VS 2010 Windows Authentication - Session Time-out?
Sep 20, 2010Does Session Time - out is applicable ing Windows authentication?If so, in what event can i capture this?
View 6 RepliesDoes Session Time - out is applicable ing Windows authentication?If so, in what event can i capture this?
View 6 RepliesI am checking if the login session is still available on the client side in Jquery. What i did i created a web method to be called as a pagemethod on the client side. the webmethod is defined like this
[System.Web.Services.WebMethod]
public static Boolean CheckSessionExpiration()
{
Boolean IsLoggedin = false;
if (System.Web.HttpContext.Current.Session["LoginUser"] == null)
{
IsLoggedin = false;
HttpContext.Current.Session.Abandon();
HttpContext.Current.Response.Redirect("Login.aspx");
}
else
{
IsLoggedin = true;
}
return IsLoggedin;
}
and in my Jquery i have functions that perform different operations and before those function execute, i will need to make sure that the user is still logged in, so i will call the web method on the client side like this
PageMethods.CheckSessionExpiration(OnCheckSessionExpirationComplete);
and its callback function like this
function OnCheckSessionExpirationComplete(result) {
//Callback function
}
i know the webmethod should be void because the boolean value is not used at all on the client side or anywhere in the app. Now my question is. My Assumptions are , looking at the webmethod that is being called on the on the client side, it will execute first and if the session is null and it will not continue to execute. The client side code that was about to follow Please clear my assumption. Mybe there is something i don't know about Jquery that will make it continue even if the page redirection code is fired.
I set these setting below at the Web.config of my site And it still return me to the loginpage after about 20 mins I checked the Properties of the site at IIS and the time out is 660 However at the properties of the defaultWeb it's not 660 since it will influence all the sites and that I don't want
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="660"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>
</authentication>
<sessionState mode="InProc" timeout="660"></sessionState>
In my application I use Forms Authentication and sessions. How do I take care that the user is logged out after a period of 6 hours?
In my web.config I set the sessions time-out to 360 minutes. But after a period of 10 minutes of inactivity I have to login again.
I also set my forms authentication timeout to 360 minutes.
I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
View 4 RepliesJust going to start making a web application and was wondering which was better, or at least what are the main differences between them (as it probably matters what I am using them for)?
View 3 RepliesI have just installed SQL Server 2005. I selected windows mode authentication. I am not able to login in management studion. Now, I want to use mixed and server authentication option inplace of windows authentication. so, would that be possible after installation.
View 2 RepliesWhat's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 RepliesI set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 RepliesI have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
View 1 RepliesI'm trying to enable automatic Window authentication working on our ASP.NET Intranet. I've changed the Authentication on our IIS 7.5 server from Anonymous to Windows Authentication Enabled only, and changed the Web.config file for the website to:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
The Windows login box appears when accessing the website via IE 8, I enter valid credentials, but the login window keeps reappearing as if it does not accept my credentials. By repeatedly cancelling the login box it disappears, and my login name can be viewed on the website. Is there any possible reason for the login box to keep popping up even though valid credentials are being entered? I've restarted the servers / cleared browser cache etc. Also, ideally I would like the user to enter the login details once in the login box and not be required to reenter login details whenever he reopens the browser.
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 RepliesI have a web application (intranet based) which uses Windows Authentication. Unfortunately there are public computers that have public logins at some company locations. My web app doesn't support these public logins because I need to know the user workingSo, even though these public users are windows authentication users, my app will fail because I have no user account setup for that particular account. I want to then try Active Directory Authentication.In my Default.aspx.cs I'd have something like this
protected void Page_Load(object sender, EventArgs e)
{try
userContext = new UserContext(); // If the authenticated user isn't a user in my system then throw an exception
}
[code]...
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
View 3 RepliesMy overall goal is just to get the logged on users information for an Intranet site I'm developing without them providing their login (since they are already logged into their computer). So far I just get 401.1 errors and it keeps asking for my login/password. Even though I provide my login/password, it still won't let me in.
