|
I've got a custom asp.net 2 login authentication creating a generic principal object and working great except that I can't get the logout to truly abandon/clear. For most of the site, I'm using one master page, but for the secure area, I'm using another master page. The secure master page uses menus, with the logout being a menu item redirect to another page (login.aspx?id=logout) with request parameters to fire. When I click logout, it does indeed take me back to the login page. But, if I manually type in the page where I've just been, it lets me through without a login. I've tried researching the problem and implementing suggestions to others, but nothing has worked. Any help GREATLY appreciated.
webConfig:
<authorization><allow users="*">
<trust level="Full" originurl=""><authentication mode="Forms">
<forms loginurl="calendar/login.aspx" protection="All" timeout="60" name=".myCookie" path="calendar/" requiressl="false" slidingexpiration="true" defaulturl="calendar/default.aspx" cookieless="UseDeviceProfile" enablecrossappredirects="false">
global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
If HttpContext.Current.User IsNot Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
' Get Forms Identity From Current User
Dim id As FormsIdentity = DirectCast(HttpContext.Current.User.Identity, FormsIdentity)
' Get Forms Ticket From Identity object
Dim ticket As FormsAuthenticationTicket = id.Ticket
' userdata string was retrieved from stored user-data
Dim userData As String = ticket.UserData
Dim roles As String() = userData.Split(","c)
' Create a new Generic Principal Instance and assign to Current User
System.Web.HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(id, roles)
End If
End If
Else
System.Web.HttpContext.Current.User = Nothing
End If
End Sub
login.aspx
Function myAuth(ByVal mySql As String) As Boolean
'Response.Write(mySql)
FormsAuthentication.Initialize() ' Initialize FormsAuthentication
' Create connection and command objects , contactRole
Dim strConn As String = ConfigurationManager.ConnectionStrings("strConn").ConnectionString
Dim cn As New Data.SqlClient.SqlConnection(strConn)
Dim cmd As Data.SqlClient.SqlCommand
cmd = New Data.SqlClient.SqlCommand(mySql, cn)
cmd.Connection.Open()
Dim reader As Data.SqlClient.SqlDataReader = cmd.ExecuteReader()
Dim returnUrl As String, myReset As Boolean = False
If reader.Read() Then
Dim ticket As New FormsAuthenticationTicket(1, reader(0).ToString, DateTime.Now, DateTime.Now.AddMinutes(30), False, reader.GetString(1), FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)
cookie.Expires = ticket.Expiration
Response.Cookies.Add(cookie)
lblPid.Text = reader(0).ToString
System.Web.HttpContext.Current.Session("UserNbr") = reader(0).ToString
returnUrl = Request.QueryString("ReturnUrl")
myReset = reader(2)
If myReset = True Then returnUrl = "~/secure/myAccount.aspx?upd=3&em=" & lblPid.Text
If returnUrl Is Nothing Then
returnUrl = "/calendar/secure/myAccount.aspx"
End If
' Don't call the FormsAuthentication.RedirectFromLoginPage here, it could replace the custom authentication
Response.Redirect(returnUrl)
Else
lblPid.Text = "0"
System.Web.HttpContext.Current.Session("UserNbr") = "0"
Response.Cookies.Clear()
System.Web.Security.FormsAuthentication.SignOut()
Session.Abandon()
Session.Clear()
End If
reader.Close()
cn.Close()
cmd.Dispose()
End Function
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache)
If Not Page.IsPostBack Then
If Request("id") = "logout" Then
lblPid.Text = "0"
System.Web.HttpContext.Current.Session("UserNbr") = "0"
Response.Cookies.Clear()
Response.Clear()
System.Web.Security.FormsAuthentication.SignOut()
Session.Abandon()
Session.Clear()
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetExpires(DateTime.Now)
txtUsername.Focus()
Else
If System.Web.HttpContext.Current.User Is Nothing Then
System.Web.HttpContext.Current.Session("UserNbr") = "0"
Response.Cookies.Clear()
Response.Clear()
System.Web.Security.FormsAuthentication.SignOut()
Session.Abandon()
Session.Clear()
txtUsername.Focus()
Else
Dim returnUrl As String = String.Empty
returnUrl = Request.QueryString("ReturnUrl")
If returnUrl Is Nothing Then
returnUrl = "~/calendar/secure/myAccount.aspx"
End If
End If
End If
End If
End Sub
secure master page:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetExpires(DateTime.Now)
End Sub
individual secure area page:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Response.Cache.SetCacheability(HttpCacheability.NoCache)
Response.Cache.SetExpires(DateTime.Now)
End Sub
|
|
|
|
|
Hi,
Can anyone provide me the regular Expression for validating the Person Names. That expression need to handle all types of names in the best way. The name contain alphanumerics and some special characters like _ , . .I don’t know exactly about any other type of special characters in names.
