ASP.NET Authentication Using [Authorize]

Question

ASP.NET Authentication Using [Authorize]

I have defined a controller to force authentication using the [Authorize] attribute. When the session expires, the request is still forwarded and executed instead of forcing a redirect.

I am using FormsAuthentication for login and logout.

Any ideas on how to control this?

Example:

[Authorize]
public class ProjectsController : Controller
{
    public ActionResult Index()
    {
        return View();
    }
}

+1

.net asp.net-mvc

IEnumerator 30 nov. '08 at 17:36

source to share

3 answers

ASP.NET uses the ASP.NET_SessionId cookie to track user sessions. ASP.NET uses the ASPXAUTH cookie (default) to track authenticated users.

When the session ends, the ASP.NET_SessionId cookie can no longer be sent by the client, but the ASPXAUTH cookie is still being sent, which may explain why your action is being displayed.

To override the default authentication values, you can look here . I also suggest you use the firebug extension to see exactly which cookies are being sent by the client.

+1

Darin Dimitrov 30 nov. '08 at 18:08

source to share

Based on your other question, I would suggest that you are not getting into this controller at all.

0

MrJavaGuy 30 nov. '08 at 18:12

source to share

Timothy Khouri · Accepted Answer · 2008-11-30T20:51:51+0000

Again, ASP.NET MVC is built on top of traditional ASP.NET. Yes, there is a "built-in authentication spike" ... this is the same membership API that traditional ASP.NET uses.

Meaning ... something else is a problem here. Maybe you've enabled rolling sessions ... or maybe the timeout is higher than you thought, etc.

ASP.NET Authentication Using [Authorize]

More articles: