why I am getting the following error message with the following code:The Code:
Partial Class test2
Inherits System.Web.UI.Page
Const ICEVarUsername = User.Identity.Name
[code]...
i use from a session for holding user's authority in web application.
how to i set Session.Timeout that never expire or can i use other way to holding user authority
in web application.
i need access to this authority in all page of web application
I want to show all the activities of the logged in user in a gridview. I am using VS 2010.
View 3 RepliesI have trouble getting hold of the UserName from the QueryString. My data is not displayed on my page.
What is the problem with this code:
[Code]....
Many web applications use sessions to check the logged in status of the users. Is there a better approach to check the logged in status instead of using session state?
I'm looking at a pure ReSTful approach where is no session state at all. This may make more sense in an mvc application rather than an asp.net application.
I have a requirment , my site is using Formauthentication cookie to validate the users , so once the same user is logged in to another browser again ( same Machine or different) then I need to log off the first site and need to allow the second one active.I am thinking to implement this by storing a uniqueID in the DataBase user table .Once the user Logs in then I will store this ID in to the database and for each request I will check whether the ID is same or not, once the user logs again in to another browser then the Unique ID will get generated again and store (update the previous one) to the user table so that the request from the fisrt instance browser will fail to validate and kick out to login Page.this procedure will reduce the performance since all the time it need to intract with DB, so is there any other possible way to Implement this scenario with out using BD - but using formauthentication cookie.
View 1 RepliesI have created a simple website in asp.net using forms authendications but when I publish my website in IIS 6 on a Windows Server 2003 machine it keeps the users logged in for ever even though I have set the web.config to expire after 30 min. My website has 2 pages a login.aspx and a home.html. When I run the website in my development machine using the ASP.NET Development Server I have no problem the website works as expected meaning the users can not access the home.html unless the have been authendicated by the login.aspx page.
Also once loged in, after clearing the browser cookies the web site asks for login again which is again the behavior that I am trying to accomplish. However once the website is on IIS does not take in account the authendication that I have set up on my web.config. What is overriding my web.config? Do I need to make some changes to the global configuration of IIS?
I am working on a asp.net 3.5 app. In the Global.asax in the Application_Error method, I am logging everthing to ddatabase (log4Net).
I have a session limit of 20 minutes. What happens when the user hits that limit and then clicks on the Submit Button of the app. ?Will that generate any exception? and will that exception be logged into my database as I am logging all exceptions in my Application_Error method.
want to know, if the developer is logging out of the website , when .Net Custom Error pages are displayed. If the browser's back button is pressed, previously logged-in page is displayed again. Is there any session going on. How to remove all relevant cookies on logout.How to resolve this
View 1 RepliesMy page is logging out in 20 minutes. I want my page should not be logged out for 60 mins.
View 4 RepliesWe've got a fairly large, complex web application that uses Forms Authentication to authenticate users. Throughout the application we store and retrieve information about users in the Session object, and in some cases in cookies. In a couple places we check for the existence of the context, and if it's null we send the user back to the login page to re-establish the session. Just a quick run-down of this web app: C#, .NET 3.5, IIS 6, ASP.NET State Service to manage sessionAs for the session timer, we use our own home-grown timer, which is basically a client-side timer, which is backed up by a check to the SQL database to see when their last activity was. This seems to work well for us. It's not perfect, but it allows us to notify the user before the session times out, and allows us to be certain we're not logging a user out before their 60 minutes of inactivity is up.What's happening is that certain users are being logged out after just a few minutes. We've eliminated the timer as a cause and believe what's happening is the HttpContext.Current is null, so the user is logged out. We do not know why the HttpContext.Current is null, and I understand there are many reasons that may occur. What I'm trying to figure out is, is there any way to re-establish the context once it is null? If not, is there anything I can do at this point other than have the user login again? We're also trying to figure out a better way of managing user information (preferences, roles, flags, history, etc), but everything needs context to use, right? Cookies, sessions, cache, etc. all require a response or request, correct? hope this makes sense, because I really need help with this. I've searched the forums here, and found many posts about HttpContext.Current going null, but not a lot of solutions for this...
View 14 Repliesi want to know how expire the session after certain period of time which has been created once the customer logged in to the page
View 3 RepliesI want know, If an error has occurred and website is redirected to the Custom Error Page and is also logged out. If back button of the Mozilla browser is pressed, previous logged in page is displayed. I have also used
1.
Response.Cache.SetCacheability(HttpCacheability.NoCache);
2.
Response.Cache.SetExpires(DateTime.Now);
in Page_init on Custom error page. Also set the values of .ASPXAUTH and other cookies to 1 but again page is not going to the Login Page. These cookies could also not be removed.
We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control?
View 6 RepliesI have a web application which uses a session variable to store the logged in userid. If no user is logged in, of course this variable will be empty and the contents displayed on my website are meant for guests. If there is a user logged in, the user specific controls/access/links will then be a displayed.
