Click here to Skip to main content
15,030,062 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
In my application i am using session to the username and that session value bind into nextpage.


first i run the application that time the session name bind correctly.again i close the browser and open same browser that's time the username becomes like this '1aab77e4-d424-4ba2-9997' it's become like some default value


i am using this code

if (domainanduser.IndexOf('\\') != -1)
{
string[] vSplitStr = domainanduser.Split('\\');
domain = vSplitStr[0];
username = vSplitStr[1];




//PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain);
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

if (ctx.ValidateCredentials(username, txtPassword.Text))
{

bool isCookiePersistent = true;// chkPersist.Checked;
//ArrayList groups = GetUserAuthorizationGroups(txtUsername.Text.Trim());

//string groups = Convert.ToString(GetGroups(txtUsername.Text.Trim()));
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
username, DateTime.Now, DateTime.Now.AddMinutes(10), isCookiePersistent, "groups");

//Encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//HttpCookie authCookie = new HttpCookie("FormsCookieName");
// authCookie.Values.Add("username", username);
//if (true == isCookiePersistent)
authCookie.Expires = authTicket.Expiration;

//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
// Response.Redirect("WebForm3.aspx");
//if (((HttpWebResponse)((System.Net.HttpWebRequest)System.Net.WebRequest.Create(domain)).GetResponse()).StatusCode == HttpStatusCode.OK)
//{


Session["username"] = username;
int result = Convert.ToInt32(AuthenticateUser(username, domain));
if (result == 1)
{
Response.Redirect("WebForm1.aspx");
}
else if (result == 2)
{
Response.Redirect("WebForm1.aspx");

}
else
{
// Response.Redirect("Defaultpage.aspx");
lblmsg.Text = "You do not have access to the LOUPe Application. Kindly Contact Admin.";
lblmsg.ForeColor = Color.Red;
}

}


else
{

if (txtPassword.Text == "" || txtUsername.Text == "")
{
lblmsg.Text = string.Empty;
}
else
{
lblmsg.Text = "The username or password you entered is incorrect.";
lblmsg.ForeColor = Color.Red;
}


}
}
else
{

if (txtUsername.Text != "")
{
lblmsg.Text = "Please enter domainname ";
lblmsg.ForeColor = Color.Red;
}
}

}
catch (Exception ex)
{
if (ex.Message.Contains("The server could not be contacted."))
{

if (txtPassword.Text == "")
{
rfvPWD.Text = string.Empty;


}
lblmsg.Text = "you entered domain name incorrect Please check the domain name";
lblmsg.ForeColor = Color.Red;


}

}
finally
{


}
please give any idea about issue
Posted
Comments
[no name] 26-Sep-13 8:36am
   
So, u want clear the session at closing time?

1 solution

you can clear session on brower close window using javascript.
   
Comments
krish2013 27-Sep-13 5:24am
   
hii Igar,
I am the first time to work on security.If you have possible please share the code to me.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900