I'm using Forms authentication in my application but I'm not using the Membership that's built into .NET.
How do I automatically send user to login page when his/her FormsAuthenticationTicket expires? I just don't want a user log in and leave a page on their computer screen long after their session has expired. I'd like to make sure that as soon as the user's FormsAuthenticationTicket has expired, I send them to login page.
I'm trying to dynamically create a url containing a FormsAuthenticationTicket that can then be emailed to a user who has forgotten their password. Then when the user follows the url they will be authenticated by the ticket in the url and be able to access the reset password page
I have tried creating a FormsAuthenticationTicket object and encrypting it but the string it produced seems way longer than the hash in the urls produced when using cookieless authentication.
that will be recongnised by cookieless authentication. But as I said the hash I come up with seems way to long and just not right at all.
you can see how long and different it is here by pressing the forgot password button..
[URL]
it says in the docs for FormsAuthenticationTicket that the encrypted ticket can be stored in a url. but I want to make it the same as those used by cookieless authentication so that it is recognised straight away.
My website has a payment page from where the wesite is redirected to paypal.com and after the payment is processed will be returned to my wesite.... But problem is that " when the payent is made and redirected for the first time from any browser the AuthenticationTicket is getting expired. this is only for the first time but after that it works fine". can any help me with this issue driving me crazy.. and also i hate set the expiration time for 7 days....
I'm implementing an authentication timeout detection mechanism per a previous question and answer of mine here. I've implemented an HTTP module that uses the AuthenticateRequest event to run code to capture whether the authentication period has expired. The code to do this is below:
public class AuthenticationModule : IHttpModule { #region IHttpModule Members void IHttpModule.Dispose() { } void IHttpModule.Init(HttpApplication application)
[Code]....
The problem is that, once the authentication period has expired (I set it to 1 min to test), there is no longer a forms cookie (see comment in code). This means that the authentication cookie will be null, and I won't make it past the null check in my code. But there's a convenient "Expired" property for a FormsAuthenticationTicket that I feel like I should be checking to see if the period is expired. But how do I get that far if the cookie is no longer there? Is it reasonable to assume the authentication period has expired if there's no longer a forms cookie?
I'm not using the Membership framework built into .NET but I'm using FormsAuthenticationTicket to make sure user is logged in. I have an object for my users in my application -- let's call it MyAppUser object. Can I save this in the FormsAuthenticationTicket as opposed to saving some string?
If I can't do that, I can save the object in session but I'm a little worried that session and FormsAuthenticationTicket will get out of synch.
when a user logins into my site i create the following authenticate ticket:
// Create the authentication ticket var authTicket = new FormsAuthenticationTicket(1, // Version userName, // Username [code]...
The problem i have is that if an administrator changes a user's role or time zone then the next time they return to the site their ticket is not updated (if they selected remember me when logging in).Here's my authentication settings incase it helps:
I assume that any Role information is being stored in the FormsAuthenticationTicket in the UserData (delimited by some character).Second, I assume that any information in the Profile is not stored in memory / session anywhere, but when you do call the profile.VARIABLE, you are in fact doing a call to the DB (although it's simplified by the fact that it knows who you are when calling etc).Assuming the above is correct, I'm trying to complete a custom membership provider. As part of this each user will have a single role. So using a full blown role provider seems to be overkill. I assume that I can write the single role into the UserData in the FormsAuthenticationTicket myself?I would like to also store a number of other small bits of information in the ticket (such as a GroupId, VendorId which are seperate from the user / role). If I wanted to do this, and the role is held in the userdata, how would I identify what is a role and what is someother persistant data I need on the application?I could use Session items for these, but this might cause issues with the web-farm, plus the amount of data is very small (3 or 4, int32 values and maybe one string).Finally, items such as Address, PostCode, Contact Phone number all seem sensible items to place in the profile ( I'm using the table provider). Is the advantage here purely the ease of access? This isn't commonly used data, so if there is a round trip to the db thats not an issue really in this instance
I'm am building an web application that needs to be able to scale.We want to store, an connection string, an object that says what organization the user is working on right now and the identity of the user.
We could serialize down this and send through the userdata property in the FormsAuthenticationTicket, but that feels to not be the optimal solution, cause its is 4-5 strings of data that is unncessesary, but the main issue is that we are sending an encrypted connectionstring to the user which we dosent want to.
