Solved

Security

Posted on 2003-12-08
17
350 Views
Last Modified: 2010-04-17
I am using VB.NET and the application is a web app. I am trying to secure my website. When the User logs in from the Login Page and enters his account, then signs out, so after signing out the user gets back to the Login Page. So now the user shouldnt be able to enter the account by clicking the back button on the browser...How do I restrict the user to do that?


0
Comment
Question by:Moizsaif123
  • 9
  • 8
17 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9898854
1. expire the pages from cache using cache control
or
2. open a new session in a new window and close the window when signing out
or
3. always use location.replace(newurl) to replace the current page in history and replace with the login page when signing out

Other than that I have no suugestions not knowing .net at all
0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9898992
I'm Interested in all points but what does 3). do again...and how do I start doing it?

Moiz  
0
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 150 total points
ID: 9899430
1. first

<form action="login" target="_blank">

2. on all the next pages use
<a href="page2.html" onClick="location.replace(this.href); return false">Page2</a>

and all foreign links open in new windows too

Michel
0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9900179
     I think you have answered my question, tho instead of using a link I want the 'SignOut' to be a Button control. Below is this Button control in Html code, How do I redirect the onclick of this button to the Login.aspx Page?

and will it work the same way as the link does?

<INPUT id="Submit1" onclick="location.replace(this.href); return false" style="Z-INDEX: 101; LEFT: 121px; WIDTH: 122px; POSITION: absolute; TOP: 139px; HEIGHT: 25px" type="submit" value="Submit" name="Submit1" runat="server">



Moiz
0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9904911
I mean how do I make the Button control work the same way as the hyperlink does?



Moiz
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9905415
Sorry I do not understand the button
If you need the button to log out, that means you have a FORM whose ACTION is logging out
This button has a lot of garbage in it
and should PROBABLY look like this

<INPUT id="Submit1" style="Z-INDEX: 101; LEFT: 121px; WIDTH: 122px; POSITION: absolute; TOP: 139px; HEIGHT: 25px" type="submit" value="Submit" name="Submit1">

runat="server" is not something a button would have
ANd to have your button log out, you would simply have the logout script close the window when it returns
<body onLoad="window.close()">

Of course assuming your logon script opened a new window

0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9913225
Is it possible if you could send me a html coded page or two including a Login page and another random page with the Sign Out button, so I can see exactly wat yu mean, I would really appreciate it....... :), thanks....


Moiz
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9914046
<a href="login.asp" target="_blank">Login</a>




<form action="logout.asp">
<input type="submit" value="Logout">
</form>

and in logout.asp:

<script>
window.close()
</script>
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Author Comment

by:Moizsaif123
ID: 9914575
So let me get the concept straight, say there are two pages....
Page A( Login Page), Page B(Random Page), then when the user clicks on the link in Page A then opens a new window which Page B. then user clicks on the sign out button in Page B and closes the window,so the user closes Page B. is that right?


0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9914975
Hmm,

I have a link in the welcome page. It opens a new browser window with a loginform:
<a href="login.asp" target="_blank">Login</a>

login.asp is your pageA

then when you want the user to leave, you show

<form action="logout.asp">
<input type="submit" value="Logout">
</form>
to clean up or simply

<form>
<input type="button" value="Logout" onClick="window.close()">
</form>

if you do not need to tell the server the user left.
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9914980
if you use

<form action="logout.asp">
<input type="submit" value="Logout">
</form>

then logout.asp simply returns

<script>
window.close()
</script>

to the user
0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9916475
Got it!, umm for this link,
<a href="login.asp" target="_blank">Login</a>

I have to fill in VB code in the back, for that I want to use a button control, a web form button control. so I want the Button to act the same way as the link but also read the vb code in the back.Is that possible?




0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9916539
<form action="login.asp" target="_blank">
<input name="something" type="hidden" value="<%= whatever %>">
<input type="submit" value="Login">
</form>
0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9921085
but what if i want a button to act independently of another buttons on the form. I mean if I have another button on the form and do someother function and not open a new window but this one button will open a new window.... below
<input type="submit" value="Login">
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9921592
<input type="button" value="Login" onClick="window.open('login.asp','_blank')">
0
 
LVL 4

Author Comment

by:Moizsaif123
ID: 9964642
Hey this link yuv given me,

<a href="page2.html" onClick="location.replace(this.href); return false">Page2</a>

this works on links,  but when i put this

<input type="button" value="Login" onClick="location.replace(this.href); return false">

it blows saying...

BC30456: 'location' is not a member of 'ASP.Pri_PtnIns_aspx'.


 how do i make it work on a button control

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 9964831
this.href is the link's href

<input type="button" value="Login" onClick="location.replace('page2.html')">

you cannot just swap one control for another

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Looking for example pivot year code used in Y2K 4 62
creating threads in delphi 1 82
SUM 2 INTEGER ARRAYS INTO 1 10 93
Regular Expression Calculator Tester 2 57
RIA (Rich Internet Application) tools are interactive internet applications which have many of the characteristics of desktop applications. The RIA tools typically deliver output either by the way of a site-specific browser or via browser plug-in. T…
A short article about a problem I had getting the GPS LocationListener working.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now