Security :: Authentication Timeout While Making AJAX Call?

Sep 13, 2010

I tried to take advantage of jQuery AJAX call to enhance user experience but I am facing a tricky problem.

When the user does nothing for a period of time, e.g. 30 minutes to reach authentication timeout, making AJAX call becomes the problem. The server side will return login page and display in my target div section. The simplest solution I can think of is to inject a dummy tag in login page, and when detecting such dummy tag then use javascript to redirect to login page. But this means that I have to do that every time I make AJAX call.

View 1 Replies

Similar Messages:

Security :: Windows Authentication Timeout?

Mar 23, 2011

We currently have a set of ASP.NET application and we are migrating them to use Windows Authentication (used to be form Authentication). We will eventually let the user to connect to our site entering Windows Authentication credentials. When we tested within our system across different domains, we noticed that the authentication session seemed to be cached even with the server session had timed out. In other words, once the user logged in and keeped an Internet Explorer window up (didn't even have to be in ourapplication page), the user could always navigate back to our application without being prompted for security login again. We had our site included in the Trusted Site list of the IE browser.Is that the expected behavior for ASP.NET Windows Authentication? If that is the case, is there a way to end the Authentication cache when the users leave their IE windows idle.

View 7 Replies

Security :: How To Know That Form Authentication Session Timeout

Nov 19, 2010

I have a question regarding Form Authentication Session Timeout

I have a form authentication and i have set the session timeout in my webconfig.

After I login to website using my form authentication, the session is not timing out even after i login more than 30 minutes.

It seems i'm still authenticated and can access everything.

Is it normal ? I thought if we set the timeout in webconfig it will automatically log you out because the session expire.

<authentication mode="Forms">
<forms name=".authentication" loginUrl="Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="true" domain="" />

View 2 Replies

Security :: Redirect On Forms Authentication Timeout?

Nov 3, 2010

how to redirect to a custom URL on Forms Authentication timeout? The timeout is working but it is only caught when I try to go to a page in my application because each Page_Load method is wrapped in a custom IsLoggedIn method. Here is the settings I have so far in the Web.config.


View 1 Replies

Security :: Handling Session Timeout With Forms Authentication?

May 13, 2010

I have 3 seperate applications (under the same domain) for which I use Forms authentication with single sign-on.

The 3 applications have different session timeout periods. I was on various articles that when we use forms authentication and specify the loginurl in the <Forms> tag in the web.config, it should automatically get redirected to the login page, when the session timesout. But in my case, it doesn't happen, I think because of different timeout values.

View 6 Replies

Security :: Session Timeout Trumps Authentication Ticket?

Jul 2, 2010

here's what I have:

My 3.5 app uses Forms Authentication.

I create an authentication cookie (ticket) with an expiration date of one day.The cookie'sIsPersistent is set to true.

I do not use any session variables.

Session timeout is the default 20 minutes.

Here's the problem:

When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.

Why does this happen? I thought the cookie and the session worked independently. Shouldn't the user remain logged in as long as the cookie hasn't expired?

View 1 Replies

Making A WCF Call With AJAX?

Mar 12, 2010

Is it required to use a RESTful service to be able to make a ajax call to a wcf service (for example: by using WebInvoke attribute on Operation contracts). Once a service is made RESTful by adding a webHttp binding on the service host, can the host have other endpoints as well? (wsHttp or netTcp). Is it required that the aspNetCompatibilityEnabled be set to true for a service that has webHttp binding (and can this setting coexist for other endpoints). I understand I can use both JQuery and ScriptManager for making WCF calls on the client. Why should I use one over the other?

View 1 Replies

Security :: Windows Authentication Timeout And Page Refresh Using Javascript?

Apr 26, 2010

I have a web page that refreshes every one minute and the solution times out every 20 minutes, would the one minute refresh be considered as user activity and therefore doesn't time out every 20 minutes? And if not, how do I convince the page that the one minute refresh is like a user activity and it shouldn't time out?Here is the javascript to refresh every one minute:


View 5 Replies

C# - Making AJAX Call Back With JQuery?

Oct 7, 2010

I accept both C# and VB.NET

If you visit this [URL] and then click on the link like the image below you'll see in-line pop-up DIV which displays a busy status of Ajax callback before it displays the information. So, the information is not there yet until you click on the link.

I'd like to do the same but ASP.NET and jQuery.

View 2 Replies

Making A Call To A Page That Returns JSON Using AJAX

Feb 9, 2010

I have a Page that expects a POST Request and returns some JSON. Essentially it's an .ashx Page, but that doesn't really matter.

When using jQuery, I would use jQuery.Post with "json" as dataType to simply make the POST request and get an object back. However, for the current project I mainly use AJAX and I don't want to add jQuery just for the call.

For AJAX, I only found information on how to call a "traditional" web service though, which means adding a asp:ServiceReference to the ScriptManager and having a "real" Web Service at the end.

Is there a simpler way to make a POST call to a Page? I could live with getting the raw JSON and then manually eval()ing it, but I don't want to create a full asmx web service (deploying them on SharePoint is a bit painful, and my ashx handler works fine)

View 3 Replies

C# - Making An Ajax Call In Umbraco From Inside User Control?

