how to implement logout for web apllication?

divekar.vishal · June 5th, 2008, 02:24 AM

Hi all,
i am using form based authen. to secure my web application.But when i am trying to logout with FormsAuthentication.SignOut();and then Response.Redirect("../main/Login.aspx")but it gives "HTTP Error 404 - Not Found". My web.config as....
<authentication mode="Forms">
      <forms loginUrl="Login.aspx"
        name=".LOGINAUTH"
        protection="All" timeout="30" path="/" slidingExpiration="true">
        <credentials passwordFormat="Clear">
          <user name="vishal" password="campus"/>
          <user name="manas" password="manas"/>
        </credentials>
     </forms>
    </authentication>
    <machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"/>
    <authorization>
      <allow users="*" />
      <deny users="?"/>
    </authorization>
And Login.aspx.cs as.....
if (FormsAuthentication.Authenticate(txtUserid.Text, txtPassword.Text))
        {
            FormsAuthentication.RedirectFromLoginPage(txtUseri d.Text, chkRemeberMe.Checked);
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                1, this.txtUserid.Text, DateTime.Now,
                DateTime.Now.AddMinutes(30), this.chkRemeberMe.Checked, "User");
            string cookistr = FormsAuthentication.Encrypt(ticket);
            HttpCookie hcookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookistr);
            if (this.chkRemeberMe.Checked)
            {
                hcookie.Expires = ticket.Expiration;
            }
            hcookie.Path = FormsAuthentication.FormsCookiePath;
            Response.Cookies.Add(hcookie);

            if (txtUserid.Text == "vishal")
            {
               Response.Redirect("../Adminstration.aspx");
            }
            else
            {
                Response.Redirect("../main/NotAuthorized.aspx");
            }

        }

so plz help me for that,,

Vish

planoie · June 5th, 2008, 09:14 AM

The 404 error is indicating that the page you are redirecting to doesn't exist. This is a very basic error.

It would appear that wherever you are logging out from that "../main/Login.aspx" is not a valid URL.

I would recommend you change your redirect call to use an application root relative URL:

Response.Redirect("~/main/Login.aspx")

This will get resolved properly to the the page off the root of the application and will therefore work from any page.

-Peter
compiledthoughts.com

divekar.vishal · June 6th, 2008, 01:08 AM

Quote:

quote:Originally posted by planoie
The 404 error is indicating that the page you are redirecting to doesn't exist. This is a very basic error.

It would appear that wherever you are logging out from that "../main/Login.aspx" is not a valid URL.

I would recommend you change your redirect call to use an application root relative URL:

Response.Redirect("~/main/Login.aspx")

This will get resolved properly to the the page off the root of the application and will therefore work from any page.

-Peter
compiledthoughts.com

Thanks a lot Peter,

It Works...! But when i click "back" button on browser it again go to the Administrator.aspx page that means it not kills session.Plz guide for the same.

Vish

planoie · June 6th, 2008, 08:34 AM

Quote:

quote:Originally posted by divekar.vishal
But when i click "back" button on browser it again go to the Administrator.aspx page that means it not kills session.

Are you positive? Try going back and then hit refresh. I think you'll find that it will kick you to the login page. This really has nothing to do with ASP.NET but rather with browser page caching. You may need to set an explicit expiry datetime for the page(s) so the browser doesn't cache them.

-Peter
compiledthoughts.com