Re: FormsAuthentication client-side problem

From: Wes Henderson (wes1024_at_hotmail.com.nospam)
Date: 05/27/04

  • Next message: Joseph E Shook [MVP - ADSI]: "Re: Getting AD Groups" 
    Date: Wed, 26 May 2004 22:50:30 -0500

    Marcio,

    Try this in your Page_Load:

    Response.Cache.SetCacheability(HttpCacheability.NoCache); 

    -- 
Regards,
Wes Henderson
In order to help everyone, please direct all replies to this newsgroup.
This posting is my personal effort to provide help and is not on behalf of
any company.
Also, this posting is provided "AS IS" with no expressed or implied
warranties.
"Marcio Kleemann" <notavailable> wrote in message
news:%23lcWvF3QEHA.624@TK2MSFTNGP11.phx.gbl...
> I'm using FormsAuthentication to secure access to a web site. The
> authentication process works correctly initially. The pages on the site
have
> a "logout" button, which basically call FormsAuthentication.SignOut() and
> redirect the user to the login page.
>
> The problem is that after the user logs out, if they were to use their
> browser's "Back" button (or even enter the url to the page directly on the
> browser), they are allowed into that page. This is probably because the
> browser is simply re-rendering the page without going back to the server
> (I've verified that it does not go back to the server by placing a
> breakpoint on page_load). Interestingly enough, if you enter a url for a
> page on that web site that was not navigated to while the user had been
> authenticated, then it correctly kicks them to the login page. But any
page
> that was visited during the authenticated session continues to be
available
> on that browser even after SignOut.
>
> Since this needs to be solved on the client side, I'm trying to implement
> something using the client's onload event, which is raised every time the
> browser renders the page (whether through Back button, etc). But the
problem
> is that with client-side scripting like javascript or vbscript I don't
have
> access to session variables and such - which I could otherwise use to
> indicate that the user is no longer authenticated. So I'm at a loss as to
> how to handle this.
>
> If someone has dealt with this before, I'd much appreciate pointing me in
> the right direction.
>
> Thanks
>
>
  • Next message: Joseph E Shook [MVP - ADSI]: "Re: Getting AD Groups"

    Relevant Pages

    • FormsAuthentication client-side problem
      ... I'm using FormsAuthentication to secure access to a web site. ... authentication process works correctly initially. ... browser), they are allowed into that page. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: FormsAuthentication client-side problem
      ... >> I'm using FormsAuthentication to secure access to a web site. ... >> authentication process works correctly initially. ... >> browser), they are allowed into that page. ... then it correctly kicks them to the login page. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • RE: How to tell WebBrowser control what credentials to use?
      ... Does the browser implement the IProfferService ... In cases of WinForms authentication I can use code similar to the following. ... I can do the same in a login form entering the username ... there're two kinds of authentication modes for web site. ...
      (microsoft.public.dotnet.framework.windowsforms)
    • Re: return value from cgi
      ... > I'm posting a form to a cgi application on another web site. ... > a text message to the browser. ...
      (comp.lang.php)
    • RE: OWA fails to close
      ... network identification and your password when you try to log off from OWA. ... Right-click the default Web site, ... the client computer is not logged off until the browser is ... This posting is provided "AS IS" with no warranties, ...
      (microsoft.public.exchange.misc)