How can I Unauthorize a .NET session

E

Edward Mitchell

I have an app that requires the user to login before accessing a
Register.aspx form. I am using Forms authorization so the lines in the
Web.config file are:

<authentication mode="Forms">
<forms loginUrl="Login.aspx">
</forms>
</authentication>

<authorization>
<deny users="?" /> <!--deny unauthorized users -->
<allow users="*" /> <!-- Allow all authorized users -->
</authorization>

Sure enough when the user browses to the page inside the folder they are
sent to the Login.aspx file. Inside this login file, I check the user
credentials and return to the original page via:

// return to the original page
FormsAuthentication.RedirectFromLoginPage(UserID.Text, false);

In the registration page the user enters some information and then clicks
the Submit button that puts stuff in the SQL server database and transitions
to a confirmation page.

The question now comes, how can I remove the authorization at this point.
If the user goes back to the Registration.aspx (the original page) they can
view the info directly. I want to make the user go through the Login.aspx
sequence again each time they push the Submit button on the information
collecting page.

I don't know how to unauthorize a user session from within the C# code that
is handling the Submit command.

I am using Visual Studio .NET 2003 and C#.

Any advice would be appreciated.

Ed
 
K

Kevin Yu [MSFT]

Hi Ed,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that when the user clicks the submit button,
you need him to login again. If there is any misunderstanding, please feel
free to let me know.

If you need the user login again, you can try to remove the authentication
ticket by calling FormsAuthentication.SignOut method. So next time, the
user's trying to access the registration page, he is required to login
again. You can check the following link for more information.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemWebSecurityFormsAuthenticationClassSignOutTopic.asp

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
E

Edward Mitchell

Kevin,

That worked like a charm. Just the functionality that I was looking for.

Thanks for the feedback.

Ed
 
K

Kevin Yu [MSFT]

You're welcome, Ed.

Thanks for sharing your experience with all the people here. If you have
any questions, please feel free to post them in the community.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication Not Redirecting To Login Page 1
Problem in forms auth, not going back to members page 2
Login page won't redirect to a Register (new account) page 3
Forms authentication page not called 7
Restrict access to Classic ASP pages in web.config 2
Forms Authentication and Login Pages 1
Authorization & Theme 1
Strange Session Restart 3

Top