Re: Identify FormsAuthentication Timeout
- From: Chuck <nospam2@xxxxxxxxxxxxx>
- Date: Wed, 3 Jun 2009 15:14:02 -0700
Thanks,
Can't really redesign the application. I have a heavily customized
FormsAuthetication provider. I would rather just customize it so that
regardless of the application using FormsAuthentication, the current page
data would not be lost.
I was thinking of adding somesort of check in EndRequest that would inject a
client script to create a javascript newwindow that is actually the login
page. In EndRequest if you check for
HttpContext.Current.Response.StatusCode == 302
&&
HttpContext.Current.Response.RedirectLocation.ToUpper().StartsWith(FormsAuthentication.LoginUrl.ToUpper()))
Then you know your being redirected by forms authentication.
Having some trouble with that so far.
"Joe Kaplan" wrote:
The better thing to do here is to design the app so that it can easily.
handle holding data that is in an intermediate state of completion (not yet
"submitted") and provide code that allows features like auto save to work
and to make the current transaction "GET friendly" so that if the user is
redirected away from the page they've been working on and then redirected
back, they are returned to their in process transaction with the data as it
was last saved either through some sort of auto save feature or via a user
interaction.
You can also make it such that the forms auth does not time out at all (or
takes a very long time to), but that may not be desirable from a security
perspective.
Obviously there is some significant rework involved to make the app behave
like this.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Chuck" <nospam2@xxxxxxxxxxxxx> wrote in message
news:76C88928-236B-4E09-BB40-74F1AE486D9F@xxxxxxxxxxxxxxxx
Thanks,
Interesting technique, but I can't use it. The users credentials are
security sensitive so we do need to have authentication deactivated after
the
timeout period expires.
"Alexey Smirnov" wrote:
On Jun 3, 5:17 pm, Chuck <nosp...@xxxxxxxxxxxxx> wrote:
I have a forms authentication website that has a page where users spend
a lot
of time on. So somebody spends an hour on the page and then presses
submit
and gets redirected to the logon page. Followed by a redirect back to
where
they were minus all the data they typed in.
Is their a way to handle time outs without loosing data on the
redirect.
Maybe popup a logon page versus a redirect or something.
Hi Chuck
you can try to prevent the timeout by placing an iframe in the page
that hits another page. See:
http://www.codeproject.com/KB/session/Session_Defibrillator.aspx
Another approach is to add js with timeout which is less then the
ASP.NET timeout
http://jeremywadsworth.com/Default.aspx?blogentryid=41
Hope this helps
- Follow-Ups:
- Re: Identify FormsAuthentication Timeout
- From: Alexey Smirnov
- Re: Identify FormsAuthentication Timeout
- References:
- Identify FormsAuthentication Timeout
- From: Chuck
- Re: Identify FormsAuthentication Timeout
- From: Alexey Smirnov
- Re: Identify FormsAuthentication Timeout
- From: Chuck
- Re: Identify FormsAuthentication Timeout
- From: Joe Kaplan
- Identify FormsAuthentication Timeout
- Prev by Date: Re: Identify FormsAuthentication Timeout
- Next by Date: Re: Identify FormsAuthentication Timeout
- Previous by thread: Re: Identify FormsAuthentication Timeout
- Next by thread: Re: Identify FormsAuthentication Timeout
- Index(es):
Relevant Pages
|
