1

I defined a Controller to force authentication by using the [Authorize] attribute. When a session times out, the request is still passed down and executed instead of forcing a redirect.

I do use FormsAuthentication to login and logoff users.

Any ideas on how to control that?

Example: 

[Authorize]
public class ProjectsController : Controller
{
    public ActionResult Index()
    {
        return View();
    }
}
Improve this question
3
  • I was going to ask this question separately, but as we're here, does ASP.NET MVC have inbuilt authentication shizzle? Thanks in advance. Commented Nov 30, 2008 at 17:38
  • In a quick and dirty test, this worked fine for me. Can you post your Web.Config file? Commented Nov 30, 2008 at 18:01
  • my web.config is standard out of the box with the simple addition of: <authentication mode="Forms"> <forms loginUrl="~/Account/Login"/> </authentication> Commented Nov 30, 2008 at 18:04

3 Answers 3

Reset to default
1

Again, ASP.NET MVC builds on top of traditional ASP.NET. Yes, there is an "built authentication shizzle"... it's the exact same Membership API that traditional ASP.NET uses.

Meaning... something else is the problem here. Maybe you have sliding sessions turned on... or maybe the timeout is higher than you thought, etc.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i had to turn off sliding sessions and it seems to of resolved it.
1

To track user sessions ASP.NET uses the ASP.NET_SessionId cookie. To track authenticated users ASP.NET uses the ASPXAUTH cookie (by default).

When a session times out the ASP.NET_SessionId cookie might no longer be sent by the client but the ASPXAUTH cookie is still sent which might explain why your action is rendered.

To override default forms authentication values you might take a look here. I also suggest you to use the firebug extension to see exactly which cookies are sent by the client.

Improve this answer

Comments

0

Based on your other question, I would guess you are not getting to this controller at all.

Improve this answer

2 Comments

i get into the controller but i am stuck within the Index method so i can't use the same controller for other methods because they all post back to the Index method. Example: a path like /projects/edit/1 would post the form to ProjectController method Index()
Sounds like you have either a form within a form on your page, or a bad routing setup. Can you post your routes and the view source from the page in question?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.