You could also access specific tickets user in a HttpModule by hooking
and using an interface IHttpModule.
You will also need to add a refereance to web.config for your HttpModule.
Good Luck
public class FormsAuthSessionEnforcement : IHttpModule
{
private static string _provider = "FiPort_MembershipProvider";
public FormsAuthSessionEnforcement() { }
public void Init(HttpApplication context)
{
context.PostAuthenticateRequest += new
EventHandler(OnPostAuthenticate);
}
//If the user was authenticated with Forms Authentication
//Then check the session ID.
if (context.User.Identity.IsAuthenticated == true)
{
if (context.User.IsInRole("ServiceProviders"))
{
_provider = "FiPort_MembershipProviderEx";
}
MembershipUser loginUser =
Membership.Providers[_provider].GetUser(authTicket.Name, false);
Guid currentSession;
//If there isn't any session information in Membership at
this point
//then it is likely the user logged out, and an old cookie is
//being replayed.
if (!String.IsNullOrEmpty(loginUser.Comment))
{
string currentSessionString =
loginUser.Comment.Split("|".ToCharArray())[1];
currentSession = new
Guid(currentSessionString.Split(";".ToCharArray())[1]);
}
else
{
currentSession = Guid.Empty;
}
//If the session in the cookie does not match the current
session as stored
//in the Membership database, then terminate this request
if (guid != currentSession)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.