|
.net
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
FormsAuthentication.SignOut() and User.IdentityFormsAuthentication.SignOut() removes the authorization ticket from a user (and the user's roles), but does not change the user's
identity. I need to be able to either revert the user to the "totally unauthenticated" state, or change his identity to a different state after SignOut(). Unfortunately, calling SetAuthCookie() after SignOut() doesn't change the identity. It's as if once an identiy is assigned, you're stuck with it for the entire session. How can I do this? - Mark The HttpContext.User.Identity property is get / set:
[C#] public IPrincipal User {get; set;} This *should* mean that you can set it to either null or some neutral Identity object. Hope that helps. Peter -- Show quoteHide quoteCo-founder, Eggheadcafe.com developer portal: http://www.eggheadcafe.com UnBlog: http://petesbloggerama.blogspot.com "Mark Olbert" wrote: > FormsAuthentication.SignOut() removes the authorization ticket from a user (and the user's roles), but does not change the user's > identity. > > I need to be able to either revert the user to the "totally unauthenticated" state, or change his identity to a different state > after SignOut(). > > Unfortunately, calling SetAuthCookie() after SignOut() doesn't change the identity. It's as if once an identiy is assigned, you're > stuck with it for the entire session. > > How can I do this? > > - Mark > Peter,
You got it in 1. Sometimes I wonder how programming got done before the internet... Thanks! - Mark Hi Mark
As for the Forms Authentication, the current User Identity is attached during the begining of each asp.net request (done in the FormsAuthentication's HttpModule....), in ASP.NET 1.1 we need to manually do this while asp.net 2.0 encapsulate this.... You can visit the following kb (discussing asp.net 1.1 forms authentication/role based ...) to get a clear view on this: http://support.microsoft.com/?id=311495 So the HttpContext.Current.User will remain there in during the ASP.NET request's serverside lifecycle.... And for your scenario when you explicitly use FormsAuthentication.SignOut to discard the current authentication ticket, you can make a Response.Redirect call right after it so as to let the client make a new request to the page (or any other protected page....), this time the User won't be set since there is no associated authenticated ticket.... BTW, the means Peter mentioned is also reasonable if you want the HttpContext.User get cleared during the same request lifecycle (without waiting until the sequential request...) Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | NNTP-Posting-Date: Thu, 12 Jan 2006 19:34:44 -0600 <3F733BAC-7B66-4C1E-8ABF-4273B4F28***@microsoft.com>| From: Mark Olbert <ChairmanMAO@newsgroups.nospam> | Newsgroups: microsoft.public.dotnet.framework.aspnet | Subject: Re: FormsAuthentication.SignOut() and User.Identity | Date: Thu, 12 Jan 2006 17:34:44 -0800 | Organization: Olbert & McHugh, LLC | Reply-To: m***@arcabama.com | Message-ID: <ls0es19s497j06pm7rs62q1l10q06t4***@4ax.com> | References: <edrds1pme0lgj536a1er47erohluh1d***@4ax.com> | X-Newsreader: Forte Agent 3.1/32.783 sv3-rQwhPjcWMTvsqwJo11Gf9zxzOujebWz+sLYwuvJ1H8BasdNexnDFZOeQ1Gswh+CYpkalXbft| MIME-Version: 1.0 | Content-Type: text/plain; charset=us-ascii | Content-Transfer-Encoding: 7bit | Lines: 7 | X-Trace: f+BtmCk!SC3v5IQ/eQPITPjShe9OX747xXbbNSAAw62Qprk3lKk0VQpu5wJgOLLC/LdzkuSDb1+e 2A== | X-Complaints-To: ab***@giganews.com TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli| X-DMCA-Notifications: http://www.giganews.com/info/dmca.html | X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers | X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly | X-Postfilter: 1.3.32 | Path: ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan ews.com!local01.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.framework.aspnet:370523Show quoteHide quote | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet | | Peter, | | You got it in 1. Sometimes I wonder how programming got done before the internet... | | Thanks! | | - Mark |  
Other interesting topics
Issue with ASP.NET 2.0 Global asax
Seeking examples of screen scraping.... Help: ASP.Net broken (tried usual suspects...) ASP.NET 2.0 menu: where to set alternate text for "^ up one level Can't open asp xml page Question about string Error: 'CreateUser' is not a member of 'Membership' vs2005: domain trust relationship problem What is the database "standard" in 2.0? XMLHTTP question |
|||||||||||||||||||||||
