CodeVerge.Net Beta


   Explore    Item Entry    Members      Register  Login  
NEWSGROUP
.NET
Algorithms-Data Structures
Asp.Net
C Plus Plus
CSharp
Database
HTML
Javascript
Linq
Other
Regular Expressions
VB.Net
XML

Free Download:
Zone: > NEWSGROUP > Asp.Net Forum > general_asp.net.security Tags:
Item Type: NewsGroup Date Entered: 8/15/2004 12:12:54 AM Date Modified: Subscribers: 0 Subscribe Alert
Rate It:
(NR, 0)
XPoints: N/A Replies: 7 Views: 49 Favorited: 0 Favorite
Can Reply:  No Members Can Edit: No Online: Yes
8 Items, 1 Pages 1 |< << Go >> >|
chipinge
Asp.Net User
Problem with FormsAuthentication.SignOut( ) method8/15/2004 12:12:54 AM

0/0

I am using forms authentication with my ASP.NET application.

I have tested that it works correctly as far as logging in is concerned:
1. Prior to logging in I can't access pages for which access is denied for anonymous users (even if I paste the URL of the pages directly in the browser).
2. After logging in I can access all pages. I use the following code as part of my login 
FormsAuthentication.RedirectFromLoginPage(tbUsername.Text,false);


FormsAuthentication.SetAuthCookie(tbUsername.Text,false);

I created a logout menu option which, when selected calls the following: 
FormsAuthentication.Signout()

My problem is that the Signout command doesn't appear to work - after calling this function I am still able to access the pages with anonymous access denied (by pasting the URL of page in the browser).

What am I doing wrong here?

Thanks!
haidar_bilal
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method8/15/2004 11:22:42 AM

0/0

Well, that is true, you can still access the pages that are restricted in the web application, even if you signed out, but what you are seeing are just cached pages in the IE, so if you close the page and then open a new page and try to access the same restricted page it won't work. It is just a caching issue.

regards.
Bilal Hadiar, MCP, MCTS, MCPD, MCT
Microsoft MVP - Telerik MVP
chipinge
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method8/15/2004 2:47:29 PM

0/0

Is there any way I can clear the IE cache programatically?
dakandao
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method8/16/2004 9:09:40 PM

0/0

try this

Response.CacheControl = "no-cache"
Response.ExpiresAbsolute = Now() - 1
Response.Buffer = True
Response.Expires = 0
rashid533
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method10/11/2004 5:41:36 PM

0/0

Hi,

Have you had any luck to find the solution? I have very similar problem. I wasn't able to find a solution yet. I have tried to use Response.Expires statements, It does not work. If you have found a solution, could you post that please.

Thanks

Rashid
jeromevernon@sb
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method7/25/2007 11:04:08 PM

0/0

Try adding an output cache directive to the top of the redirected page and set the duration to a very low number...
 
default.aspx...
<%@ OutputCache Duration="3" VaryByParam="None" NoStore="true" %>  

I had this issue...  After logging out and redirecting to default.aspx the menu items on the default.master for a paticular role where not going away until clicking on the 'Home' (default.aspx) menu item several times. 

It seems almost like parts of the page is being cached by the browser or server (likely the browser) since the user is not authenticated after logging out. In my case, after adding the page directive shown above the issue goes away. Increasing the duration to a larger number (10 or more) or removing the directive makes the issue reappear.

Also, in the event the operator clicks the back button...
On pages where an authenticated user is required, you can add user validation code with a redirect in the Page_Load events... 

If Page.User.IsInRole("Administrators") = False Then
    Response.Redirect("Default.aspx")
End If 

or...

If Not Page.User.Identity.IsAuthenticated Then
     Response.Redirect("login.aspx")
End If

PS: I have found that cookieless="UseUri" seems to work best over a broader array of network/browser environments. This is just my opinion after some trial and error. 

Hope this helps someone...Jerome Vernon 

 

Jerome C. Vernon
neomax212000
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method7/26/2007 2:09:49 AM

0/0

Hi ,

 In the logout menu option just call the following code whch will do the job.

