1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

FRUSTRATION after trying all possible sign out end session codes

Discussion in 'C#' started by wak0, Dec 15, 2009.

  1. #1
    I have a website that people access using Active directory credentials. The person clicks on a link on PAGE A and get sent to PAGE B after log in is successful.

    Once in PAGE B there is a link for sign out that the user can click to close the window and being redirect, or whatever needs to happen in order for the user to be asked for credentials again.

    I have try, abandon session, expire the cookie, close browser with and without javascript, etc.

    The only thing that works is if i close the browser, but i can not redirect after closing a browser, so what options do i have? please help
     
    wak0, Dec 15, 2009 IP
  2. aquilax

    aquilax Member

    Messages:
    126
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    33
    #2
    What kind of authentication are you using? If it's Basic access authentication, consider this:

    Existing browsers retain authentication information until the tab or browser is closed or the user clears the history. HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without closing the browser. This is a significant defect that requires browser manufacturers to support a 'logout' user interface element or API available to JavaScript, further extensions to HTTP, or use of existing alternative techniques such as retrieving the page over SSL/TLS with an unguessable string in the URL.

    http://en.wikipedia.org/wiki/Basic_access_authentication
     
    aquilax, Dec 15, 2009 IP
  3. wak0

    wak0 Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Excelent, now it make sense.

    So there is no way around this then. How does gmail, hotmail or amazon do it?

    i need to implement the same thing!!

    any advice
     
    wak0, Dec 15, 2009 IP
  4. pom4ik

    pom4ik Greenhorn

    Messages:
    31
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    16
    #4
    hi,

    what I have done a number of time on different .net projects is store the status of the user in a session variable or cookie or any other mean that can be read by other pages on the site.

    on all the pages that require the user to the logged in i check the status of that variable.

    if they are logout the value changed and the pages are redirected or the content is not loaded from DB...

    hope it helps..

    cheers.
     
    pom4ik, Dec 15, 2009 IP
  5. wak0

    wak0 Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    The issue here is that there is no form authentication. this is just a plain password protected folder that when you try to access it ask you for AD credentials. I need a system that when i log out it ask for credentials again.

    if you have a system that works would you mind copying and pasting the code you use, maybe i can implement and finally finish this long awaited project to end.
     
    wak0, Dec 16, 2009 IP
  6. camjohnson95

    camjohnson95 Active Member

    Messages:
    737
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    60
    #6
    You can't just use built-in authentication. You need to create your own using ASP, PHP or some other server-side programmg. For example, you would have:
    login.asp (authenticates the user, creates a Session cookie, and redirects to 'yourpage.asp').
    yourpage.asp (checks the Session cookie exists, shows page if it does and contains correct credentials).
    logout button (clears the Session cookie and redirects to home page)
     
    camjohnson95, Dec 20, 2009 IP
  7. SIPHILP

    SIPHILP Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Windows authentication works at the IIS level by passing your Windows authentication token. Since authentication occurs at the IIS level you cannot actually log out from application code.

    Have a look at :

    http://visualstudiomagazine.com/articles/2004/05/01/activate-windows-impersonation-selectively.aspx

    Hope this helps :)

    Si
     
    SIPHILP, Dec 20, 2009 IP
  8. wak0

    wak0 Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    it does, thanks. approaching in a different direction now based on your help. thanks
     
    wak0, Dec 21, 2009 IP
  9. wak0

    wak0 Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Quesiton

    I found bunch of articles to help me configure my login, logout and default page

    and one of them have this line

    If this login page will be for a group of people, what do i replace the following with

    CN=Users,DC=testdomain,DC=test,DC=com

    do i actually type /dc=something here or /something here

    Set objUser = GetObject("LDAP://MySvr.MyDom.com/CN=Users,DC=testdomain,DC=test,DC=com")
     
    wak0, Dec 21, 2009 IP
  10. AlokZanwar

    AlokZanwar Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    As per my View your issue is user is able to visit his or her or others profile without doing login by just putting the url string.If is it the issue Then according to me you should try the following code.

    login page:
    plz put those code in if block because u have to tally this one with your database ass well.
    session["username"]=login.text;
    session["pwd"]=pwd.text;

    Home page:
    if(Session["username"]&& session["pwd"]!=null)
    {
    redirect.write("Login successfully");

    }


    I hope this will work.
     
    AlokZanwar, Dec 21, 2009 IP
  11. wak0

    wak0 Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    actually, each user have their own login, they cant not access the site if they dont have the actual credentials. the content inside is the the same for everyone yes.

    but the problem i am having is i cant find any guides on how to build a authentication form using AD (no xml) in aspx

    everything relates to visual basic but i dont know or have visual basic, only dreamweaver.
     
    wak0, Dec 22, 2009 IP