I am now having issues with my hosting where on shared application pool, the worker recycle is triggered every 90 minutes, this will clear sessions causing all my users to be logged out. I opted for a dedicated application pool, which got worse because I am only allocated 50MB memory limit and if this is reached, the worker recycle is triggered and I lose my sessions again. I have tried as much as possible optimization techniques, e.g. dispose where possible, close connections, disable viewstate for static controls etc but my memory per instance keeps building up from page to page without any signs of improvement. I don't use loops nor store huge objects like bitmaps etc but my sessions are now gone even faster than 90 minutes in shared application pool before.
I have considered using SQL Session State but there isn't a simple guide on using this with MySQL. I am getting desperate and considering using a public variable, a string as a replacement to store logged in user id instead of in a session variable. I am pretty sure this will solve my issue with sessions being recycled but are there any negative consequences of doing this? One problem I can think of is if the user closes the browser, the system will never know that the user is now logged out and this public variable should be nothing. In this scenario, will the GC eventually clear this abandoned public variable.
My prior asp.net apps used windows authentication on an intranet. Now I'm developing an app for the internet and am stumbling over how to properly manage user sessions and state.
I first developed my web site functionality; created the SQL DB and got all of the pages to properly handle the data. Then, I installed the SQL Membership database and was able to get the CreateUser, Login, Logout pages to work. On the Verify process for the Userid, I added a step that will take the membership UserId value and create a Company record in my tables and link my CompanyId key with the UserId.
At Login time, I create a CompanyId session variable; each page uses it to retrieve records for the user. When Session Timeout occurs and the user click a link to another page, the app redirects properly to a Login page. However, if the time expires and then the user interacts on that same page, 'Object not set to an instance of the object' - the CompanyId session variable has expired.
What is the proper way to handle this? I'd like the page to automatically redirect to a TimedOut page (this would happen automatically without the user doing anything).
I considered writing a Function where I pass the Session variable I want and the Function sees if it exists; if it doesn't it would do a Response.Redirect to the TimedOut page...I can't get the Redirect to work in a Class Function ('reference to a non-shared member...').
I assumed that I should set CompanyId as a Session Variable so each page knows the user to get data for. Another approach is to use the membership User and if it is still valid, do a DB lookup to get the CompanyId. I did not choose this because I felt that it would increase DB traffic and web traffic.
Here are several relevant settings from my web.config:
<sessionState cookieless="UseDeviceProfile" />
<authentication mode="Forms">
<forms loginUrl="~/UserTasks/Login.aspx" />
It feels like there should be a straightforward answer to this but I am missing it.
I have one web application. In that, I have two pages. One is view/edit page and another one is login page. The view/edit page contains one edit button and one login button.
First I execute view/edit page, at that time I dont want to show edit button. When user clicks login button, the page will be redirected to login page, where the user has to enter username and password. If user enters both correct, again the page will be redirected back to view/edit page. This time, the edit button has to be shown to make some modifications, since the user is authenticated.
I tried this thing by using session with cookieless. It works perfectly but some times it shows web page not available. I made session timeout 120 minutes and cookieless is true. In URL session ID also available.
So, whats the alternate way to maintain user log state or whats wrong in web.config file.
I am a little bit new at handling multiple sessions congruently.
Basically i have created a chat application. In which i have a moderator page.
Now the moderator has the privilege to block particular users from the chat. Every user including the moderator has a session variable defined as Session["UserID"].
e.g for the username "moderator" the Session["UserID"]=moderator.
Now as i am logged in as the moderator how do i delete the session of a particular user whom i want to block the chat from commencing.
Is declaring a constructor private or declaring a class sealed is same thing?
View 1 RepliesI have a very basic application with user authentication. I also have a grid in my masterpage that shows all the users logged on. However, after a user logs out, it still shows them to be logged on in the users grid for the duration of the session, which is 20 mins. How do I get the grid to exclude users who've logged out? Here's the code behind for the grid:
[Code]....
I am looking for an elegant (i guess as elegant as it can be) solution to caching a users profile on login (whether it is session, cache, cookie, etc) and keeping it in sync when a users profile is changed. How do you guys handle this? Just simply call a Flush() method in your Save() method that invalidates the cache?
View 1 RepliesI am using Principal class to get the user information
HttpContext.Current.User.Identity.Name thro this i am getting doamin name and NT ID
So how can i extract User name and email from NT ID
How can I redirect the user to the first page when they've been idle for more than 20 minutes or so?Here's my session timeout time in my web config file:
[Code]....
I am using ASP.NET 2.0 and Sql server 2005 for my web application.
I have a Login.aspx page where i validate Login using Stored procedure Something like that
protected void btnLogin_Click(object sender, ImageClickEventArgs e)
{
VerifyLogin(txtUsername.Text,txtPassword.Text);
while (rd.Read())
{
[Code]....
In my ASP.NET application I need to allow only one session for a user ? When a user does login more than once, I want to get to user's previous session and abandon it. I'm keeping track of all user sessions by means of session id. But Session.Abandon is available only for the current session associated with a request and not previous sessions. I have the session id of the user's previous session but how can I end it ?
View 3 Replies