Company logo
  • Jobs
  • Bootcamp
  • About Us
  • For professionals
    • Home
    • Jobs
    • Courses
    • Questions
    • Teachers
    • Bootcamp
  • For business
    • Home
    • Our process
    • Plans
    • Assessments
    • Payroll
    • Blog
    • Calculator

0

72
Views
Extended Logout in MVC 5

Extending logged in time as per user's choice.

Scenario: The ASP.NET MVC 5 web application is hosted in Azure WebApp WebConfig is set to timeout in 60 minutes of no requests made to the server as shown below

WebConfig:

<authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="60" slidingExpiration="true" name="MYAUTHDV" cookieSameSite="None" requireSSL="true" />
</authentication>

In the login screen, we would like to provide a CHECKBOX and if user ticks it and login, the webapp should not log them out for next 12 hours even if there is no activity.

enter image description here

So far, I have tried a javascript timer running on the _layoutpage.chtml and a local storage time value registered at loggged in time at the client side. The javascript timer will ping to the server every 20 minutes to keep the login alive. This is not always working for multiple reasons like browser, machine sleep mode, hard disk turnoff internet interruptions and other unknown reasons as well etc. There is also an issue we have to overcome regarding sliding expiration vs javascript pinging .https://docs.microsoft.com/en-us/dotnet/api/system.web.security.formsauthentication.slidingexpiration?view=netframework-4.8 I am also open to solutions involving server handling as well. Hoping a client side solution will incur less modification in our existing app.

7 months ago · Juan Pablo Isaza
1 answers
Answer question

0

Well.. that is a tricky question - simply love it!

Why is it tricky? Because ASP.NET config rules are mostly static and apply to the entire project. That's why a default timeout of 60 minutes will affect every user as a general policy.

The most straight forward solution (without touching your web app internals) will be to define 2 forms - one for regular users (will be kicked off after 1 hour) and another form with extended timeout. Of course - that will make a UI change as well (instead of checkbox you will need to use a link that redirect user to a different form). It's not a very elegant solution but it will work

Problem is that every config section can have only a single <forms> tag (which is very odd - the directive itself is in plural). Following this post there is a way to bypassing this issue by declaring 2 sections with 2 different working folders.

So yes - elegant solution is off the table but it's still possible and will work without touching ASP.NET internals - which I consider as positive. The overall solution may look like this

  • Create another folder (under your solution) with the extended login screen
  • under web.config file define 2 different working folders (using the <location> directive)
  • Redirect user from standard login screen to extended login screen using a link
  • when login completed using the extended screen - redirect to your main page (e.g dashboard or something similar)

the web.config file should look something like this:

<location path="/{MAIN_FOLDER}">
    <system.web>
      <authentication mode="Forms">
         <forms loginUrl="~/Account/Login" timeout="60" slidingExpiration="true" name="MYAUTHDV" cookieSameSite="None" requireSSL="true" />
      </authentication>
    </system.web>
</location>

<location path="/{EXTENDED_LOGIN_FOLDER}">
    <system.web>
      <authentication mode="Forms">
         <forms loginUrl="~/ExtendedLogin" timeout="720" slidingExpiration="true" name="MYAUTHDV" cookieSameSite="None" requireSSL="true" />
      </authentication>
    </system.web>
  </location>

Again - it is not pretty but it's logical - for 2 different behaviors we use 2 different configurations in order to define how every behavior should react. Any other solution will request custom implementation and as far as I concern - you want to avoid this in the first place.

And on a personal note: please share here your final solution to help others in the future as well. thanks

7 months ago · Juan Pablo Isaza Report
Answer question
Find remote jobs

Discover the new way to find a job!

Top jobs
Top job categories
Business
Post job Plans Our process Sales
Legal
Terms and conditions Privacy policy
© 2023 PeakU Inc. All Rights Reserved.