Mar 11, 2011

For an Umbraco project, I am trying to make a simple Ajax call.. I can't use PageMethods because I need to make the call from inside a UserControl.. I tried to do it via web service call like this:

Web service method:

public class MapService : System.Web.Services.WebService


The problem is, "MapService.GetCities" method doesn't get invoked..

What might be the problem here?

Alternatively, what is there any better way to make these kind of Ajax calls in a User Control?

View 2 Replies

Security :: Force To Show To The Logon Popup When The Session Is Timeout In Integrated Windows Authentication Enabled Website

May 31, 2010

I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.

View 4 Replies

JQuery :: Data Size While Making Cross Domain JSONP Call Using JQuery .ajax() Method

Dec 21, 2010

I am developing web application and in application i need to make call of jQuery using .ajax(); method with datatype is set jsonp. Now all works well with limited data but problem start to occur when data size is increasing......

View 7 Replies

Ajax - Call An ASMX Webservice In Javascript Without Resetting Authentication Timers

Nov 23, 2010

Pinging back to a webservice in ajax from the client keeps the user's session alive, I don't want this to happen. More extensive summary For a website we're developing, we need the client to ping back (in js) to a webservice (ASMX) on the server (IIS7.5). This happens to let the server know that the user is still on the site, and hasn't browsed away to another site. This is as our customer wants to let users lock records, but if they browse away to other sites, then let other people take over those locked records. Perhaps the distinction between the client being on the site but inactive and on another site seems unimportant, but that's kinda irrelevant, I don't get to write the UI spec, I just have to make it work.

My problem is this, the ping stops the user from being timed out on the server through the standard forms authentication timeout mechanism. Not surprising as there is that 30 second ping in the background keeping the session alive. Even though we want to know if the user is still on the site, we want the normal forms authentication timeout mechanism to be honoured. I thought I might be able to fix this by removing the ASP.NET_SessionId and .ASPXAUTH cookies in the XMLHttpRequest that is the server ping, but I can't figure out how to do this. This is how my web service & method are defined:

[WebService(Namespace = "")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class PingWS : WebService
public void SessionActive(string sessionID)
// does stuff here
This is how I'm calling it in js (request is over HTTPS, :
type: "POST",
url: "PingWS.asmx/SessionActive",
data: 'sessionID=' + aspSessionID + '}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Cookie', '');
xhr.setRequestHeader('Cookie', 'ASP.NET_SessionId=aaa; .ASPXAUTH=bbb;');
dataType: "json"

I was trying with the setRequestHeader, but that just appends to the header rather than overwrites the header, and IIS is happy to ignore that junk I added. I'm thinking maybe I should be trying to do this at the server end, someone take PingWS.asmx out of the loop so that it doesn't keep the session active, but I'm not sure how to do this. Although the title of the question is focused on clearing the cookie in the header, I'd be super happy if anyone points out that I'm being really stupid and there is actually a much better way of trying to do what I'm doing.

I'm thinking at this stage maybe I need to add something to the webmethod that says how long this particular page has been inactive, and use that knowledge to timeout manually. That actually sounds pretty easy, so I think I'll do that for now. I'm still convinced that there must be an easy way to do what I originally wanted to do though. Update I'm thinking I'm pretty screwed in terms of cookie manipulation here as both the .ASPXAUTH and ASP.NETSessionId cookie are HttpOnly, which means the browser takes them out of your hands, you can't access them via the document.cookies object. So I would say that leaves me with:

Updating my SessionAlive webmethod to track each request so I can tell how long the user has been sitting idle on a page and timeout if needs be Marking the .asmx page somehow on the server end so that it's taken out of the normal authentication/session tracking flow I know how to do 1. so I'll start there but 2. seems much cleaner to me.

View 3 Replies

AJAX Timeout Although Request Is Completing Long Before Timeout Duration

Feb 15, 2010

I have an ASP.Net application that makes an AJAX request to retrieve at report. The report can run for a long time so I set the asyncpostbacktimeout in <asp:ScriptManager /> to 600. However, when I try to run the report, if it runs for longer than 90 seconds it fails to come back. I can see in the IIS logs that the POST request succeeded with a 200 status and I can see the time taken is much less than 600.

The web page dutifully waits for the entire 600 seconds before returning with a timeout error:



The server request timed out.

Is there any setting I should be checking in IIS? Connection timeout is 900 seconds.

View 1 Replies

Making A Phone Call Through Web Portal?

Mar 25, 2010

my landline phone is connected to my computer. Now in my website there is a textbox and a button . i filled a telephone number in the textbox and on button click i want that a call get connected to the no. in the textbox through my landline phone.

Is there any workaround for this in .net framework?

