forms authentication automatic logout without timers?

From: Sam (anonymous_at_discussions.microsoft.com)
Date: 06/30/04 

Date: Wed, 30 Jun 2004 08:37:55 -0700

In the Global.asax AuthorizeRequest event, you can add
code that will check if the user is authenticated and if
the current url is secure or not. Then, sign the user out
accordingly:

Private Sub Global_AuthorizeRequest(ByVal sender As
Object, ByVal e As System.EventArgs) Handles
MyBase.AuthorizeRequest
        If User.Identity.IsAuthenticated Then
            If Not
HttpContext.Current.Request.IsSecureConnection Then
                
System.Web.Security.FormsAuthentication.SignOut()
            End If
        End If
End Sub

>-----Original Message-----
>Hello,
>
>I have a web application that uses forms authentication.
I have been asked to implement a feature that logs users
out automatically if they navigate to a page outside of
the secured portion of the web app. This request means
that cookie timeouts won't work, it needs to be an instant
thing - you leave the site -> the door gets locked on your
way out even if you haven't explicitly logged out
yourself.
>
>Does anyone know if this is possible?
>
>Regards,
>
>Danny
>.
>

Relevant Pages

  • RE: forms authentication automatic logout without timers?
    ... I've been asked to somehow prevent that malicious user from being able to gain access to secure content if fogetful user didn't logout and the forms authentication timer on the auth cookie hasn't yet expired. ... > Private Sub Global_AuthorizeRequest(ByVal sender As ... > the secured portion of the web app. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: can you prevent malicious use of browser back button in forms auth
    ... > I have a Web App that uses forms authentication to secure sections. ... malicious user then comes along and presses the back button on their browser ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.NET Authentication and Windows Authentication
    ... What do you mean by "isn't secure"? ... Whilst hiding usernames is probably a good ... authentication relies on "something I know" or "something I ... > who is accessing the web app, and how to make it secure. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: PEAP-TLS vs EAP-TLS
    ... The documentation is correct in the order of being most secure though most ... confusing here is that EAP and EAP-TLS are not the same. ... does not allow authentication to be done in clear text. ... Take a look at "Securing Wireless LANs with Certificate Services" ...
    (microsoft.public.windows.server.security)
  • Re: RE: Telnet/SSL v SSH
    ... My real question is which is better to secure the communication between them. ... I'm interested in authentication and non-repudiation if possible. ... >nearly the same robustness as SSH from the perspective of Authentication, ...
    (Security-Basics)