net application, i have one intermediate page(index.aspx) between login.aspx and default1.aspx.
The job of index.aspx page is to check authenticated user role and then just redirect request to valid defaultpage i.e default1.aspx, default2.aspx, default3.aspx.
For this type of requirement our loginpage rendering time is more also after authentication default page rendring time is also high.
For login page it will take around 30-40 sec for first client request.
Please suggest me right way to solve this so that login page come as soon as possible.
Are you sure this isn't just ASP.NET startup time, effectively? I suggest you create an unauthenticated page which just has static text, just for test purposes - I suspect that will take just as long as your login page.
If it's not startup time, I suggest you sprinkle your login page with logging so you can see exactly when it's got to which bit of code - that should help you track down the bottleneck. While you're waiting for the login page, is the CPU busy on the server?
why don't you use asp.net authentication membership class?
Judging by your question, it doesn't seem that you are.
Related
I'm working in Asp.NET MVC, and am trying to display a message to the user on the login page to inform them they've been logged out. I've got a Client side timer event which essentially fires a request that kills the Forms Authentication and Abandons the session, then forces a page reload which fires the FormsAuthentication redirect to the login page.
It's working pretty well overall, but I'm wondering how I can display a message to the user on the login page to say why it is they've suddenly been redirected. I was storing a flag in TempData, but now that I'm needing to clear Session as well that's not being retained.
I'm currently just loking for a returnUrl in the querystring which is ok but not great - is there a better way to detect to pass a message through that the user has been logged out?
Thanks in advance.
I'm trying to implement a web-view web part in sharepoint that will load up a small 'widget'y type thing I've got hosted on our local IIS. I desire to only show this web part to particular users, but cannot use the 'target audiences' feature of Sharepoint as we only use Foundation an the feature isn't present.
I'm currently attempting to use Windows authentication on the page, and it works fine for allowed users seamlessly infact - however, I was hoping there was a way if the user is denied, they don't get a popup asking for credentials, it would just redirect them to a blank page, thus the web part 'doesn't show' for them.
Is this possible using Windows authentication or do I need to use forms authentication against Active Directory and make them use a form to login? Can Forms Authentication be configured to seamlessly use AD groups and only show a login page when 'denied'?
Cheers
After trying about a million different solutions that all basically led back to the problem of..
It's a pain to check if a user is authenticated before the 401 error is sent - as there is an initial 401 sent to the browser which then prompts for it for authentication..
I came up with a quick and dirty solution, as the project is small and not worth investing much more in.
I placed a very simple check in the page_load event like so, that checks for username if it isn't a postback (first load), and redirects if the static user list isn't found. Far far far from prfect, but it'll do.
if (!Page.IsPostBack)
{
var user = Request.LogonUserIdentity.Name.ToLower().ToString();
if (user != "domain\\user")
{
Response.Redirect("/path/to/redirect/to.html");
}
}
I am wanting to know when is the earliest point I can load additional user specific data like permissions into a session object right after login. I am using the membership provider but the data to be loaded is from a custom table. Session start is too late and I have tried the master page.
I'm also wondering where to put that logic to load the additional data.
I know it would be right after the user is authenticated but where? Global, login page, master page, default page etc.
Any advice would be great.
The earliest is obviously right after the user is authenticated. In other words, you should do it immediately your database call to confirm user credentials is successful.
The exact point it's difficult to tell without seeing your code. You may have user authentication logic on your login page (not a good architecture but it's quite common to see this) or you may have the logic on a business layer or a data access layer. You didn't show a piece of code as to tell you where makes more sense for you to have it but it's definitely within the login page or a call to another class made from the login page.
It is definitely not MasterPage or Global.asax
I have an asp.net website using the SQL ASP.net membership system. When users are logged in to the website and are inactive for 20 minutes, they get sent to the login page on the next page request. I would like to show some text on the login page that says "you were logged out due to inactivity" when this happens. Is there a built-in way to do this? Or any other ways I could distinguish why the user has been sent to the login page (for inactivity or some other reason)? I have scoured SO and Google but haven't been able to come up with anything.
The reason we need to do this is because we recently migrated from a previous version of the website that was lax about security and didn't have auto logout, so we're getting lots of feedback from users thinking there's something wrong with the website when they are prompted to login again.
Thanks in advance.
It is better to use javascript for this and be proactive about it, showing the timeout remaining if possible otherwise just alerting the user with a messagebox showing that his session has timed out and then redirecting him to the login page. Have a look here for a simple example.
To redirect him to the login page add the following to the below line as in the example:
alert("Your current Session is over."); window.location = "YourLoginPage.aspx";
For purposes of closure, I'll answer my own question. I couldn't find a clean way of doing what I'd like, so I ended up setting a cookie with the login time after the user logs in. Then on the login form page, I see if the login time in the cookie is greater than 30 minutes old (my auth timeout in asp.net) and display a "logged out due to inactivity" message. Otherwise it doesn't display the message.
Not great, but it seems to work. Satisfies the requirement for the vast majority of our users.
i am writing a login page in asp.net c# not using login control.
i can create account and log in without problems as a user.
the pages that require login has a separate master page.
and i want to check if the user is logged in in masterpage page_preinit function
but the problem is that child page event functions are called before masterpage's so i could experience a problem like session expire in child page before i get to check it in master page. is there anyway around this?
ok found the event im looking for. second one on the list
http://msdn.microsoft.com/en-us/library/dct97kc3.aspx
Are you using FormsAuthentication? You shouldn't need to worry about this. Authentication happens in the IIS pipeline before the Request is handed off to your Page object, and if the user's authentication fails, it will never get there, being redirected to the login page instead.
None of your PreInit code should be called by an unauthenticated user if the page is protected by FormsAuthentication.
This is one of many reasons why rolling-your-own authentication is a risky approach. There are lots of corner cases.
Since you're storing the user ID in the Session object, then once the session expires, you can't access it any more; it doesn't matter if it's from the child page or the Master page.
Instead of using Session, it would be better to use cookies. You could have a long life on the cookie itself, with the login expiration time encoded in the value of the cookie or kept in the database, keyed by the value of the cookie. That way, the session could expire, but you would still be able to refresh it or take some other action, rather than just reporting an error.