I've Enabled Windows Authentication from IIS > Sites > Default Web Site, added this to my web.config:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
My Application Pool is setup as Integrated / ApplicationPoolIdentity for .NET Framework 2.0.
I've been asked to convert an asp.net application from forms authentication with roles using the aspnetdb database to use windows authentication instead.
what is required to do this? can I still use the roles defined in the app and stored in aspnetdb?
I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in another table which shares its primary key with the aspnet_users table.
For users who are part of our domain I store their domain account name in the secondary users table, and I want to automatically log in users whose domain account name matches a name stored in the table.
I have read the guides which are available - they're all from two years ago or more and assume that you are able to activate Windows Authentication on a separate login page that allows you to extract the domain account name. From what I can tell, though, this is not possible in IIS7 (the overall authentication method is applied on all pages and cannot be selectively deactivated, and both authentication methods can't be applied on the same page).
Is there a way of getting IIS to pass through the windows domain account name of the requesting user? I don't need proper AD authentication, just the domain name.
Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication?
For example:
A website contains several other folders that contain parts of the overall application: /frontend,/backend, /login
The bin folder is on the same level as these subfolder, i.e. the root of the website.
All of these subfolders contain pages that use binaries that reside in the bin folder of the root of the website.
The user must input windows credentials when visiting a page in the backend folder, but not when visiting a page in the login or frontend folder.
I am developing one intranet website. Being an intranet application, one of the requirement is to have a single sign on feature.
It means that the windows PC username (i.e the "ctrl + alt + delete" username) is going to be the username for the system.
How do i fetch that username?
I tried the following two ways which are working in debug mode but not on live site.
System.Security.Principal.IPrincipal user = System.Web.HttpContext.Current.User;
Response.Write(user.Identity.Name);
&
Response.Write(Request.ServerVariables["AUTH_USER"].ToString());
Both the above method works when i run the page from visual studio.
However when i run the page from IIS or any other server, it gives me a blank value
I have a clean installation of Windows 7 with VS2010 RTM and am trying to get the ASP.NET Development Server to work. When I run the project, the WebDev server starts and shows that it's listening on port x on localhost. I've tried:telnet to the port. The port is not listening. running netstat -o shows that the WebDev server is in fact not listening on any port. manually changing the WebDev port to a different port and restarted VS without effect. I have Windows Firewall turned off entirely and am not running any other firewall software either.
View 1 RepliesI have been spending a better part of a week trying to track down why I am not able to clear all session variables in a web app (vs 2010, vb.net). What I have tracked it down to is that when I remove or abandon sessions that my html pages or codebehind access, it works, but for some reason in any of my class files where I use "Public Shared strConnection as String = HttpContext.Current.Session("strConnection").ToString" to access a session variable, it finds the old one and not the current one. I have to wait for it to time out, go in again, and it will find the new one.
I do not use Linq, and there is only one place in the whole web app that I place the connection string in a variable whcih is when a person logs in. It points them to the correct database. The sqlconnection is set for all of my listviews in Page_Init to make sure that they aren't using any session variable that they create on their own. Interestingly enough that if I use debug to go in each time, exit debug, enter debug again trying to access a different database, it works correct each time. I assume that debug is correctly killing the session variable for the classes for me.
I have an ASP.NET website that worked fine using and debugging in VS2008. I went through the upgrade process opening the solution in VS2010. I can run the site, but as I make changes in the app_code folder classes, they don't seem to commpile and warn me of compile-time errors. As soon as I get to a point that calls the class, the errors show up. Sounds JIT I guess, but this isn't how it was working in 08. Is there an option that was changed in the upgrade process? This is a large project, I really don't want to break something and not find out until some obscure page is opened.
View 1 RepliesSession gets time out frequently although i set timout time in web.config
View 4 Replies<sessionState mode="InProc" timeout="300"></sessionState>
is my session related tag in web.config file but most of the time if i idle 20 minutes then its automatically timedout and went to my login page, is there any solution ?
Is there any way to use a custom Login Page (Not Windows Login Box) for Windows Authentication of SharePoint publishing sites?
View 2 Replies