[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I force authentication (re-authentication)?

Posted on 2012-08-29
5
Medium Priority
?
501 Views
Last Modified: 2012-11-04
I currently have my ASP .NET web application [C#] set up to where when a user attempts to get to the Default.aspx page it checks for authentication, and if the user isn't it forces them to a login page and then (upon successful authentication) sends them back to the Default.aspx page. If the user were to copy the URL, close the browser window and then open a new browser window and paste in the URL s/he copied, my application doesn't seem to be forcing him or her to re-authenticate. How do I force this to happen?
0
Comment
Question by:Michael Sterling
5 Comments
 
LVL 20

Assisted Solution

by:thehagman
thehagman earned 668 total points
ID: 38347443
What kind of authentication do you check? How do you keep the session? In cookies?
0
 
LVL 1

Accepted Solution

by:
Michael Sterling earned 0 total points
ID: 38347465
I check: Request.IsAuthenticated. I'm not doing anything with the session. From that question I'm guessing a quick tutorial (or some quick sample code, which ever is easier) on how to keep the session (in a cookie or otherwise) would be be the best help.
0
 
LVL 1

Assisted Solution

by:soorraj
soorraj earned 668 total points
ID: 38347757
0
 
LVL 11

Assisted Solution

by:b_levitt
b_levitt earned 664 total points
ID: 38349996
The problem is that the forms authentication cookie has an actual expiration date on it where the session cookie expires when you close your browser.  This can also lead to race problems to since the authentication cookie can expire separately from the session.

My preference is to simply expire any existing forms authentication with a new session in global.asax:
void Session_Start(object sender, EventArgs e)
{
  if (HttpContext.Current.Request.IsAuthenticated)
  {

    //old authentication, kill it
    FormsAuthentication.SignOut();
    //or use Response.Redirect to go to a different page
    FormsAuthentication.RedirectToLoginPage("Session=Expired");
    HttpContext.Current.Response.End();
  }

}

Open in new window


Other techniques include manipulating the forms auth timeout relative to the session timeout:
http://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout
0
 
LVL 1

Author Closing Comment

by:Michael Sterling
ID: 38564916
thank you
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question