@manhng

Welcome to my blog!

Save Session Timeout in Web.config as XML Document

January 3, 2020 12:06

Save Session Timeout in Web.config as XML Document (edit)

using System;
using System.Diagnostics;
using System.IO;
using System.Xml;

namespace ConsoleApp11
{
public class Program
{
public static void Main(string[] args)
{
string webConfigFilePath = @"C:\inetpub\wwwroot\WebApp\web.config";

bool isSaveSuccess = SaveSessionTimeoutToWebConfig(webConfigFilePath, "480");
}

public static bool SaveSessionTimeoutToWebConfig(string filePathWebConfig, string sessionTimeout)
{
//
// Change timeout from 30 to 1440
// FROM: <sessionState timeout="30" />
// TO: <sessionState timeout="1440" />
// ----------
// FROM:
//<authentication mode="Forms">
// <forms name="WebApp.CookieName" loginUrl="~/Login.aspx" protection="All" timeout="30" path="/" requireSSL="true" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile"></forms>
//</authentication>
// TO:
//<authentication mode="Forms">
// <forms name="WebApp.CookieName" loginUrl="~/Login.aspx" protection="All" timeout="1440" path="/" requireSSL="true" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile"></forms>
//</authentication>

try
{
if (File.Exists(filePathWebConfig))
{
XmlDocument doc = new XmlDocument();
doc.Load(filePathWebConfig);

XmlNode sessionState = doc.DocumentElement.SelectSingleNode("//system.web//sessionState");

if (sessionState != null)
{
if (sessionState.Attributes["timeout"] != null && sessionState.Attributes["timeout"].Value == sessionTimeout)
{
//return true;
}
else
{
sessionState.Attributes["timeout"].Value = sessionTimeout;
doc.Save(filePathWebConfig);
}
}

XmlNode formsAuthentication = doc.DocumentElement.SelectSingleNode("//system.web//authentication//forms");

if (formsAuthentication != null)
{
if (formsAuthentication.Attributes["timeout"] != null && formsAuthentication.Attributes["timeout"].Value == sessionTimeout)
{
return true;
}
else
{
formsAuthentication.Attributes["timeout"].Value = sessionTimeout;
doc.Save(filePathWebConfig);
}
}
}
return true;
}
catch (Exception ex)
{
Debug.WriteLine(ex.ToString());
return false;
}
}
}
}

Session Expiration Time out Popup using jquery

November 5, 2019 17:19

Session Expiration Time out Popup using jquery (edit)

  • Session Expiration Time out Popup using jquery
  • Session Timeout Warning and Redirect
  • Session Timeout Notification
  • Handling Session Timeout
  • Session Expiration Alert
  • window.setInterval
  • window.setTimeout
  • Application_AuthenticateRequest MVC with Session Timeout
  • ASP.NET Forms Authentication in Internet Explorer
  • Implementing JavaScript Countdown Timer In An Online Quiz Application

Session Management

01.Verify that the framework’s default session management control implementation is used by the application.
02.Verify that sessions are invalidated when the user logs out.
03.Verify that sessions timeout after a specified period of inactivity.
04.Verify that sessions timeout after an administratively configurable maximum time period regardless of activity (an absolute timeout).
05.Verify that all pages that require authentication to access them have working logout links.
06.Verify that the session id is never disclosed other than in cookie values, particularly in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies when possible.
07.Verify that the session id is changed on login.
08.Verify that the session id is changed on reauthentication.
09.Verify that the session id is changed or expired on logout.
10.Verify that only session ids generated by the application framework are recognized as valid by the application.
11.Verify that authenticated session tokens are sufficiently long and random to withstand attacks that are typical of the threats in the deployed environment.
12.Verify that cookies which contain authenticated session tokens/ids have their domain and path set to an appropriately restrictive value for that site.
13.Verify that all code implementing or using session management controls are not affected by any malicious code

ESAPI also has two appropriate interfaces that deal with authentication and session management to further provide protection against these attacks. One is the Authenticator API that includes methods for generating and handling session identifiers and account credentials. The other API is User that securely manages all the variables associated with the state of a user account.

MVC Forms Authentication and Storing Data in the Cookie

http://www.primaryobjects.com/2012/12/07/mvc-forms-authentication-and-storing-data-in-the-cookie/ (HAY HAY HAY)

MVC4 forms authentication example with custom MembershipProvider and Principal, storing user data in forms auth cookie. 

http://primaryobjects.com/CMS/Article147.aspx

https://github.com/primaryobjects/MVC4FormsAuthentication

Application_AuthenticateRequest is one of the particular event in ASP.NET pipeline. It can be only fired one request coming from client. I'm afraid you can hardly redirect to this event If I'm not misunderstood your reqiurement.

Instead, If you want to detect user session timeout and reqiure user to re-login. In addition to other post, you can check these links:

http://www.codeproject.com/KB/session/redirecttimeout.aspx

http://blogs.msdn.com/b/nikhiln/archive/2007/06/21/detecting-session-timeout-in-asp-net-2-0-web-applications.aspx

May be this helps you..

http://forums.asp.net/p/1620362/4156242.aspx

Check Session Timeout by ActionFilter in MVC

https://www.codeproject.com/Articles/1095295/Check-Session-Timeout-by-Using-ActionFilters-in-MV

FormsAuthenticationTicket

https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/forms-authentication-configuration-and-advanced-topics-cs

https://www.simplethread.com/setting-up-authentication-in-aspnet-mvc/ (HAY)

https://evacion.wordpress.com/2010/11/05/application_authenticaterequest-in-global-asax/

Global.asax

Now let’s see deep into Global.asax file,ASP.NET MVC Global.asax
As you can see the Class is been inherited from System.Web.HttpApplication. As we know that we can handle the Application level events with the help of Global.asax even from the traditional ASP.NET it works as the same. Lets have a quick brush-up regarding those events.

  • Application_Start() – Triggers when the application starts for the first time
  • Application_Init() – Triggers when the application initialize for the first time
  • Application_BeginRequest() – Triggers each time a new request comes in
  • Application_EndRequest() – Triggers when request ends
  • Application_AuthenticateRequest() – Triggers when the request is to be authenticated
  • Application_Error() – Triggers when an application level error occurs
  • Application_End() – Triggers when the application times out or ended
  • Session_Start() – Triggers when there a user session starts
  • Session_End() – Triggers when the user’s session is ended

Session Expiration Time out Popup using jquery

Introduction

In this article, I will tell you how to create a cross-browser session expiration popup box using jQuery easily

Background

Session timeout is very much important in every project. There are so many articles already written for session timeout. Therefore, in this article I will tell you how to create use session timeout using jQuery easily. We can configure session timeout and after finishing this timing, user will receive notification like that, you need to logout to extend timeout.

Image 1

Image 2

 

https://www.codeproject.com/Tips/1175658/Session-Expiration-Popup (HAY HAY HAY)

https://github.com/travishorn/session-timeout (jQuery Session Timeout) (HAY HAY HAY)

Angular 4 + ASP.NET Web API 2

https://www.codeproject.com/Articles/1260825/Angular-4-Insert-Update-Delete-with-ASP-NET-WEB-AP

Angular 6 login with session timeout modal - LinkedIn

https://github.com/changhuixu/session-expiration-alert

Dependencies: Angular 6+, Bootstrap 4+ (css), NgBootstrap 3+

Categories

Recent posts