Thnaks
|
|
|
|
|
Go download a tool called Expresso. It will help you create RegEx expressions. This tool has many common RegEx expressions included with it, you might get lucky and it is there. If not, this is the tool I use to create my RegEx expressions.
If that tool doesn't help, look up some of the RegEx articles on CodeProject.
The best way to accelerate a Macintosh is at 9.8m/sec² - Marcus Dolengo
|
|
|
|
|
try this: ^[a-zA-Z0-9'_.]*$
u can have the names like this also.
Eg 'Leary.
|
|
|
|
|
I am depolying a website on several different machines that we are testing with. We are trying to use anonymous authentication for the site. This works just fine for all the machines except for 1 running Windows XP. On that machine, it always pops up the Connect To dialog box for anyone that accesses the website.
I check the settings for the website and it is set to anonymous as the other machines are.
Also, if running locally, it will not bring up the Connect To dialog box if the web address is localhost or 127.0.0.1.
I know it has something to do with the machine security settings, but I am not able to figure out what.
Can anyone tell me what other things I need to look at in the machine in order to allow access without the Connect To dialog box showing up?
Thanks,
David
|
|
|
|
|
Hi all,
I have implemented Nested Master page concept in my web portal(which has multiple website in it).
Explanation:
Parent (Master Page) - webportal level master page.
child (Master page) - website level master page.
child uses the parent master page and content pages are produced from child master page.(That how it is nested).
Issues are:
1. .css file can only once reference, that is in parent master page.
when I tried to reference another stylesheet in my child master page, it didn't work.
Consequences: The style is going to bulk. because it is going to be global for web portal(for all the website inside the portal). Globally all page's received byte will be increased due to bulk .css file (decreases the performance).
2.
.js file can only once reference, that is in parent master page.
when I tried to reference another .js file in my child master page, it didn't work.
<b>Consequences:</b> The .js file is going to bulk. because it is going to be global for web portal(for all the website inside the portal). Globally all page's received byte will be increased due to bulk .js file (decreases the performance).
<b>3.</b> Globally there is only one form on parent master page. I want to have one form in the child master page for posting values to out side asp application. (that is from website level not from web portal level).
<b>Consequences:</b> Posting globally from parent master page is going make the parent master bulk with all the hidden fields to be posted from various websites in the portal. Globally all page's received byte will be increased due to bulk parent master page file (decreases the performance).
Please let me know. Is there a way to get arround the above issues.
I would appreciate your ant kind of help on this.
Thanks
Mohamed
|
|
|
|
|
1a. You can create themes, and put whatever css files you want in them. When a page uses a theme, links to the css files will be added to the header.
1b. Link tags can be added to the header using code.
2a. Your script tag is wrong, which may explain part of your problems. The script tag must have an end tag, even if it doesn't contain any code.
2b. You can include scripts anywhere in the page. Even if it's recommended to include scripts from the header, it can be done anywhere. It is frequently used anywhere in the code, for statistics and advertisments for example.
2c. Script tags can be added to the header using code.
3a. If you choose to have the form in the master page, your pages will be limited by that. There is no need to put the form in the master page.
3b. A page can have any number of forms, as long as they are not nested. Forms can even be added when needed using Javascript.
---
"Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you're fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're thirty-five is against the natural order of things."
-- Douglas Adams
|
|
|
|
|
Thanks for the reply. Hope this give you clear description of what i want.
