Last post Feb 14, 2012 01:23 PM by NoBullMan
Feb 02, 2012 05:35 PM|NoBullMan|LINK
Can someone tell me what is the best method to handle timout issues in an Intranet application, since user is always logged in?
I have a default.aspx that is used to set session variables when user first logs in. He is then redirected to application's main page. If he times out, I display a timeout page which redirects user to default.aspx again to rest session variables using his
One drawback is that when a user bookmarks a page and restarts his PC and tries to access the application using the bookmarked page, becuase his session variables are not set he is sent to timeout page which is confusing.
Also, when he times out all that is done is to redirect the user to main page, nothing else is required.
One suggestion I saw was using form-based authentication and AD (http://stackoverflow.com/questions/6147864/asp-net-mvc-authenticate-users-against-active-directory-but-require-username)
I appreciate your expert opinions.
Feb 04, 2012 12:09 AM|roopeshreddy|LINK
You can store a bool variable in the Session after successful login! You can check this variable on every Page_Load event! If it is false, you can always redirect him to login page!
Hope it helps u...
Feb 08, 2012 11:36 AM|NoBullMan|LINK
Thanks for the reply.
This is what I am doing. I am not using a bool variable but another session variable that is checked in every page's Page_load and if it is null I send them to session timeout page.
The problem is when someone bookmarks a page and then the next day opens the browser and clicks on the bookmarked page. On that page's Page_Load becasue the session variable is null, they see timeout page whcih is confusing and undesirable. Becasue this
is Windows authenitcation, there is no login page I can send the user to. I am trying to avoid sending users who bookmark a page other than the default page to the timeout page.
Feb 08, 2012 09:58 PM|Dino He - MSFT|LINK
I think you need to redirect this kind of pepole to login page , and then redirect them to the bookmark page that's a solution.
Make sure you design is reasonable.
Hope it helpful.
Feb 09, 2012 12:18 PM|NoBullMan|LINK
This is what my problem is; there is no login page. Users login using Windows authentication, the usual Windows login dialog box opens and users log in.
How do I distinguish if it is a user who just timed out because of inactivity, when he had already logged in and entered the site; or it is a user who bookmarked one of the pages and now tries to open it and the Page_Load of this page checks the session
variable and it is null and just sends him to timeout page?
Feb 09, 2012 12:24 PM|NoBullMan|LINK
Another option would be if I could somehow change the bookmark link when user seelcts "Add To Favorites" from browser. If they are in page "SomePage.aspx" and choose to add it to yur favorites list, and I cluld intercept and change it "Default.aspx?url=SomePage.aspx"
then they will be forced to login when they open the page and then be redirected to SomePage.aspx.
Feb 09, 2012 11:12 PM|roopeshreddy|LINK
Generally Web App will have login page and users authentiacted with that! In your case you don't have one!
So it will work like if any request is happened it automatically pop up the windows login credentials dialog right!
What you can do is, maintain two variables - one for Session and other for authentication!
Check the authentication before session variable and redirect users to login page/Home page/Index page!
If above solution didn't work for you, then you have to rethink about your design!
Feb 10, 2012 07:30 PM|NoBullMan|LINK
This is an intranet app and doesn't require a login page. users have to use their Windows (AD) crdetials to login.
Can you elaborate on what you mean by maintaining two variables? If session expires, I am assuming all session variables expire or become null. Maybe a sample code?
Feb 11, 2012 09:34 PM|roopeshreddy|LINK
Yeah, by default it takes the Windows Login Credentials to authenticate!
You can have authentication session variable - Session["IsAuthenticated"] = true/false.
Check the above session variable on every page load!
You have to check the above condition first.
Feb 13, 2012 10:31 AM|NoBullMan|LINK
Sorry, I must be missing something here. There is no "Login.aspx" page. This is not form-based authentication, so what good would it do to send them to login.aspx if authentication is done by Windows login prompt?
Feb 14, 2012 01:23 PM|NoBullMan|LINK
I changed the login format to use AD and Forms. This way the user who bookmarks any page will be redirected to login page. This seems to have solved my issue.
However, I will mark your response as answer to get the credits since you responded to my questions a few times. Thanks,