He is directed to go to Share.aspx and list the items he require. 3.And he logs out.
Now i have problem in maintaining session for both the user and invite. How can i maintain the session so,that the user can identify a particular invite from the list of invites an his chosen items.
I have a website that has 10 aspx pages in it, and I'm trying to count how many users are on any one page at a time, and display that number on the web page. I have set it up to use an Application object ("TotalViewers"), and initialize it to 0 in the Application_Start event handler of the global.asax file. My reasoning (probably way off base) is to increment the count on each page load, and then decrement the count on each page unload. The increment part works ok, but when I add the code in the page unload event handler to decrement, it seems that Unload happens before the Page is presented to the client, so the value always stays the same (adds one in page load, subtracts one in page unload).
How else can I track number of users on each page? (simply, becuase I am still a beginner). I have already done some google searching and haven't come up with anything useful.
All my pages are being navigated via a TreeView control.
I am saving for each user a session with information about his current page viewing.
Each time the user is moving to a new page, I am updating the session with the new page he is right now.
Now, my question is if I can make any loop over all of my users session and answer a question like: How many users are now on page "2.aspx" for example?
There are a couple of user's experiences session variable loss after they've clicked a confirm button and their information is email via a relay hosting server. Below, I commented exactly where the session variables get lost.
What could be causing the session variable loss? So far, this only happens to a few users.
I have some webforms and the main page grabs the users email address when they login and a UserID. It's not uncommon for the user to keep the web page open all day. Is it good practice to store the email address and ID as a session variable and up the timeout to say 10 hours? Or is there a better way? My concern is A) Session variables timing out before the user login timesout B) Doing this incorrectly.
In my web application, I want to alert users 5 minutes before their session timeout. If the users want, they can either extend their session or ignore the mssage - in which case after session timeout they will be redirected to the login page (I'm also using forms authentication in my site, so have set the authentication cookie expire time to the session timeout).I know I can do the alert with window.setTimeout, but I want to get user's respond and refresh the page if they want a session extension. How can I do that, in which event and whether I can do this in C# code behind. And also, should I implement this in the base page or somewhere else? How can I implement the auto page refresh - should I use a hidden button and click it from Javascript?
I would like to know if anyone knows of any way or software that will give me a count of the number of unique users to use my site in the last 5 minutes. I want to make some updates to my site during the day but I want to check to see if there is slow traffic then I can do it but if it's busy I can wait till a later time.
trying to create a stored procedure to authenticate users, if users are authenticated their data like userid, first name, etc are returned in a cursor. However, if users are not authenticated an error is returned or something that indicates users were not authenticated.
But I don't know how to do this in a stored procedure.
I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.
I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?
From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?
I have a website that requires users to login, but I am having problems when authenticating a users.I create a user which works fine, I then test the login on the development machine and everything works fine the user is logged in.But if a try to login the user in via the live website (same database) I get errors stating that the login attempt has failed.I don't understand why it would work on the development machine but won't work with the live version of the website.
We've got a fairly large, complex web application that uses Forms Authentication to authenticate users. Throughout the application we store and retrieve information about users in the Session object, and in some cases in cookies. In a couple places we check for the existence of the context, and if it's null we send the user back to the login page to re-establish the session. Just a quick run-down of this web app: C#, .NET 3.5, IIS 6, ASP.NET State Service to manage sessionAs for the session timer, we use our own home-grown timer, which is basically a client-side timer, which is backed up by a check to the SQL database to see when their last activity was. This seems to work well for us. It's not perfect, but it allows us to notify the user before the session times out, and allows us to be certain we're not logging a user out before their 60 minutes of inactivity is up.What's happening is that certain users are being logged out after just a few minutes. We've eliminated the timer as a cause and believe what's happening is the HttpContext.Current is null, so the user is logged out. We do not know why the HttpContext.Current is null, and I understand there are many reasons that may occur. What I'm trying to figure out is, is there any way to re-establish the context once it is null? If not, is there anything I can do at this point other than have the user login again? We're also trying to figure out a better way of managing user information (preferences, roles, flags, history, etc), but everything needs context to use, right? Cookies, sessions, cache, etc. all require a response or request, correct? hope this makes sense, because I really need help with this. I've searched the forums here, and found many posts about HttpContext.Current going null, but not a lot of solutions for this...
I have 2 sites, one the main product site the other a secure site featuring the basket and checkout processes.
When a user clicks "add item to basket" I am creating a basket in a database and then adding the items to the basket. The theory was then to store the id from the database for the basket (the basketid) in a cookie, redirect the user to secure site, use the basket id from the cookie and display the contents in the basket.
However I am having trouble getting the secure site to use the same cookie. When I redirect the users to the secure site, the basket appears empty. I need to go back to the main site and then back to secure before the cookie appears.
Here is the code for the cookie
[Code]....
And then on the secure site this is how it gets the basket ID from the cookie
[Code]....
But like I say it's having problems. I've tried replacing the cookies with session variables as well but it didn't work.
