locked
How to add a session app to my member pages? RRS feed

  • Question

  • User-250910258 posted

    Hello, i need some help.  I am still new to asp.net so tasks that i use to do in Coldfusion i am having difficulties with here.

    So, I have several member types on my website, which i identify through "Roles".  I can direct user upon login to the correct folder... with this:

    ***********************************

    @if ( Roles.IsUserInRole("buyer")) {
        <span> Welcome Buyer: <b>@WebSecurity.CurrentUserName</b>! </span>
        
    }
    else {
         Response.Redirect("~/AdminError");
    }

    ***********************************

    however, now i would like to create a session state that will store:

    1.  the user "id"

    2.  the user "fitstName"

    3.  the session "timeout"

    Each page in the member folder requires verification and if the user is inactive i want to end the session hence, requiring the user to login again.

    Any suggestions?  Thanks.

    Wednesday, August 28, 2013 5:59 PM

Answers

  • User-821857111 posted

    If you are using the WebSecurity helper, that suggest you are already using Forms Authentication. By default they will be logged out after 30 minutes of inactivity. You can change this to 20 minutes (or any othe value) in the system.web section of your web.config:

    <authentication mode="Forms">
        <forms timeout="20" />
    </authentication>

    Forms timeout and sessions have nothing to do with eachother.

    You can already get the user name and ID from the WebSecurity helper properties CurrentUserName and CurrentUserId. And you can protect an entire folder by adding a _PageStart.cshtml file to it with just

    @{
        WebSecurity.RequireAuthenticatedUser();
    }

    in it. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 29, 2013 6:55 AM
  • User379720387 posted

    To answer your question you can expand the _PageStart functionality by adding

    WebSecurity.RequireRoles("youruserrolehere");
    

    Or you can lump all your protected files in one single folder (for instance "members") have the _PageStart file in that folder as per Mike's suggestion, then add my suggestion to each and every file, selecting the user role you need for that particular file.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 29, 2013 8:29 AM

All replies

  • User-1006641900 posted
    <p>Althogh you can do this simply (Session[&quot;id&quot;]=User Id, Session[&quot;firstName&quot;]=User First Name, Session.TimeOut=time out in milliseconds), but I would suggest you to visit the following link, it will help you understand how authentication, authorization and session states work in asp.net:</p> <p><a href="http://msdn.microsoft.com/en-us/library/7t6b43z4(v=vs.100).aspx">http://msdn.microsoft.com/en-us/library/7t6b43z4(v=vs.100).aspx</a></p> <p></p> <p>Forms authentication is the most widely used authentication method.</p>
    Wednesday, August 28, 2013 6:09 PM
  • User-821857111 posted

    If you are using the WebSecurity helper, that suggest you are already using Forms Authentication. By default they will be logged out after 30 minutes of inactivity. You can change this to 20 minutes (or any othe value) in the system.web section of your web.config:

    <authentication mode="Forms">
        <forms timeout="20" />
    </authentication>

    Forms timeout and sessions have nothing to do with eachother.

    You can already get the user name and ID from the WebSecurity helper properties CurrentUserName and CurrentUserId. And you can protect an entire folder by adding a _PageStart.cshtml file to it with just

    @{
        WebSecurity.RequireAuthenticatedUser();
    }

    in it. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 29, 2013 6:55 AM
  • User379720387 posted

    To answer your question you can expand the _PageStart functionality by adding

    WebSecurity.RequireRoles("youruserrolehere");
    

    Or you can lump all your protected files in one single folder (for instance "members") have the _PageStart file in that folder as per Mike's suggestion, then add my suggestion to each and every file, selecting the user role you need for that particular file.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 29, 2013 8:29 AM
  • User-250910258 posted

    Thanks All, great advise!

    Friday, August 30, 2013 6:58 AM