How do I force authentication (re-authentication)?

Posted on 2012-08-29
Last Modified: 2012-11-04
I currently have my ASP .NET web application [C#] set up to where when a user attempts to get to the Default.aspx page it checks for authentication, and if the user isn't it forces them to a login page and then (upon successful authentication) sends them back to the Default.aspx page. If the user were to copy the URL, close the browser window and then open a new browser window and paste in the URL s/he copied, my application doesn't seem to be forcing him or her to re-authenticate. How do I force this to happen?
Question by:mikesExpertExchange
    LVL 20

    Assisted Solution

    What kind of authentication do you check? How do you keep the session? In cookies?
    LVL 1

    Accepted Solution

    I check: Request.IsAuthenticated. I'm not doing anything with the session. From that question I'm guessing a quick tutorial (or some quick sample code, which ever is easier) on how to keep the session (in a cookie or otherwise) would be be the best help.
    LVL 1

    Assisted Solution

    LVL 11

    Assisted Solution

    The problem is that the forms authentication cookie has an actual expiration date on it where the session cookie expires when you close your browser.  This can also lead to race problems to since the authentication cookie can expire separately from the session.

    My preference is to simply expire any existing forms authentication with a new session in global.asax:
    void Session_Start(object sender, EventArgs e)
      if (HttpContext.Current.Request.IsAuthenticated)
        //old authentication, kill it
        //or use Response.Redirect to go to a different page

    Open in new window

    Other techniques include manipulating the forms auth timeout relative to the session timeout:
    LVL 1

    Author Closing Comment

    thank you

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    User art_snob ( encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
    More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now