(untagged)

Form Authentication Tickets

Mubi | www.mrmubi.com

0.00/5 (No votes)

5 Dec 2005

How to manage different session time out for different users

Download source files - 24 Kb

Sample Image - Forms_Authentication.jpg

Introduction

Some times we require that there should be different time outs for each user. In case when you give choice to user of your web that he can define his time out himself. In this case each user will set his own time and you have to make your web site of such type that it will maintain session for each user according to time he specifed.

What will we do:

Here I will explain you how to achieve this goal using ASP.Net's form authentication.

Problem

Some asp.net user has problem that when they use authentication tickets, session time out shows inconsistent attitude. Here I will explain how to maintian different time out for different users.

What is form authentication?

In ASP there was no mechanisam for logging user, you just have to put some values in session

that could be user id, and then check this value on each page user is trying to access.
But in .net form authentication provide to a mechanism for logging user.
When to login you set cookie that is encrypted you need to put user id in that cookie, that

is very easy, and after that asp.net will do all the task for you need not to check for

authentication each page.
What you have to do is specify a login page in web.config, there are few other settings also

i will tell you in detail. dont worry abou that that are very easy and can be done in few

seconds.

Lets Start Work:

Create 3 page
1. Create asp.net project (example contains C# code)

2. Creat login page, login.aspx. (form authentication automatically redirect to this page if request is unautorized)

3. Create default page, default.aspx (every site has a defaul page, form autentication automatically redirect to this page after successful login).

4.create details page, details.aspx (optional page, that shows your product etc)

some page will be created automatically for example
1.web.config
2.global.asax

You have completed all the structure of your website well done!!! lets start conding now!

Starting Coding:

Web.config:

First of all do some change in web.config file...
Go to the section authentication of web.config
i. set authentication code to forms

ii. provide login url, that is your login page where user will be redirected in case he is not loged on and trying to access some page.

iii.provide passwordformat for now just put it clear dont confused here this is just to set

your password will be clear format or encrypted that is an other topic.
iv. provide user names if you have some static users, you can also load list form database

will tell you letter how to do that.

 <authentication mode="Forms" > 
        <forms  name=".ASPXSessionDemoTest" loginUrl="login.aspx" protection="All"  >
            <credentials passwordFormat = "Clear"> 
                <user name="admin" password="admin"/>               
                 
            </credentials>
        </forms>    
        </authentication>Go to the section autorization of the web config.
i.deny user set ? mark.
so that it ask for password to each user.

   <authorization>
        <deny users="?" /> <!-- Allow all users -->
            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>
We have alomost done with web.config file.

Login.aspx:

when user enter user name
and password and click login button write following code (find form source)

   // Create a custom FormsAuthenticationTicket containing
   // application specific data for the user. 
    
   // user email address
   string email        = this.TextBox1.Text ; 
   //user password
   string password     = this.TextBox2.Text ; 
   bool   isPersistent = false; //Persist.Checked; 
   //write down u r own methods for authentication
   //either from database or file
   
   if (Authenticat(email)) 
   { 
    //if user is authunticated then
    //get the user time from databse or file where user have 
metiontioed it. this will return an intger value, for example 30, 60 this is time out in 
minutes. 
    int timeout=settimeout();
    
    //this variable will be accessible automatically
    //on each form...
    //so if you have some role base system
    //or you want to assign some data to this user
    //then put this along with this ticket
    //as done here 
    //supose mubi is admin and i want store this info in ticket
    //so that i can get it on each page
    //you will get this information from database that what is 
his roles. i am hard coding here.
     
    string username="mubi"; 
    string userData = setrole(username); 
    FormsAuthenticationTicket ticket = new 
FormsAuthenticationTicket(
     1,
     email,
     System.DateTime.Now,
     System.DateTime.Now.AddMinutes(timeout),
     isPersistent,
     userData,
     FormsAuthentication.FormsCookiePath); 
    // Encrypt the ticket.
    string encTicket = FormsAuthentication.Encrypt(ticket); 
    // Create the cookie.
    Response.Cookies.Add(new 
HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); 
    // Redirect back to original URL.
     
Response.Redirect(FormsAuthentication.GetRedirectUrl(email,isPersistent));

Logout Button:

on logout button press write following code

//sign out from form authentication

FormsAuthentication.SignOut();

//abandon session

Session.Abandon();

Response.Redirect("logon.aspx");

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here