Re: OnLoggedIn/OnLoggedOut - not session?

well - don't take this personal...

you have to build a manual logic for that and tbh it is just crazy to
licence a web app based per concurrent users...

i just think that this is just not suited for a stateless protocol.


dominick

Hi;

Ok, I've re-read chapters 2, 5, & 7. And I understand why session
state and login state MUST be distinct. And I can see how I can use
events to see when a user logs in and out using forms authentication.

What I can't find is:
1) A way to know when a forms authentication ticket expires.
2) A way to track log in/out/expire for windows authentication. (I
know they
don't actually login - but I need a way to know they are hitting the
system).
Here's what I am trying to do. Our ASP.NET application is licensed
per
concurrent user. It can be run using Windows authentication or Forms
authentication.
So for forms authentication I need to know when someone logs in, when
they log out, and when they expire.

For Windows authentication I need to know when they hit the system
and when N minutes have expired since they last hit the system (ie
they "expire"). And I assume there is no "logout" concept for Windows
authentication although I can see it being useful for our case.

Suggestions????

"Dominick Baier" wrote:

no - as i said - they are two distinct things -

i thought you already bought the book i recommended to you :P

dominick

I think so. As I understand it a state management session is the
Session object and the authentication session is I am logged in.
But isn't the authentication session just a state of the state
management session?

"Dominick Baier" wrote:

??

state management sessions and authentication sessions are two
distinct things.

The login controls have such events but this has nothing to do
with session.

was that your question?

Hi;

It seems to me that you log in/out of a session. But it seems
that these events are tied to the Login and LoginStatus controls
- is that correct?



.

Relevant Pages

  • Re: Force Relogin. IIS6, ASP.NET app, IE6+ browser
    ... now it appears you are suggesting I either write a custom authentication ... cookies/tokens involved; IIS has no idea what a session is; IIS does ... not prompt with a login dialog. ... The problem you face is that a browser will automatically attempt ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to implement a automatic login function
    ... If you do not like the API, you can create MembershipUser objects and attach to an ongoing session. ... now I am using a asp.net login control and a customized membership provider to do the form authentication. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: HELP Connection error on Release mode
    ... "Off" Always display detailed ASP.NET error information. ... This section sets the authentication policies of the application. ... Set trace enabled="true" to enable application trace logging. ... <!-- SESSION STATE SETTINGS ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Forms authentication BIG issue
    ... Forms authentication does not relate to session at all, except that they both use cookies to track the user, so changing session will have no effect on the forms authentication. ... I'd suggest on your login page to check to see if the user is logged in and if so show their current login on the form. ... I hit some* "server side" link button or button (or any other ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Session Fixation Vulnerability in Web-based Applications
    ... session, without modifying the way servers generate session ID's is as ... Think of the http server generated sessions as "UI Sessions" and as ... no impact on authentication. ... "authentication key" for this domain (usually in the form of a new ...
    (NT-Bugtraq)