Page referrer

Request.ServerVariables[“HTTP_REFERER”]

Advertisements

Application_AuthenticateRequest in Global.asax

In Global.asax file:

protected void Application_AuthenticateRequest(object sender, EventArgs e) {

string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

if (null == authCookie) {
// There is no authentication cookie.
return;
}

FormsAuthenticationTicket authTicket = null;
try {
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
} catch (Exception ex) {
Logger.LogError(ex); // Log exception details (omitted for simplicity)
return;
}

if (null == authTicket) {
// Cookie failed to decrypt.
return;
}
FormsIdentity id = new FormsIdentity(authTicket);

// This principal will flow throughout the request.
string[] roles = new string[] { “user” };
MyPrincipal principal = new MyPrincipal (id, roles);
principal.User = LoginHelper.GetUserFromCookieString(authTicket.UserData);// Attach the new principal object to the current HttpContext object
Context.User = principal;
}

MyPrincipal .cs file:

public class MyPrincipal : GenericPrincipal {
string _user;

public AeDpPrincipal(IIdentity id, string[] roles)
: base(id, roles) {
}
public string User {
get { return _user; }
set { _user = value; }
}
}

LoginHelper.cs file:

public static class LoginHelper {

public static void LogIn(UserInfo user, bool rememberMe, bool redirect) {

if (user != null)
int ticketExpiration = Convert.ToInt32(ConfigurationManager.AppSettings[“loginTimeout”]);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
user.Id.ToString(),
DateTime.Now,
DateTime.Now.AddMinutes(ticketExpiration),
true,
user.SerializeForCookie(),
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
//authCookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(authCookie);

if (redirect)
HttpContext.Current.Response.Redirect(“~/ReservationList.aspx”);
}

public static string GetUserFromCookieString(string cookieString) {
string user = string.Empty;
string[] userParts = cookieString.Split(‘|’);
user =userParts[0];
return user;
}
}

Example for serialize business object
public string SerializeForCookie() {
StringBuilder sb = new StringBuilder();
sb.Append(this.Id);
sb.Append(“|“);
sb.Append(this.FirstName);
sb.Append(“|“);
sb.Append(this.LastName);
sb.Append(“|“);
sb.Append(this.Email);
return sb.ToString();
}

Asp.net session expiry redirect to page

Session_End is fired internally by the server, based on an internal timer. Thus, there is no HttpRequest associted when that happens. That is why Response.Redirect or Server.Transferdoes not make sense and will not work.

Solution: use a BasePage and add this code in its PageLoad event. This way the meta info will be added to all the pages that inherit from this BasePage and they will redirect after 5 seconds of the Session timeout.

private void Page_Load(object sender, System.EventArgs e){

Response.AddHeader(“Refresh”,Convert.ToString((Session.Timeout * 60) + 5));
if(Session[“IsUserValid”].ToString()==””)
Server.Transfer(“Relogin.aspx”);
}

In the above code, The WebPage.aspx is refreshed after 5 seconds once the Session is expired. And in the page load the session is validated, as the session is no more valid. The page is redirected to the Re-Login page. Every post-back to the server will refresh the session and the same will be updated in the Meta information of the WebPage.aspx.

Alternative:

Asp. net push redirect on session timeout

asp.net session expiry redirect to login page