FormsAuthentication redirect after timeout

  • Thread starter christine.nguyen
  • Start date


I am using Forms Authentication under Windows Server 2003 in .NET
2.0. It appears that the auth ticket is expiring when it's supposed
to but it doesn't automatically redirect the user to the login page.
Here is some watered down sample code I had to put in the onLoad of my
page in order to properly redirect the user upon expiration of the
login. It appears that once the auth ticket is expired, the name of
the Identity is lost (which makes sense) and then I redirect the user.

protected override void OnLoad(EventArgs e)
string userName = HttpContext.Current.User.Identity.Name;

My question is whether I really have to include such code in my page
to handle the the empty Identity name or should the framework be
redirecting on its own once the auth ticket has expired and the
identity name is empty?


Misbah Arefin

specifying the login url in the web.config file should solve your problem.
by doing that the user will be automatically redirected to the login page at
his/her first request to a secured path.

<forms name=".aspxlogin" loginUrl="~/Login.aspx" />



I do specify the login url in web.config, but for whatever reason it
doesn't redirect upon timeout when a secured resource is accessed.
Instead it throws an exception when I try to access and use the value
in HttpContext.Current.User.Identity.Name (which is now empty). This
is why i put code into the onLoad in order to prevent the exception.
Is there a reason why it wouldn't redirect even though I have the
login url specified in web.config?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question