Re: Identify FormsAuthentication Timeout

On Jun 4, 12:14 am, Chuck <nosp...@xxxxxxxxxxxxx> wrote:
Thanks,
Can't really redesign the application.  I have a heavily customized
FormsAuthetication provider.  I would rather just customize it so that
regardless of the application using FormsAuthentication, the current page
data would not be lost.

I was thinking of adding somesort of check in EndRequest that would inject a
client script to create a javascript newwindow that is actually the login
page.  In EndRequest  if you check for  
HttpContext.Current.Response.StatusCode == 302
             &&
HttpContext.Current.Response.RedirectLocation.ToUpper().StartsWith(FormsAut hentication.LoginUrl.ToUpper()))
Then you know your being redirected by forms authentication.

  Having some trouble with that so far.

"Joe Kaplan" wrote:
The better thing to do here is to design the app so that it can easily
handle holding data that is in an intermediate state of completion (not yet
"submitted") and provide code that allows features like auto save to work
and to make the current transaction "GET friendly" so that if the user is
redirected away from the page they've been working on and then redirected
back, they are returned to their in process transaction with the data as it
was last saved either through some sort of auto save feature or via a user
interaction.

You can also make it such that the forms auth does not time out at all (or
takes a very long time to), but that may not be desirable from a security
perspective.

Obviously there is some significant rework involved to make the app behave
like this.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Chuck" <nosp...@xxxxxxxxxxxxx> wrote in message
news:76C88928-236B-4E09-BB40-74F1AE486D9F@xxxxxxxxxxxxxxxx
Thanks,
Interesting technique, but I can't use it.  The users credentials are
security sensitive so we do need to have authentication deactivated after
the
timeout period expires.

"Alexey Smirnov" wrote:

On Jun 3, 5:17 pm, Chuck <nosp...@xxxxxxxxxxxxx> wrote:
I have a forms authentication website that has a page where users spend
a lot
of time on.  So somebody spends an hour on the page and then presses
submit
and gets redirected to the logon page.  Followed by a redirect back to
where
they were minus all the data they typed in.

Is their a way to handle time outs without loosing data on the
redirect.
Maybe popup a logon page versus a redirect or something.

Hi Chuck

you can try to prevent the timeout by placing an iframe in the page
that hits another page. See:

http://www.codeproject.com/KB/session/Session_Defibrillator.aspx

Another approach is to add js with timeout which is less then the
ASP.NET timeout

http://jeremywadsworth.com/Default.aspx?blogentryid=41

Hope this helps

I think that "auto save" can be easily done without major changes in
the application. It can be implemented using javascript and its
setTimeOut function that can be executed after certain period of time
(e.g. every 1 minute) and keep the form data stored as a draft... The
only thing that need to be changed is an initial load of the form
where you would need to check if there is any draft or not.
.

Relevant Pages

  • Re: Identify FormsAuthentication Timeout
    ... FormsAuthetication provider. ... timeout period expires. ... Followed by a redirect back to ... Maybe popup a logon page versus a redirect or something. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: how to auto redirect a page?
    ... may be you can using "Thread.Current.sleep" then,you can redirect ot ... this will consume you resource ... as in after a few sec, the page will auto ...
    (microsoft.public.dotnet.framework.aspnet)