View 1 Replies

How To Detect Authentication Timeout

Dec 9, 2010

I've seen multiple articles like this one that explain how to detect that a user's session has timed out. And for clarity's sake, these articles are referring to the timeout value defined by this web.config line:

<sessionState mode="InProc" cookieless="UseDeviceProfile" timeout="120" />

Not to get into that method too much, but this involves checking that Session.IsNewSession is true and that a session cookie already exists. But I haven't seen any articles on how to detect authentication timeout -- the one defined by this web.config line:

<authentication mode="Forms">
<forms loginUrl="~/Home/Customer" timeout="60" name=".ASPXAUTH" requireSSL="false" slidingExpiration="true" defaultUrl="~/Home/Index" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/>

Multiple articles online, including this SO post, have said that your Session timeout value should generally be double your Authentication timeout value. So right now, as above, my Session is 120 and my Authentication is 60. This means that I'll never get in a situation where the Session has timed out, but the user is still Authenticated; if the user ever times out, it will be due to Authentication, not Session.

View 3 Replies

FormsAuthenticationTicket Null After Authentication Timeout?

Dec 20, 2010

I'm implementing an authentication timeout detection mechanism per a previous question and answer of mine here. I've implemented an HTTP module that uses the AuthenticateRequest event to run code to capture whether the authentication period has expired. The code to do this is below:

public class AuthenticationModule : IHttpModule
#region IHttpModule Members
void IHttpModule.Dispose() { }
void IHttpModule.Init(HttpApplication application)


The problem is that, once the authentication period has expired (I set it to 1 min to test), there is no longer a forms cookie (see comment in code). This means that the authentication cookie will be null, and I won't make it past the null check in my code. But there's a convenient "Expired" property for a FormsAuthenticationTicket that I feel like I should be checking to see if the period is expired. But how do I get that far if the cookie is no longer there? Is it reasonable to assume the authentication period has expired if there's no longer a forms cookie?

View 1 Replies

Sesion Timout Vs Form Authentication Timeout?

May 18, 2010

What is the difference between a abandon Session and a cookie timeout, what if the session is abandon and the cookie is still alive, is that can lead to a problem?

<sessionState timeout="1" />
<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="1" />

View 1 Replies

MVC :: Making An Html Button Call An Action Method With Parameters?

Mar 10, 2011

how to make a stadard HTML button call an action method and pass parameters to it? Can you please show me an example of how to do this? THis is the method:

public ActionResult CCDReview([DefaultValue(1) int CUrrentPage])
//method code is here.

Yes, my button is wrapped in a form, and it's a "submit" button.

View 9 Replies

WCF / ASMX :: Increase The Timeout Of Webmethod Call?

Mar 25, 2010

In my web app, if user clicks a button, I have to kick off a long running task. I have to keep the user informed about the status of execution of the task from time to time. To accomplish this, I create a thread on button click which makes a synchronous webservice call. The webmethod works on a long running task; while the main thread informs the users about the status of execution.

Currently the webmethod call times out in approximately 90 seconds. I want to increase the timeout to 10 mins. I tried setting <httpRuntime executionTimeout="600"/> along with debug="false"; but in vein. Can anyone tell me what I am missing?

View 3 Replies

AJAX :: Throw Exception Message "Authentication Failed" When Call Webservice Form Javascript

Aug 16, 2010

I was created webservice which has a Method:


Then, in my aspx page, i call that method in javascript, but i get a Exception message is "Authentication Failed", code below:


How to resolve this problem?

View 3 Replies

State Management :: Form Timeout Vs. Session Timeout Vs. Connectionstrings Timeout?

Jan 27, 2011

We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.

We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):

1. what is the relationship between form timeout and session timeout

2. how do I set session timeout

View 1 Replies

How To Create A Website That Has A Custom Authentication/session Timeout For Each User

Apr 4, 2011

I am trying to build an ASP.NET site that allows each user to set their own session timeout value. Basically from the user's perspective if they set their timeout value to 30 then that means that after 30 minutes of inactivity they are required to re-authenticate. If they set their timeout value to 0 then that means that they can leave the browser open as long as they want and their session never expires - they never have to re-authenticate. This is different than "remember me" functionality. If they close their browser they will have to re-authenticate.

Currently I am using Forms Authentication in my application and I have one object that I am storing in ASP.NET session. This object is a custom User object that has a number of different pieces of information about the current user.

What code would I need to write so that after successful login, the system has the proper authentication ticket and the proper session expiration value? I keep thinking I have this working and then I notice weird time outs where the system seems to think I am authenticated but my session has expired.

Currently on my login page I am using an ASP.NET login control. i have custom code in the Login_Authenticate event to authorize the user. Then I have the following code in the Login_LoggedIn event to set the auth ticket.


View 1 Replies

C# - Setting A Timeout Using A Manually Created Forms Authentication Ticket?

Dec 29, 2010

The constructors for manually creating FormsAuthenticationTicket objects force us to set an "expiration" value, and this value overrides the "timeout" setting in web.config in my tags, which is not what I want, because now the user doesn't timeout. The "session" just expires at the given time.I need to manually create my ticket for UserData reasons, and it is just the way I decided to build my app. I guess I could spend a whole lot of time and redo the way my app. authorizes, and store the "userdata" elsewhere... but this seems extremely tedious for something so small..Is there anyway to manually create an Auth Ticket and still maintain timeout settings?! And by timeout, I mean resetting the timer on user activity. Not a fixed timeout!

View 1 Replies

Copyrights 2005-15, All rights reserved