Solved

Block the forms after logout in ASP .Net 2.0

Posted on 2006-06-20
11
322 Views
Last Modified: 2008-01-09
Hi,

I have an ASP .Net 2.0 website, after the user clicks the logout button to log out. I don't want user to be able to go back to the forms. I know how to disable the back button in IE, but feel it isn't a very good approach. Can anyone help?

This is how I signed out:

Response.Redirect("~/Login.aspx", True)
System.Web.Security.FormsAuthentication.SignOut()


Thanks
0
Comment
Question by:CRIIT
  • 5
  • 4
  • 2
11 Comments
 
LVL 7

Expert Comment

by:whityum
ID: 16944984
good old html tags will say the page is expired:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
0
 

Author Comment

by:CRIIT
ID: 16945106
i tried, but i still could go back.
0
 
LVL 3

Expert Comment

by:Maxim10553
ID: 16945194
Your correct in stating that disabling the IE back button is not a good way to trap this event. First of all this will not work for any non IE users, so unless you are rolling your application out in an intranet envirnoment I would suggest otherwise. Also i do not think users would be happy with you trying to hijack their browsers and disable thier standard options. I would say the best way to do this is to write code in the Page_Init event of the forms page to determine whether the user is logged in or not. If the user is not authenticated redirect them to the login page or display a custom message stating they must be loggin in to view the forms.  
0
 
LVL 7

Expert Comment

by:whityum
ID: 16945287
but that event won't fire, it will show him the page in memory.

try these:
      Response.AddHeader "Pragma", "no-store"
      Response.Cache-Control = "no-store"
      Response.Expires = -1
0
 

Author Comment

by:CRIIT
ID: 16945371
how do I determine whether the user is logged in or not in the page_init?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 7

Expert Comment

by:whityum
ID: 16945451
sign them out before the redirect also, it's probably not even hitting that code.
0
 

Author Comment

by:CRIIT
ID: 16945738
yeah, my bad, i've changed that, now I signed the user out first and then redirect:

System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("~/Login.aspx", True)

but i still could go back,

btw, where should i use this code?

     Response.AddHeader "Pragma", "no-store"
     Response.Cache-Control = "no-store"
     Response.Expires = -1


thanks
0
 
LVL 7

Expert Comment

by:whityum
ID: 16945893
in the page_load function
0
 
LVL 7

Accepted Solution

by:
whityum earned 500 total points
ID: 16945924
that might be asp 3.0, try this

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0
 
LVL 3

Expert Comment

by:Maxim10553
ID: 16945981
you dont want to program page redirection in the page_load event.
0
 

Author Comment

by:CRIIT
ID: 16952096
thanks, this works perfectly!

Response.Cache.SetCacheability(HttpCacheability.NoCache);
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now