RE: Logging off user

From: Mike Moore [Microsoft] (michmo@online.microsoft.com)
Date: 01/25/03 

From: michmo@online.microsoft.com ("Mike Moore [Microsoft]")
Date: Sat, 25 Jan 2003 02:34:02 GMT

Hi Jan,

SignOut is not usually used to enforce a timeout. SignOut is a server-side
function while authentication timeouts are usually tracked by the client.
The following article shows a couple ways to set a timeout. One (the most
common) is to specify it in the authentication section of the web.config
file. Another method shown is to create and encrypt your own cookie.

301240 HOW TO: Implement Forms-Based Authentication in Your ASP.NET
Application
http://support.microsoft.com/?id=301240

Does this answer your question?

Thank you, Mike Moore
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
>From: "Jan Pavel" <jan.pavel@xio.cz>
>Subject: Logging off user
>Date: Fri, 24 Jan 2003 01:08:44 +0100
>Lines: 12
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>Message-ID: <OsKn3yzwCHA.1712@TK2MSFTNGP10>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: kxpavj17.vse.cz 146.102.92.23
>Path: cpmsftngxa06!TK2MSFTNGP08!TK2MSFTNGP10
>Xref: cpmsftngxa06 microsoft.public.dotnet.framework.aspnet.security:3756
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hi,
> I have a two WebForms. The first form is login screen. After user is
logged
>in, he is redirected to the second form. (I use Forms authentication on my
>web so user must first log in to get to the second form). On the second
>form, I need to set some timeout and when the timeout expires I want to log
>off user (need to call System.Web.Security.FormsAuthentication.SignOut()
>method).
>My problem is that I don't know how to check whether timeout is already
>expired or not. I tried to use a timer component but it didn't work. Does
>anyone know how to solve this problem ?
>
>
>

Relevant Pages

  • Re: Securing static files
    ... It's not the session - it's the authentication timeout - you can set the timeout in the element in web.config. ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: FormsAuthentication doesnt redirect properly after timeout
    ... Danny wrote: ... > If the timeout expires and the user then wishes to access some ... > string when redirected to the login page following an authentication ... Could be that .NET doesn't populate ReturnUrl if it's a POST that is ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows Authentication Timeout
    ... The problem is that with Windows auth, the browser caches those credentials ... >> | Yes, I have looked at Forms Authentication, the problem is that I ... just so I can have an authentication timeout? ... >> | I believe that the reason they are prompted twice on the first request ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows Authentication Timeout
    ... > take the users Windows Domain Credentials and validate them against AD on ... Apparently, Windows Authentication ... > doesn't have a Timeout value that can be set programmatically for ASPX ... > Authentication was going for here, but it seems like programmers should be ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Proper session timeout
    ... The element in <authentication> section has a timeout attribute - ... The session has a separate timeout specified in the element ... > they see an error message about object references not being set. ...
    (microsoft.public.dotnet.framework.aspnet)