+ Post New Thread
Results 1 to 7 of 7
Web Development Thread, IIS / .ASP force logout question in Coding and Web Development; I have a website created that requires users to login via their active directory account. It seems with IE they ...
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,476
    Thank Post
    1,305
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    198

    IIS / .ASP force logout question

    I have a website created that requires users to login via their active directory account.

    It seems with IE they stay logged in until they close the browser It seems with IE they stay logged in until they close the browser . A lot of users log in from home, so Im looking for a way to force a logout the site after X mins.

    I have been dabbling with cookies, but am unsure if this is the right way to do it, as they are not logging in to the actual site per se (Although I would love to add a second level of security by having a login page on the actual site - but have no idea about that now)

    Is there a way in IIS to force the logout of an authenticated session after a certain amount of time?

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    If you're just doing authentication with a normal IIS protected directory, then no you can't time it out (the browser just keeps on presenting its credentials with every page request). You need to use a cookie-based authentication that you can control a bit more. I don't know if ASP has an equivalent to PHP's sessions system, but that would be your best bet.

  3. Thanks to powdarrmonkey from:

    RabbieBurns (1st February 2009)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    It is not to difficult to set up forms based authentication with ASP there is a nice write up on cookie based stuff here with code:
    ASP 101 - Articles

    Heres one that uses a DB:
    Simple ASP Authentication System

    there is a whole list of tutorials here:
    ASP User Authentication Tutorials - Tutorialized

    Once you get the hang of it the session based stuff in ASP is easy to use as it does most of the work for you.

  5. Thanks to SYNACK from:

    RabbieBurns (1st February 2009)

  6. #4

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,476
    Thank Post
    1,305
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    198
    Thanks, Ill check those links out tomorrow and try to knock something together

  7. #5

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,476
    Thank Post
    1,305
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    198
    Quote Originally Posted by SYNACK View Post
    Heres one that uses a DB:
    Simple ASP Authentication System[/URL]

    Once you get the hang of it the session based stuff in ASP is easy to use as it does most of the work for you.
    Used this one, piece of cake to setup, and I have created a logout button as it doesn't use cookies so I don't think I can auto time it out.

    Slightly off topic now, but can anyone post code I could use to somehow mangle the passwords stored in the database so they aren't plain-text?

  8. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    MD5 hashing although easily broken now via Google sounds like it would fit the bill as it is what is used in most situations:

    AspEncrypt.com - Encrypt Your Password Database with a One-way Hash
    http://webcheatsheet.com/asp/md5_enc...ds.php?print=Y
    http://www.planet-source-code.com/vb...=9367&lngWId=4
    Last edited by SYNACK; 2nd February 2009 at 08:27 PM.

  9. #7

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,476
    Thank Post
    1,305
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    198
    thanks, ill check that out tomorrow.

    I also managed to add an auto time out to the stuff I did today by adding a session expire line to the .asa

SHARE:
+ Post New Thread

Similar Threads

  1. Automatic logout after 30 minutes of use.
    By Blake0 in forum Windows
    Replies: 13
    Last Post: 23rd September 2010, 06:31 AM
  2. Allow ASP .Net 2 in IIS Server 2003 R2
    By FN-GM in forum Windows
    Replies: 8
    Last Post: 17th January 2009, 08:23 PM
  3. asp / iis question
    By RabbieBurns in forum Web Development
    Replies: 14
    Last Post: 7th October 2008, 10:22 AM
  4. [CLOSED] Improvement: Logout Timeout?
    By bjohnny42 in forum EduGeek.net Site Problems
    Replies: 1
    Last Post: 2nd May 2008, 10:53 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •