How can I handle forms authentication timeout exceptions in ASP.NET?

by

This is why many systems include timers on the page to give approximate timeout times. This is tough with interactive pages. You really need to hook ajax functions and look at the return status code, which is a bit difficult.
One alternative is to use code based on the following which runs early in the page lifecycle and perform an ajax redirect to a login page. Otherwise you are stuck trying to intercept the return code from ajax and in asp.net where the ajax is done ‘for you’ (ie not a more manual method like jQuery) you lose this ease of detection.

http://www.eggheadcafe.com/tutorials/aspnet/7262426f-3c65-4c90-b49c-106470f1d22a/build-an-aspnet-session-timeout-redirect-control.aspx

for a quick hack you can try it directly in pre_init
http://forums.asp.net/t/1193501.aspx

Edit
what is wanted are for forms auth timeouts, not session timeouts. Forms auth timeouts operate on a different scale than session timeouts. Session timeouts update with every request. Forms auth tickets aren’t actually updated until half of the time goes by. So if you have timeouts set to an hour and send in one request 25 minutes into it, the session is reset to an hour timeout, the forms auth ticket isnt touched and expires in 35 minutes! To work around this, sync up the session timeout and the forms auth ticket. This way you can still just check session timeouts. If you don’t like this then still – do the below and sync up the timeouts and then parse the auth ticket and read its timeout. You can do that using FormsAuthentication.Decrypt – see:

Read form authentication cookie from asp.net code behind

Note that this code requires that upon login you set some session value – in this case its “UniqueUserId”. Also change the login page path below to fit yours. 


protected void Application_PreRequestHandlerExecute(object sender, EventArgs e)
        {
            //Only access session state if it is available
            if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
            {
                //If we are authenticated AND we dont have a session here.. redirect to login page.
                HttpCookie authenticationCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
                if (authenticationCookie != null)
                {
                    FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt(authenticationCookie.Value);
                    if (!authenticationTicket.Expired)
                    {
                        if (Session["UniqueUserId"] == null)
                        {
                            //This means for some reason the session expired before the authentication ticket. Force a login.
                            FormsAuthentication.SignOut();
                            Response.Redirect("Login.aspx", true);
                            return;
                        }
                    }
                }
            }
        }

More Related Contents:

  1. How do I run this code
  2. In C#, what is the difference between public, private, protected, and having no access modifier?
  3. System.MissingMethodException: Method not found?
  4. How can I create a dynamic button click event on a dynamic button?
  5. Dynamically Created Controls losing data after postback
  6. GridView must be placed inside a form tag with runat=”server” even after the GridView is within a form tag
  7. .NET – What’s the best way to implement a “catch all exceptions handler”
  8. How to get client date and time in ASP.NET?
  9. Troubleshooting BadImageFormatException
  10. Json.NET serialize object with root name
  11. Passing data to Master Page in ASP.NET MVC
  12. Pattern for calling WCF service using async/await
  13. Get text/value from textbox after value/text changed server side
  14. Queuing in OneWay WCF Messages using Windows Service and SQL Server
  15. Image.FromStream() method returns Invalid Argument exception
  16. Best practices: throwing exceptions from properties
  17. When `PostAuthenticateRequest` gets execute?
  18. Could not load file or assembly ‘Microsoft.ReportViewer.Common, Version=11.0.0.0
  19. Encrypting Web.Config
  20. Application_Error in global.asax not catching errors in WebAPI
  21. Exception.Message vs Exception.ToString()
  22. Validating file types by regular expression
  23. Why do we need a private constructor?
  24. The model item passed into the dictionary is of type ‘mvc.Models.ModelA’ but this dictionary requires a model item of type ‘mvc.Models.ModelB‘
  25. Is there a built in .NET exception that indicates an illegal object state?
  26. Memory Mapped Files .NET
  27. Authentication Service using WCF
  28. System.web.mvc missing
  29. How to convert DataTable to class Object?
  30. How to implement Security Protocols TLS 1.2 in .Net 3.5 framework

Leave a Comment