locked
checking authentication RRS feed

  • Question

  • User-2060576634 posted

    hi everyone..I'm trying to check user authentication at intervals using this code and logic but I'm not getting results. can somebody say whats wrong?

    <script type="text/javascript">
        setInterval(function () {
            if (@!WebSecurity.IsAuthenticated) {
                $(location).attr('href', 'http://localhost:12718/Account/login');
            }
        }, 5000);
    </script>

    Sunday, April 5, 2015 9:22 PM

Answers

  • User-821857111 posted

    I can't see how it will ever work the way you want it to work. And I'm not sure what it's supposed to do in any event. The framework will redirect them to the login page if they get logged out. If you actually wanted to check whether someone is currently logged in, you would have to make an AJAX request to a server-side bit of code, and doing that every 5 seconds will keep them logged in.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 6, 2015 4:08 AM
  • User-821857111 posted

    If the user isn't initially unauthenticated, you can use the code below,
    if(!WebSecurity.IsAuthenticated)
    {
    
        Response.Redirect("~/login_page");
    
    }

    Or more imply, you can protect the page(s) by adding WebSecurity.RequireAuthenticatedUser() to the top of it or a PageStart file in the same folder. Then the user will automatically be redirected to the default login page as specified by the framework, or overridden in the web.config file. If you use AJAX to check if the user is logged in, you will automatically keep them logged in which is kind of self-defeating as I mentioned before.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 6, 2015 6:02 AM

All replies

  • User-821857111 posted

    Try this instead:

    <script type="text/javascript">
        setInterval(function () {
            var authenticated = @(WebSecurity.IsAuthenticated.ToString().ToLower());
            if (!authenticated) {
                location.href ='http://localhost:12718/Account/login';
            }
        }, 5000);
    </script>

    Monday, April 6, 2015 12:45 AM
  • User-2060576634 posted

    Try this instead:

    thanks a lot mike. it actually works if the user has been initially unauthenticated. but not if the user is initially authenticated and unconsciously gets logged out before the timeout. the goal is to notify the user to login in case of getting logged out (eg. due to session expiration). is there any way to solve this?   

    Monday, April 6, 2015 2:01 AM
  • User-821857111 posted

    I can't see how it will ever work the way you want it to work. And I'm not sure what it's supposed to do in any event. The framework will redirect them to the login page if they get logged out. If you actually wanted to check whether someone is currently logged in, you would have to make an AJAX request to a server-side bit of code, and doing that every 5 seconds will keep them logged in.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 6, 2015 4:08 AM
  • User-1078840699 posted

    Hello mdehghani,

    I remember reading on MSDN or someplace, the WebSecurity.IsAuthenticated does not work until the page is fully loaded. Meaning if you login a user in a page and in the same flow of code you check IsAuthenticated, it will NOT return True. For IsAuthenticated to be True the page has to be reloaded or use the better practice; which is to redirect the user to another secured page as soon as the login is successful and in that page check IsAuthenticated.

    Sunday, April 12, 2015 3:50 PM
  • User-2060576634 posted

    the page I'm talking about IS secured(member-only) and the page IS loaded at the time of authentication check because we want to check it after a timeout.

    Sunday, April 12, 2015 3:55 PM
  • User-166373564 posted

    Hi mdehghani,

    As Mikes mentioned, you could consider using Ajax to check whether someone has already logged in, it is not good practice using  if (@!WebSecurity.IsAuthenticated) to do that.

    If the user isn't initially unauthenticated, you can use the code below,

    if(!WebSecurity.IsAuthenticated) {
       
    Response.Redirect("~/login_page");
    }

    hope it helps.

    Regards

    Tuesday, May 5, 2015 10:35 PM
  • User-735851359 posted

    You can increase the session expiration time..

    Wednesday, May 6, 2015 2:39 AM
  • User-821857111 posted

    Sessions have nothing to do with the forms authentication timeout that logs people out when you use the WebSecurity helper.  FormsAuthentication timeout is completely separate.

    Wednesday, May 6, 2015 5:58 AM
  • User-821857111 posted

    If the user isn't initially unauthenticated, you can use the code below,
    if(!WebSecurity.IsAuthenticated)
    {
    
        Response.Redirect("~/login_page");
    
    }

    Or more imply, you can protect the page(s) by adding WebSecurity.RequireAuthenticatedUser() to the top of it or a PageStart file in the same folder. Then the user will automatically be redirected to the default login page as specified by the framework, or overridden in the web.config file. If you use AJAX to check if the user is logged in, you will automatically keep them logged in which is kind of self-defeating as I mentioned before.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 6, 2015 6:02 AM
  • User-2060576634 posted

    If you use AJAX to check if the user is logged in, you will automatically keep them logged in

    I guess you're right mike.. I think I'm obsessed with making sure the user is kept logged in

    Wednesday, May 6, 2015 2:49 PM
  • User-821857111 posted

    If you want to keep a user logged in, you can extend the formsauthentication timeout period to a very long time, say 6 hours. That should be long enough for most periods of inactivity during the working day.

    Wednesday, May 6, 2015 4:38 PM
  • User-2060576634 posted

    extend the formsauthentication timeout period to a very long time

    I've tried that before but unfortunately, it appears that i can't override the server settings without the supervision of the server administrator.. seems to be set to 20 minutes.

    Wednesday, May 6, 2015 6:06 PM
  • User-821857111 posted

    You should be able to set it in your web.config on a site by site basis.

    <system.web>
        <authentication mode="Forms">
              <forms timeout="360"/>
        </authentication>
    </system.web>



    Thursday, May 7, 2015 1:51 AM