MVC 4 Redirect when session ends - asp.net-mvc-4

I have an mvc 4 application and I want to redirect to the login screen when the session times out.
Any idea how to do this?
Thanks

Add in web.config file
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" defaultUrl="~/" />
</authentication>
I think it will help too.

Did you try with creating your ActionFilterAttribute ?? Action filters allow you to overide OnActionExecuting and it calls before an action method and this can be applied to any of your controller and then write code in there to check for the expiration of a session. Try this I think it can help.

Had to do the following to fix this
Change the web config for the session worked
I was overriding the cookie on the Application_PostAuthenticateRequest event and had to update the expiry date.
set the form authentication to
httpOnlyCookies="true"
added javascript setInterval to pop up after 4 mins and call the logout script. abandon the session and log the user off
Seems to be working now.

Related

Regarding Authorize attribute usage in ASP.Net MVC 4

when we decorate any action with Authorize attribute then how MVC redirect to login form because my login controller name could be different and also view name also could be different. login view also could be stored in different folder instead of shared folder.
so tell me how MVC engine understand that it need to load login form when face Authorize attribute ?
how MVC engine would know where login form template is stored because it location could be different instead of shared folder?
how MVC engine would know what is login controller name if my login controller name is different ?
please discuss 3 points i asked here in details. thanks
The AuthorizeAttribute is a filter, which means that it can execute before the associated controller action. The AuthorizeAttribute performs its main work in the OnAuthorization method. If the user fails authentication, an HttpUnauthorizedResult action result is returned which produced an HTTP 401 status code. In previous versions of ASP.NET MVC the user redirected to the application login page defined in the application's web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
In ASP.NET MVC 5, the redirection process is handled by OWIN middleware components. It redirects unauthenticated requests to a LoginPath value, which
defaults to "/Account/Login":
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType =
DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});

403 forbidden error on IIS

I have an MVC4 Application deployed on my IIS server and the issue that i'm facing is, when i leave my application idle for 20min and perform my login post service call it is returning me 403 forbidden error,but the next subsequent service call succeeds.here is my code
LoginController:
FormsAuthentication.SetAuthCookie(Result.UserName, false);
return Json(new { url = Url.Action("Index", "Home") });
web.config:
<authentication mode="Forms">
<forms loginUrl="~/login/Login" timeout="20" />
</authentication>
Is there any setting related To IIS that i need to change?
B.T.W The idle timeout settings for my application pool is 20 min..
Regards
IIS7 shuts down the application when it receives no requests for a certain length of time.
There are two ways that you can handle this.
Modify the "Idle Timeout" value within the application pool. By default it will shutdown the application if there are no requests for 20 minutes
If you are using ASP.NET 4.0 you can use the new Auto-Start behavior to keep the app "Always Running" you can see this http://weblogs.asp.net/scottgu/archive/2009/09/15/auto-start-asp-net-applications-vs-2010-and-net-4-0-series.aspx post for examples on how to configure it.

How to extend a user's session in MVC 4 forms authentication via AJAX

I'm using Forms Authentication for an internal company website. I authenticate users against the local Active Directory server.
I have my Web.config file set up as follows:
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="~/Login" timeout="30" slidingExpiration="true" protection="All" defaultUrl="/" />
</authentication>
This works fine as long as a user moves to a new page, or refreshes the page they're on. However, much of my UI is based on javascript templating and AJAX, so it's quite possible for a user to be working on a page for longer than 30 minutes.
So, how do I query and/or extend how much time they have remaining in their session via an AJAX call? I don't need help with the AJAX call, just what I'd put in a controller (such as /user/keepalive)

Authentication causing duplicate page rendering

Let me try to explain this in english :).
I'm having trouble with the authentication in Mvc. I use my layout page to login and to show the other partial views with content.
I decorated the login methods with <AllowAnonymous()> _ to let people login into the page and in my webConfig i have the following entry:
<authentication mode="Forms">
<forms loginUrl="~/" timeout="2880" />
</authentication>
What's happening is when the session expires, the partial view renders the entire page again and i get the entire page twice (one inside the content).
Any help?
You may checkout the following article from Phil Haack which illustrates a nice technique allowing you to prevent the forms authentication module to automatically redirect to the LogOn page but return 401 status code. This could be done conditionally only for AJAX requests. And since the server now returns 401 status code you could detect it on your client side AJAX call and act accordingly.
Thks for the answer, but i solved my problem with the following post :
C# MVC: How to override configured authentication redirect?

Logging with asp membership from any page?

Is it possible?
It means i hope to create the widget to paste it at different pages on a site(or even in the master mage) to give users ability to quick login. Is it possible or all pages when login accessable have to be enumerated like this:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
As long as the page allows anonymous access, I don't see why this would be a problem. Just put a username/password field on the page and use the API to log them in:
if (Membership.ValidateUser(username, password))
{
FormsAuthentication.SetAuthCookie(username, true / false);
}
EDIT: You probably want to SSL any page with a password field on it.