Session.Abandon()

Thanks,

Rudra Roy

Rudra Roy
oktavakol
Asp.Net User
Re: Problem with FormsAuthentication.SignOut( ) method8/9/2007 10:04:01 PM

0/0

Somehow none of this seems to work ... the page that's cached in the browser remains ... is there any way to clear the cache with javascript or something like it?
8 Items, 1 Pages 1 |< << Go >> >|


Free Download:

Books:
ASP.NET Kick Start: Kick Start Authors: Stephen Walther, Pages: 624, Published: 2002
Pro ASP.NET 3.5 in C# 2008 Authors: Matthew MacDonald, Mario Szpuszta, Pages: 1498, Published: 2007
Beginning ASP.NET 1.1 with VB.NET 2003 Authors: Chris Ullman, John Kauffman, Chris Hart, David Sussman, Pages: 888, Published: 2003
Pro ASP.NET 2.0 in C# 2005 Authors: Matthew MacDonald, Mario Szpuszta, Pages: 1255, Published: 2005
ASP.NET: Tips, Tutorials, and Code Authors: Scott Mitchell, Pages: 878, Published: 2002
Programming ASP.NET: Building Web Applications and Services Using C and VB.NET. Authors: Jesse Liberty, Dan Hurwitz, Pages: 988, Published: 2003
Sams Teach Yourself ASP.NET in 21 Days Authors: Chris Payne, Pages: 1104, Published: 2002
Programming .NET Security Authors: Adam Freeman, Allen Jones, Pages: 693, Published: -1
Pro ASP.NET 2.0 in VB 2005: From Professional to Expert Authors: Laurence Moroney, Matthew MacDonald, Pages: 1253, Published: 2006
Pro ASP.NET 2.0 in C# 2005: Create Next-generation Web Applications with the Latest Version of Microsoft's Revolutionary Technology Authors: Matthew MacDonald, Mario Szpuszta, Pages: 1426, Published: 2006

Web:
FormsAuthentication.SignOut Method (System.Web.Security) FormsAuthentication.SignOut Method. Updated: November 2007 ... The SignOut method removes the forms-authentication ticket information from the cookie or the ...
Problem with FormsAuthentication.SignOut( ) method - ASP.NET Forums Problem with FormsAuthentication.SignOut( ) method. Last post 06-25-2008 8:02 AM by manendraraj@gmail.com. 8 replies. Sort Posts: ...
The FormsAuthentication.SignOut method does not prevent cookie ... Describes an issue where the FormsAuthentication.SignOut method does not remove the forms authentication cookie from the server.
formsauthentication.signout() problem - .NET ASP I use formsauthentication.signout() method to sign off the user/ redirect to the login page. ... Re: formsauthentication.signout() problem ...
Forms Authentication, Frames, and the SignOut Method - DevX.com Forums Forms Authentication, Frames, and the SignOut Method ASP.NET. ... Here's the problem: I want the entire page to go back to the Login page, ...
Role Based Forms Authentication in ASP.NET 2.0: ASP Alliance The cause for this problem is even after the FormsAuthentication.SignOut(); line execution the context information of the current request will still hold ...
FormsAuthentication.SignOut Method (System.Web.Security) The SignOut method removes the forms-authentication ticket information from the cookie or the URL if CookiesSupported is false. You can use the SignOut ...
microsoft.public.dotnet.framework.aspnet.security: Forms ... Forms Authentication SignOut does not remove Cookie. From: Ron Cicotte (msnews@ summerstreet.net) ... The problem is that the the SignOut() method is not ...
Forms Authentication Persistent Cookies Problem Talk about Forms Authentication Persistent Cookies Problem. ... 2. Call the FormsAuthentication.SignOut Method. ...
Anil John - FormsAuthentication.SignOut and Cookie Replay Attacks ... Sep 6, 2005 ... SignOut method and provides more information about how to ease cookie replay attacks when a forms authentication cookie may have been ...




Search This Site:










web.config

dotnetnuke upgrade error

vb.net - module vs class

acessing a control on a pagefrom a user or composite comtrol

regex

database connection help....

concurrent session limits

is the following a security risk ?

how to reinstall dnn

photo album and "news"

report viewer problem

can styles in the text edit box be limited?

why doesn't the 'modules' table delete any entries?

form and windows authentication

how to save usercontrol's viewstate when usercontrol is created dynamic??

w/dnn 3.x custom module development, is there any written specification on what .vb or whatever files should be declared/referenced with which region?

howto determine dotnetnuke group of current user

bugs in asp.net version 1.1

how to clean up user inputs before they hit the database

usercontrol on another usercontrol.

accessing a sub with parameters from an imagebutton

insert into access number double as null

error - invalid skinid value within the named theme or stylesheettheme - in compositecontrol

is this a bug??

using a background image in the menu control

ideas needed , how to implement user management

added links but does not work ?

page load?

not loading a class library from /bin

bg images to menu
 
All Times Are GMT