Solved

Block the forms after logout in ASP .Net 2.0

Posted on 2006-06-20
11
314 Views
Last Modified: 2008-01-09
Hi,

I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?

This is how I signed out:

Response.Redirect("~/Login.aspx", True)
System.Web.Security.FormsAuthentication.SignOut()


Thanks
0
Comment
Question by:CRIIT
  • 5
  • 4
  • 2
11 Comments
 
LVL 7

Expert Comment

by:whityum
ID: 16944984
good old html tags will say the page is expired:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
0
 

Author Comment

by:CRIIT
ID: 16945106
i tried, but i still could go back.
0
 
LVL 3

Expert Comment

by:Maxim10553
ID: 16945194
Your correct in stating that disabling the IE back button is not a good way to trap this event. First of all this will not work for any non IE users, so unless you are rolling your application out in an intranet envirnoment I would suggest otherwise. Also i do not think users would be happy with you trying to hijack their browsers and disable thier standard options. I would say the best way to do this is to write code in the Page_Init event of the forms page to determine whether the user is logged in or not. If the user is not authenticated redirect them to the login page or display a custom message stating they must be loggin in to view the forms.  
0
 
LVL 7

Expert Comment

by:whityum
ID: 16945287
but that event won't fire, it will show him the page in memory.

try these:
      Response.AddHeader "Pragma", "no-store"
      Response.Cache-Control = "no-store"
      Response.Expires = -1
0
 

Author Comment

by:CRIIT
ID: 16945371
how do I determine whether the user is logged in or not in the page_init?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 7

Expert Comment

by:whityum
ID: 16945451
sign them out before the redirect also, it's probably not even hitting that code.
0
 

Author Comment

by:CRIIT
ID: 16945738
yeah, my bad, i've changed that, now I signed the user out first and then redirect:

System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("~/Login.aspx", True)

but i still could go back,

btw, where should i use this code?

     Response.AddHeader "Pragma", "no-store"
     Response.Cache-Control = "no-store"
     Response.Expires = -1


thanks
0
 
LVL 7

Expert Comment

by:whityum
ID: 16945893
in the page_load function
0
 
LVL 7

Accepted Solution

by:
whityum earned 500 total points
ID: 16945924
that might be asp 3.0, try this

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0
 
LVL 3

Expert Comment

by:Maxim10553
ID: 16945981
you dont want to program page redirection in the page_load event.
0
 

Author Comment

by:CRIIT
ID: 16952096
thanks, this works perfectly!

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now