So what are our options?Can ASP.NET Cache be our solution?, can we couple the expiration of the asp.net cache and the formsauthenticationcookie?
I'm authenticating my users using the following code for the login event:
[Code]....
The following code runs in global.asax at Application_AuthenticateRequest:
[Code]....
Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?
I have a web application developed using VB .Net 2003, and is running ASP Net 1.1.
The application is running fine on all browser, except for the login/authentication control that doesn't work properly on Chrome.
We have different types of users using the website, and each user type has different menu items displayed for.
The problem is, if a user logs on with let's say Admin account, and logs off and later logs on again using student account, the user still gets the Admin menu, and of course vice versa.
I'm not sure if I'm doing something wrong, or there is something I'm missing here.
On more thing, if the timeout period reached, and the session was timed out , and the user (regardless of the type) tries to log on again, he is successful on all browser except on Chrome again!, where it keeps telling the session was timed out, and never logs on again until clearing the cookies.
I'm trying to check the Expired property of the user's current FormsAuthenticationTicket to see if the authentication period has expired. But when the period has expired, I'm never able to get enough information to even create the ticket to check. I've tried this:
FormsIdentity id = (FormsIdentity)User.Identity; FormsAuthenticationTicket ticket = id.Ticket;
But User is null when the authentication period has expired. So that won't work. I've tried this:
But the Forms Cookie is gone when the authentication period has expired, meaning authCookie will be null. So that doesn't work.
Is there any way to actually get the FormsAuthenticationTicket object when the authentication period has expired? There must be, because there's an "Expired" property in the object.
I have a testproject and the forms timeout specified in web.config overrules the timeout which I set in FormsAuthenticationTicket. According the documentation, the timeout (expire date) in FormsAuthenticationTicket must override the timeout in web.config.
Documentation found on:
[URL]
[Code]....
Here is my code:
Web.config:
[Code]....
Login.aspc.cs:
[Code]....
Now, when I login, i get redirected after 1 minute of inactivity. This isn't supposed to happen, right? I have to be redirected after 2 minutes.
I have implemented my own custom MembershipProvider with a custom data store. No problems so far. I would like for people to login using their email instead of a username. Because I have my own data store, this is not a major issue, I can just pass the email as the username for the MembershipProvider.
My question is, how do I store additional custom user data along in the FormsAuthenticationTicket? I want to store a couple of things that will never change, such as their UserId, First/Last Name and Country. I started looking into creating FormsAuthenticationTicket with the UserData, but quickly got confused. How do I store multiple things into this UserData, and how do I easily read this data back on every single ASP.NET MVC2 page. I found many samples, none that really seemed that great in terms of MVC2. There has to be a simple way to do this.
It would make no sense to read the UserId, First/Last Name and the Country from a database on each and every request because it would never change. Plus, while I want the user to login using their email, I'd want to store their UserId in the auth cookie so that it can be used in nearly every user related database query rather than the email (because in all the tables, the user data is stored along with the UserId - not the email because technically the email could be changed - I already figured that stuff out when it comes to the MembershipProvider).
What is the best practices for storing additional user data like this in ASP.NET MVC2?
I am using forms authentication in asp.net application. This is working fine in internet explorer. Opening application in firefox is also fine but when i login in second instance of firefox, application in first instance logs out. Following is my code for creating ticket and cookie.
FormsAuthenticationTicket objTicket = new FormsAuthenticationTicket(1, sUserName, DateTime.Now, DateTime.Now.AddMinutes(60), false, "");
I want to know page name when session expires so that I redirect user to that page after relogin. I am checking session in Master page's page load event
I'm wanting to show a video when a person comes to the site and doesn't have a cookie. After they see the video, a cookie is added, but when the cookie expires, the video is played again.
I am using Session variable throughout in my application and my timeout is 1 hour. Here I need to catch the exception for session expires in any global way across my application.
i want your opinion about the Response.AddHeader("Refresh", Convert.ToString((Session.Timeout * 60) - 20))that i have seen in some sites that is used for refresh the page every time a little bit before the session expires
i host my web site into a shared hosting and i need to set expiration header using iis but i didn't find my hosting allow this feature so , is there any way to set it into my web configuration or into my code ??