|
I have an ASP.NEt website and I want to know how can determine how long the website was idle (no activity from the user) and then based on that timer I want to automatically logout and redirect to default.aspx?
|
|
|
|
|
You can use session timeout in your web.config for the same.
Moreover, for automatic redirection to default page, you can use meta-refresh in your web page.
Just search "meta-refresh in html" in google. You will get a lot of examples.
|
|
|
|
|
but the automatic refresh will refresh the page with no condition.. what i want is to redirect only when the session is expired..
|
|
|
|
|
The following code in <head> section will redirect after 5 second.
<meta http-equiv="refresh" content="5;url=http://google.com">
Just change the content to (20*60 =) 1200 if your session timeout is 20 mins.
Change the url to your default.aspx
Hope this will serve your purpose.
|
|
|
|
|
That's not answering the problem as this will cause a redirect regardless of if the person has timed out their secure session or not. That'd be redirecting someone continuously to the login page for an ambiguous time period rather than say, the standard rolling expiry session cookie.
|
|
|
|
|
ASP.NET will automatically redirect the user to the login page when the session has expired. You can put some logic there to redirect back to the default page though it could get tricky determining when to redirect and when to allow login.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
|
I want to save the user_email and user_password in my website Session and clear it when loggin out but i wantg to know how secure it is to store passwords?
|
|
|
|
|
Why store password in Session??
Even though the password stored in session is secured, is there any need of storing password in session?
I think, storing username, user_email, etc is sufficient to validate users access internally.
Although its not a good practice to store password in session, if you need in your design, you can store it.
There is no way a user can hack your session data from http protocol unless there is a security bleach in your application.
|
|
|
|
|
Anurag Gandhi wrote: There is no way a user can hack your session data
WRONG
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
You should quote the complete sentence:
"There is no way a user can hack your session data from http protocol unless there is a security bleach in your application."
Could you pls forward me the link on how can i hack session data (Session Data not Session Key).
I might be wrong, but i would love see the way we can hack session data.
|
|
|
|
|
Anurag Gandhi wrote: unless there is a security bleach in your application
Well, DAH! Any app is secure until someone breaches it
I guess you haven't been following the news, there was a issue with ASP.NET just recently. I'm not going to look up what you can readily do for yourself.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Never store a password, ever, don't even get in the mind set to do it.
The typical senerio is to store a hash of the password and compare a supplied password to it. The password is secured because it can't be decrypted, or un-hashed.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
I have an UpdatePanel and I want to show a progress image when submitting in the center of that UpdatePanel....
|
|
|
|
|
That's nice. Do you have a question?
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
hi,
i have to open a pop up window in ie7. after the pop window has opened i have to close the parent window onload of popup window.can any one help.
thanks in advance.
vishnu.
|
|
|
|
|
This is a security issue. IMO, No browser allows this.
You can close only those window programatically which you have opened programmatically (from javascript).
If user has mannually opened the window/browser, confirmation from user is a must to close that window/browser.
You may try opening the parent window also from javascript if it you are needed to close it. (Too many popups?? )
Another solution is redirect your parent window to some other link/page on load of your child window.
Hope this will help you.
|
|
|
|
|
thanks for replying me sir,
my problem is cant we close the parent window without getting the alert messeage "the page you are viewing is about to close".
i have to close the parentwindow silently on load of the popup window.
thanks
vishnu.
|
|
|
|
|
|
thank u for replying me sir,
window.opener=self works fine in ie6.but it is not working in ie7. can you give a solution for this.
thanks in advance.
vishnu.
|
|
|
|
|
|
I know this is sort of an old topic but with all the code snippets I've attempted I still can't get it to perform consistently. Essentially, I'm trying to open a PDF on a server that is not on the domain but a Workgroup. The IIS 6 server is on the domain and the files reside on the Workgroup server. I'm using VS2008/.NET 3.5
*** Code to Open File from ASP.NET page
'\\Server1\contracts\newlondon.pdf
Dim sFullPath As String = sServer + sFolder + sFile
Dim wcClient As WebClient = New WebClient()
Dim obj As UserManager = New UserManager
obj.CreateIdentity("user1", "Server1", "password")
Dim buffer As Byte() = wcClient.DownloadData(sFullPath)
Response.ClearContent()
Response.AddHeader("Content-Disposition", "inline; filename=userdoc" + oDocument.FileExtension.ToString)
Response.ContentType = returnExtension(oDocument.ContentType.ToString)
Response.AddHeader("content-length", buffer.Length.ToString)
Response.BinaryWrite(buffer)
obj = Nothing
***
*** Create Identity (which I found on CodeProject)
Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Integer
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean
Public Sub CreateIdentity(ByVal User As String, ByVal Domain As String, ByVal Password As String)
Dim tokenHandle As New IntPtr(0)
Dim ret As Integer
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim LOGON32_LOGON_NETWORK_CLEARTEXT As Integer = 3
tokenHandle = IntPtr.Zero
Dim returnValue As Boolean = LogonUser(User, Domain, Password, LOGON32_LOGON_NETWORK_CLEARTEXT, LOGON32_PROVIDER_DEFAULT, tokenHandle)
If False = returnValue Then
ret = Marshal.GetLastWin32Error()
Throw New Exception("LogonUser failed with error code: " + ret.ToString)
End If
Dim id As New WindowsIdentity(tokenHandle)
CloseHandle(tokenHandle)
id.Impersonate()
End Sub
*****
I've had it working a couple times on my workstation but never from the webserver. I usually get "Unknown username or password" or "Access to ..... denied!"
I have identity impersonate="true" in the Web.Config.
modified on Thursday, November 11, 2010 10:55 AM
|
|
|
|
|
Please use proper formatting when posting code snippets. Use the "code block" menu item to wrap all code in <pre> tags
<hr />I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Hi Guys ,
I am Using caching to cache some my page but i want to expect some controls to be not cached , How ?
|
|
|
|
|
As per your requirement, you have to use fragment caching. So make a user control, put all the controls, that you want to be cached, and use it for caching
For details about Caching, Have a look to the Exploring Caching in ASP.NET
|
|
|
|