Solved

Authentication  problem - page become blank

Posted on 2008-10-14
4
321 Views
Last Modified: 2012-06-27
I have an application developed in VB.net and protected by password through user authentication.
In the application itself, i have a "Logout" button to clean the authentication cookies -FormsAuthentication.SignOut() and return to the default login.aspx page. My problem is if  the user just close the IE withouth proper logout, then the page become blank when they are trying to access it after improper logged off.  What they need to do is to manually go into internet explorer setting and clean the cookies before they can continue use this application. I am not sure anything to do with web.config or do i need to capture when the end user cloase the IE windows and run FormsAuthentication.SignOut() to clean the cookies. My web.config as attached.
<?xml version="1.0"?><configuration>

	<!-- enable forms authentication -->

	<configSections>

		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>

					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections>

                                                                                                                                                                                                                                                                                                                       <appSettings>

                                                                                                                                                                                                                                                                                                                           <add key="CrystalImageCleaner-AutoStart" value="true" />

                                                                                                                                                                                                                                                                                                                           <add key="CrystalImageCleaner-Sleep" value="60000" />

                                                                                                                                                                                                                                                                                                                           <add key="CrystalImageCleaner-Age" value="120000" />

                                                                                                                                                                                                                                                                                                                       </appSettings>

                                                                                                                                                                                                                                                                                                                       <system.web>

		<customErrors mode="Off"/>

		<authentication mode="Forms">

      <forms

        name="ASP101SampleAuth"

        loginUrl="login.aspx"

         requireSSL="false"

        cookieless="UseCookies"></forms>

      

    </authentication>

		<compilation debug="true">

			<assemblies>

				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>

				<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>

				<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>

				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>

				<add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="CrystalDecisions.CrystalReports.Engine, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>

				<add assembly="CrystalDecisions.ReportSource, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>

				<add assembly="CrystalDecisions.Shared, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>

				<add assembly="CrystalDecisions.Web, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>

				<add assembly="CrystalDecisions.ReportAppServer.ClientDoc, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>

				<add assembly="CrystalDecisions.Enterprise.Framework, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/>

				<add assembly="CrystalDecisions.Enterprise.InfoStore, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies>

		

    

    </compilation>

		<pages>

			<controls>

				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>

		<httpHandlers>

			<remove verb="*" path="*.asmx"/>

			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

			<add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/><add verb="GET" path="CrystalImageHandler.aspx" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></httpHandlers>

		<httpModules>

			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></httpModules></system.web>

	<!-- set secure page to reject anonymous users -->

	<location path="default.aspx">

		<system.web>

			<authorization>

				<deny users="?"/>

			</authorization>

		</system.web>

	</location>

	<location path="main.aspx">

		<system.web>

			<authorization>

				<deny users="?"/>

			</authorization>

		</system.web>

	</location>

  <location path="Redirect.aspx">

    <system.web>

      <authorization>

        <deny users="?"/>

      </authorization>

    </system.web>

  </location>

	<location path="ALT.aspx">

		<system.web>

			<authorization>

				<deny users="?"/>

			</authorization>

		</system.web>

	</location>

	<location path="GM.aspx">

		<system.web>

			<authorization>

				<deny users="?"/>

			</authorization>

		</system.web>

	</location>

	<location path="SM.aspx">

		<system.web>

			<authorization>

				<deny users="?"/>

			</authorization>

		</system.web>

	</location>

	<location path="OE.aspx">

		<system.web>

			<authorization>

				<deny users="?"/>

			</authorization>

		</system.web>

	</location>
 

  <location path="HR.aspx">

    <system.web>

      <authorization>

        <deny users="?"/>

      </authorization>

    </system.web>

  </location>

	<system.codedom>

		<compilers>

			<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

				<providerOption name="CompilerVersion" value="v3.5"/>

				<providerOption name="WarnAsError" value="false"/></compiler>

			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

				<providerOption name="CompilerVersion" value="v3.5"/>

				<providerOption name="OptionInfer" value="true"/>

				<providerOption name="WarnAsError" value="false"/></compiler></compilers></system.codedom>

	<system.webServer>

		<validation validateIntegratedModeConfiguration="false"/>

		<modules>

			<remove name="ScriptModule"/>

			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></modules>

		<handlers>

			<remove name="WebServiceHandlerFactory-Integrated"/>

			<remove name="ScriptHandlerFactory"/>

			<remove name="ScriptHandlerFactoryAppServices"/>

			<remove name="ScriptResource"/>

			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

			<add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/><add name="CrystalImageHandler.aspx_GET" verb="GET" path="CrystalImageHandler.aspx" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=10.5.3700.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" preCondition="integratedMode"/></handlers></system.webServer>

	<runtime>

		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

			<dependentAssembly>

				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>

				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/></dependentAssembly>

			<dependentAssembly>

				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>

				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/></dependentAssembly></assemblyBinding></runtime></configuration>

Open in new window

0
Comment
Question by:belim
4 Comments
 
LVL 83

Accepted Solution

by:
CodeCruiser earned 75 total points
Comment Utility
There is a setting in the web.config where you specify the session timeout for the user. It is the place where you provide other settings related to the forms authentication.
Also, you can use the events in the global.asax to signout the user.
The page should not be blank by the way. The expected behaviour is that the ASP.NET would automatically redirect to login.aspx if the user is not logged in. Have you configured the forms authentication properly?
0
 
LVL 51

Assisted Solution

by:tedbilly
tedbilly earned 75 total points
Comment Utility
The following is from the Microsoft site.  I'd recommend you add the timeout as CodeCruiser suggested
<!--

forms Attributes: 

name="[cookie name]" - Sets the name of the cookie used for Forms Authentication.

loginUrl="[url]" - Sets the URL to redirect client to for authentication.

protection="[All|None|Encryption|Validation]" - Sets the protection mode for data in cookie.

timeout="[minutes]" - Sets the duration of time for cookie to be valid (reset on each request).

path="/" - Sets the path for the cookie.

requireSSL="[true|false]" - Should the forms authentication cookie be sent only over SSL?

slidingExpiration="[true|false]" - Should the forms authentication cookie and ticket be reissued if they are about to expire?

-->

Open in new window

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now