Re: FormsAuthentication.SignOut(); doesn't work...

From: mo (nospam_at_please.thiankyou)
Date: 10/23/05 

Date: Sun, 23 Oct 2005 09:16:09 -0600

Hey - very nice tool! Thanks!!!

that's exactly the problem, the cookie is not cleared. Therefore the user is
still able to roam about the site - they are never logged off. Another
strange thing is that if a user does log back on, it DOES reset the cookie.
I am not using persistent cookies either...

My login code is below:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
 1,
 Request.Form["username"],
 System.DateTime.Now,
 System.DateTime.Now.AddMinutes(30),
 false,
 userContextElement.OuterXml,
 FormsAuthentication.FormsCookiePath
 );

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect to requested url...

???

thanks,
mo

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4256546011b4d28c7a5eefcb7947e@news.microsoft.com...
> Hello mo,
>
> use a tool like www.fiddlertool.com to check if the cookie is really
> cleared...
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> my current project uses FormsAuthentocation.. I need a logoff page -
>>
>> may logo off page contains the following in the Page_Load:
>> Session.Abandon();
>>
>> FormsAuthentication.SignOut();
>>
>> After 'logging off',
>> HttpContext.Current.User.Identity.IsAuthenticated and
>> Request.IsAuthenticated is still true and the user can still access
>> pages that they should net be able to..
>>
>> What's up with this??? I've seen quite a few posts on the web, but no
>> firm answer
>>
>> thanks!
>>
>
>

Relevant Pages

  • FormsAuthenticationTicket looses UserData
    ... Upon logon I create a ticket and put some userdata in it: ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... //Hash the cookie for transport ... FormsIdentity id = HttpContext.Current.User.Identity; ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: HOW TO: Setting Up Forms Authentication
    ... What defines where the custom cookie is stored? ... string userData = String.Join; ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Getting forms auth challenge
    ... However it's still not redirecting unauthenticated users to ... //Create an authentication ticket to store in a cookie ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... string encryptedTicket = FormsAuthentication.Encrypt; ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Trying to figure out forms authentication
    ... Can one do one's own checking of username and password and totally bypass calling FormsAuthentication.Authenticate? ... Does the session object get created fresh from every forms submit using the browser's cookie that ASP.Net requests from the browser on every page submit? ... ) {FormsAuthenticationTicket ticket = new ...
    (microsoft.public.dotnet.framework.aspnet)
  • How to add FormsAuthenticationTicket to URL
    ... The codes below is copy from msdn about FormsAuthenticationTicket. ... How can I add the FormsAuthenticationTicket to URL not to Cookie? ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, ... string encTicket = FormsAuthentication.Encrypt; ...
    (microsoft.public.dotnet.framework.aspnet)