FormsAuthentication doesn't automatically redirect upon timeout

  • Thread starter Thread starter christine.nguyen
  • Start date Start date
C

christine.nguyen

I am using Forms Authentication under Windows Server 2003 in .NET
2.0. It appears that the auth ticket is expiring when it's supposed
to but it doesn't automatically redirect the user to the login page.
Here is some watered down sample code I had to put in the onLoad of my
page in order to properly redirect the user upon expiration of the
login. It appears that once the auth ticket is expired, the name of
the Identity is lost (which makes sense) and then I redirect the user.

protected override void OnLoad(EventArgs e)
string userName = HttpContext.Current.User.Identity.Name;
if(String.IsNullOrEmpty(userName)
Response.Redirect(redirectUrl);
}

My question is whether I really have to include such code in my page
to handle the the empty Identity name or should the framework be
redirecting on its own once the auth ticket has expired and the
identity name is empty?

Thanks,
Christine
 
Hi Christine,

Normally, you don't have to implement the redirection by yourself.
Specifiying the login url should solve your problem. By doing that, the user
must be automatically redirected to the login page at his/her first request
to a secured path.

<forms name=".aspxlogin" loginUrl="~/Login.aspx" />



--
All the best,
Coskun SUNALI
MVP ASP/ASP.NET
http://sunali.com
http://www.propeople.dk
 
Hello,

I do specify the login url in web.config, but for whatever reason it
doesn't redirect upon timeout when a secured resource is accessed.
Instead it throws an exception when I try to access and use the value
in HttpContext.Current.User.Identity.Name (which is now empty). This
is why i put code into the onLoad in order to prevent the exception.
Is there a reason why it wouldn't redirect even though I have the
login url specified in web.config?


Thanks,
Christine
 
Hi,

Sorry for my previous message. It has nothing to do with your problem.

Can you please attach a project in a zip file to reproduce the problem you
have.

I will try to correct it and send it back.

--
All the best,
Coskun SUNALI
MVP ASP/ASP.NET
http://sunali.com
http://www.propeople.dk
 
I figured out what the problem is, I needed to add the following setting to
the web.config.

<authorization>
<deny users="?" />
</authorization>

Thanks for trying to help!
Christine
 
Back
Top