You should do that in a _PageStart.cshtml file. This way, the check is done for each page being requested.
Place the _PageStart.cshtml file in the root of your "protected zone" folder of the project.
Marked as answer by jmbishop on Sep 16, 2011 05:12 AM
To build on what Scall says, you should add WebSecurity.RequireAuthenticatedUser() to a PageStart file which will protect all files in the folder or subfolders. By default, the user will be directed to ~/Account/Login, but you can change that in your web.config
by addin ghe following:
You can use Session_End event in Global.asax and Response.Redirect to redirect to the login on session expiration...
No you can't
Session_End is fired internally by the server, based on an internal timer. Thus, there is no HttpRequest associted when that happens. That is why Response.Redirect or Server.Transferdoes not make sense and will not work.
I'm using the WebSecurity.RequireAuthenticatedUser() on each of my secure pages. I didn't know I could put it in one place though so I'll definitly create a _PageStart.cshtml file.
However, what I'm actually hoping to accomplish is that the browser will redirect back to the login page after the session expires without the user having to try to access another secure file. So if the user leaves there computer for an extended period of
time and then returns after the session has expired they will find that their browser is back on the login page. Your banking website probably has this functionality because it contains personal data.
When I did this with a similar project in Cold Fusion I had to use a javascript to achieve this but I wanted to see if there was a .NET way.
That's kind of what I figured but I wanted to be sure since the WebSecurity helper seems to have a lot of built in functionality.
Is there a similar feature to no-cache that prevents the browser from caching the page content so the user can't view the secure page content by hitting the back button after logging out or the session has expired?
Thanks again. Looking forward to your book in the fall.
Jerrod
jmbishop
Member
99 Points
34 Posts
Redirecting user to login when session expires
Sep 15, 2011 05:44 AM|LINK
Is there a built in feature to WebSecurity that can handle redircting the user to the login page when a session goes idle?
If not, what would be the best method for handling this in WebMatrix? A javascript perhaps?
Thx,
JB
v.arunkarthi...
Participant
1247 Points
341 Posts
Re: Redirecting user to login when session expires
Sep 15, 2011 05:55 AM|LINK
in ur page load add this
if (Session["id"] == null) { Response.Redirect("login.aspx"); } else { //enter ur landing page }karthik..
Please mark as Answer if it helps. !!???
Scal
Member
400 Points
129 Posts
Re: Redirecting user to login when session expires
Sep 15, 2011 02:37 PM|LINK
You should do that in a _PageStart.cshtml file. This way, the check is done for each page being requested.
Place the _PageStart.cshtml file in the root of your "protected zone" folder of the project.
Mikesdotnett...
All-Star
154852 Points
19855 Posts
Moderator
MVP
Re: Redirecting user to login when session expires
Sep 15, 2011 03:13 PM|LINK
To build on what Scall says, you should add WebSecurity.RequireAuthenticatedUser() to a PageStart file which will protect all files in the folder or subfolders. By default, the user will be directed to ~/Account/Login, but you can change that in your web.config by addin ghe following:
<appSettings> <add key="loginUrl" value="~/FolderName/FileName" /> </appSettings>Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
Gayomard Meh...
Participant
964 Points
241 Posts
Re: Redirecting user to login when session expires
Sep 15, 2011 04:29 PM|LINK
You can use Session_End event in Global.asax and Response.Redirect to redirect to the login on session expiration...
hans_v
All-Star
35986 Points
6550 Posts
Re: Redirecting user to login when session expires
Sep 15, 2011 04:36 PM|LINK
No you can't
Session_End is fired internally by the server, based on an internal timer. Thus, there is no HttpRequest associted when that happens. That is why Response.Redirect or Server.Transferdoes not make sense and will not work.
Gayomard Meh...
Participant
964 Points
241 Posts
Re: Redirecting user to login when session expires
Sep 15, 2011 04:43 PM|LINK
I think your rt... sorry my mistake.
jmbishop
Member
99 Points
34 Posts
Re: Redirecting user to login when session expires
Sep 15, 2011 04:46 PM|LINK
I'm using the WebSecurity.RequireAuthenticatedUser() on each of my secure pages. I didn't know I could put it in one place though so I'll definitly create a _PageStart.cshtml file.
However, what I'm actually hoping to accomplish is that the browser will redirect back to the login page after the session expires without the user having to try to access another secure file. So if the user leaves there computer for an extended period of time and then returns after the session has expired they will find that their browser is back on the login page. Your banking website probably has this functionality because it contains personal data.
When I did this with a similar project in Cold Fusion I had to use a javascript to achieve this but I wanted to see if there was a .NET way.
Thx,
Jerrod
Mikesdotnett...
All-Star
154852 Points
19855 Posts
Moderator
MVP
Re: Redirecting user to login when session expires
Sep 15, 2011 05:57 PM|LINK
<script type="text/javascript"> window.setTimeout("Redirect()", @Session.Timeout * 60000); function Redirect(){ location.href = 'Default'; } </script>Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
jmbishop
Member
99 Points
34 Posts
Re: Redirecting user to login when session expires
Sep 16, 2011 05:14 AM|LINK
Mike,
That's kind of what I figured but I wanted to be sure since the WebSecurity helper seems to have a lot of built in functionality.
Is there a similar feature to no-cache that prevents the browser from caching the page content so the user can't view the secure page content by hitting the back button after logging out or the session has expired?
Thanks again. Looking forward to your book in the fall.
Jerrod