Calling FormsAuthentication.SignOut(); After Invalidating The Page?
Nov 21, 2010
Is it possible to validate a user's Username + Password without logging them in? I understand a usual login block will look like this:
[code]....
With the Membership.ValidateUser() call setting the cookie for the response.
However, there are some additional checks I'd like to perform after the password is confirmed. (Pulling out an expiry date for that user, for example).
Is there a way to do it without just calling FormsAuthentication.SignOut(); after invalidating the page?
I have a Default(contains the sign-out button) and Login page, once the user is not authenticated, it will always redirect the user to login page.
So the scenario is when the user hit the sign-out button it will redirect him to the login page which is good. My problem is, when the user hits theprevious or back button from the login page,it will still read the authorization cookies and redirect him to the default page. which should not be the case. the user should be redirected to login page when authentication is invalid.
I've read some solutions on the net, but still it doesn't work for me. below are the codes I've used for my sign-out function
[Code]....
By the way, when the user is authenticated, the previous or back button is available/enable for the user.
Im working on a website where users can log into a members area, inside this area they will be able to communicate with other members.
In order to keep an accurate list of who is online and who is not, I would need to update a IsOnline field in my database when they log on and when they exit my website..
The login part is easy, but how can I determine if someone is leaving my website to go to another, or closing the browser.
I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (inserting a row into my database). Then I can use the back button again and do it all over. If I use the back button after logging out and hit the browser refresh it does show I'm logged out and refuses me access to the secure page. Am I missing something important? It seems like it could be a really big security issue.
public ActionResult LogOff(string ReturnUrl) { FormsAuth.SignOut(); if (!String.IsNullOrEmpty(ReturnUrl)) { return Redirect(ReturnUrl); } else { return RedirectToAction("Index", "Page"); } }
I've a question I don't know if this is possible or not. I've tried a lot of things till now but could not accomplish on what I wanted to do.
What I want to do is call a web page from another page and some how execute either the page load event or page init event and get the result of the page in the first page.
Page A calls page B. Page B has static text and a label which is being set in page load event.
Page B - Code behind
[Code]....
Page B -- HTML code
[Code]....
Till now what I've tried is using the code below from page A. But this code just returns the Html code and nothing else.
We have a CMS system and in the production mode a number of servers only have read-only access to the content (with a few exceptions) and the editors for the site work on the content on servers behind it (which are not available to the public).
We're caching the content quite a long time on the front servers, but sometimes we want the content the editors publish to be available for visitors instantly. What is best practice for invalidating the cache in those cases?
I think it is a problem that SqlCacheDependency may invalidate a cache item while it is being set:
function getCacheItem() if cacheitem is empty cacheitem = something AND AT THIS POINT SqlCacheDependency INVALIDATES THE cacheitem end if return cacheitem end function
how can we prevent this? Is it somehow possible to specify a ReaderWriterLockSlim for the SqlCacheDependecy to use?
I'm having a problem trying to delete the form authentication ticket (.ASPXAUTH) from the server side. It would be the same to delete or invalidate the ticket so the client could not reuse it.
So far, the only solution I've found is to delete the ticket from the client side (through a "Set-Cookie: .ASPXAUTH=;") but nothing seems to be implemented and/or working for doing so in the server side. The final idea is that if someone steels that ticket
In particular, I'm working in C# but as it's rellated to the Dotnet Framework any implementation of the solution would be OK; I tried all the possible things and nothing worked out, even invalidating the session but nothing.
When I navigate to [URL] (the default page for the directory) it displays it without logging in (as I want). But when going to [URL] FormsAuthentication redirects to [URL] to login. There isn't a way to set the path for just "/" in the web.config, I get an error. This only happens on my ISP (hosted Windows 2003), I can't reproduce this issue locally on my test 2003 boxes.
I need to realize for administrator ability to block/unblock user. I do it by following way:
[Code]....
but if this user is already logged that these changes will be only during next login. I need to throw this user to login page in next his request. I have 2 way:
I am trying to "marry" them up together. so lets say if session timeout is 2 minutes and same with forms authentication.
I want the ability to redirect the user to a page. (no, not using meta tags or anything to refresh the page) on any navigation after the time out.
Sure, create a control and drop it in the master page. All good
but there doesnt seem to be a way to determine if a user was logged in and if so... do what I need to do (i.e Signout and redirect) but it should not impact users who have not logged in.
The only time objects are being added to the session is when the User has logged in. infact the only object in session is a Custom User object.
I want to call a javascript method during page load. I am using application.master of the sharepoint server 2007 as the master page . In the content page i want to call a custom method named OnLoadFun() during loading the content page. I have written the function inside script tag in the PlaceHolderAdditionalPageHead id section of the content page.
[Code]....
How do i call the OnLoadFun method so the i is being called onload time. i tried putting window.onload=OnLoadFun surrounded by script tag within the PlaceHolderMain content section.
i have this function on my master page, i want to call it from one of my content page, what should i do?
function showAddress() { var txtAddress = document.getElementById('txtAddress'); var address = txtAddress.value; geocoder.getLatLng( address, function (point) { if (!point) { alert(address + " not found"); } else { map.setCenter(point, 15); var marker = new GMarker(point); map.addOverlay(marker); marker.openInfoWindow(address); } } );
let us say 'default.htm' (.aspx is not possible due to whatever reason) is "calling" 'start.aspx' as following:
<a href="start.aspx"></a>
now i would like to have a method in 'start.aspx' letting me know, from which page 'start.aspx' had been "called" (in my sample this would be 'default.htm'). what would the c#-code look like?
Is it possible to call usercontrol methods/events using MSAJAX. I wanted to update my usercontrol by calling one of its events when a property from its parent page changes.
I have a simple website that I'm building (practicing). In the main page, I'm using <div> to format my page.However, I have another page that I wish to load into/or view in the Main page. Can I do this without using a MasterPage?
I am attempting to call an ASP.NET page from a classic ASP page on the same machine. The ASP page is located in c:inetpubwwwroot. The ASP.NET page is located in C:InetpubwwwrootWebServiceWrapper
Here is the ASP code to call the page:
Dim objHttp, strQuery set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")[code]....
The ASP.NET code, which calls a web service and sets a cookie, works if I call it from the browser directly. However, using the Msxml2.ServerXMLHTTP object, it does not. The cookie is not generated and there is no error. There are no events in Event Viewer.The ASP.NET page was developed in Visual Studio 2005, .NET 2.0. Changing the POST to a GET has not helped.