1a. Themes can only used for server controls.(I am already using it)
1.b Is it possible to refer 2 link(.css file) that is one in Parent master page another in child master page.I tried, it always refers to the parent level link(.css file).
2. Is it possible to refer 2 .js file in one website.if yes please let me know.
Because I tried and it failed(it refers only one on the parent master page)
Parent master page:
Child master page:
3.I under stood this point and got it done. thanks.
Thanks in advance
Mohamed.
|
|
|
|
|
Md Arif wrote: 1a. Themes can only used for server controls.(I am already using it)
Not at all. You can put css files in a theme, and those will of course affect all elements on the page, not only elements created by server controls.
Are you thinking about the use of skins in themes?
Md Arif wrote: 1.b Is it possible to refer 2 link(.css file) that is one in Parent master page another in child master page.I tried, it always refers to the parent level link(.css file).
If you add two link elements to the header, both will be used, regardless of where the code is that adds them.
Md Arif wrote: 2. Is it possible to refer 2 .js file in one website.if yes please let me know.
Because I tried and it failed(it refers only one on the parent master page)
Yes, you can use any number of script files in a page.
How did you check if the files were included?
---
"Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you're fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're thirty-five is against the natural order of things."
-- Douglas Adams
|
|
|
|
|
Dear all,
I would like to know how to use AT Command via GSM modem (In fact, it is a nokia moblie phone)?
I don't know what's the AT Command to send sms to moblie number(98765432) via a GSM modem....
Many and Many Thanks
Jaski
-- modified at 11:14 Thursday 25th October, 2007
|
|
|
|
|
I Think those commands are driver to hardware based.
This is asp.net forum, and you are on the wrong one.
|
|
|
|
|
How to display a paragraph of text, in a label. It want the text should be displayed I a particular width. Please help me.
jai prakash
|
|
|
|
|
Set the style of that label to have a particular width, e.g. style { width : 300px; } .
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
hi Pete ,
I all ready mention the width, it is not working.
jai prakash
|
|
|
|
|
Read the 'how to ask questions' sticky post at the top of this forum. What you've been told is correct. Now, it remains to work out what you're doing wrong. 'It's not working' does not give us the info we need to work out your error.
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
|
|
|
|
|
Has anyone found any documentation on how to drag and drop between two list boxes? Preferrably with AJAX. Any help would be greatly appreciated.
Thanks,
Cisco2103
|
|
|
|
|
Do you know what AJAX is ? You need javascript to do what you're describing, but unless you want to store what is in which listbox in your database as it occurs, AJAX is of no value to you whatsoever in doing this.
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
|
|
|
|
|
hi frns
i am developing webapplication in c#.net 2005
i want to display the count of records present in gridview of my application into textbox control can anybody suggest me to do this task.
regards
sunil
|
|
|
|
|
if you bind gridview with dataset then you can use
txtCount.Text=ds.Table[0].Rows.Count.ToString();
OR
after binding gridview you can also count gridview's rows
txtCount.Text=gv_List.Rows.Count.ToString();
bEst RegArd
pAthAN
|
|
|
|
|
thank u pathan its working
|
|
|
|
|
i am using dropdown list in my web application when ever i select a item from dropdown list the changes are being made. but i want to change the result only when i click on the button which i have provided on this page
plz send me the answer as early as possible
thanks in advance
|
|
|
|
|
The AutoPostBack property of your control is set to true, so after the selection it postbacks. Set it to false
Cheers,
Mircea
"Pay people peanuts and you get monkeys" - David Ogilvy
|
|
|
|
|
thanks for your reply dear
|
|
|
|
|
Please don't call me dear. It's inappropriate. The term "dear" (used as a noun) is for referring to someone you love. It's also a formal way of addressing someone but it's always followed by the person's name ("Dear Fred"), or another noun ("dear friend") so in other words as an adjective.
Cheers,
Mircea
"Pay people peanuts and you get monkeys" - David Ogilvy
|
|
|
|
|
hi,
how can I choose the layout for the ASP .net as I like, not to be only controled by the html source code.
There is always something to learn
|
|
|
|