ansaurus

Question

MVC2: Determine that redirect to login was due to forms authentication timeout?

Answer 1

A:

There's nothing out-of-the-box allowing you to achieve this. You could for example write a custom Authorize attribute that will check if the authentication cookie has expired.

Darin Dimitrov 2010-08-11 15:25:16

So how would the code in the attribute detect that a timeout had occurred?

CodeGrue 2010-08-11 16:55:01

`FormsAuthentication.Decrypt(authCookieValue).Expired`

Darin Dimitrov 2010-08-11 16:56:44

I confirmed that after timeout, Request.Cookies[".ASPXAUTH"] returns null, so you cannot access the expired property.

CodeGrue 2010-08-11 17:42:29

Answer 2

+1 A:

After fiddling for quite a while I came up with this hackish solution that works. I would love to hear a more elegant solution.

1) Create a cookie after forms authentication:

   // log the user in
   FormsService.SignIn(userId, false);
   Response.Cookies["WasLoggedIn"].Value = "true";

2) On the login GET action, look for this cookie existing and the authentication cookie not existing:

   if (Request.Cookies[".ASPXAUTH"] == null && 
       Request.Cookies["WasLoggedIn"] != null)
   {
      // forms authentication timed out
   }

CodeGrue 2010-08-11 17:56:52

ansaurus

tags:

views:

answers:

MVC2: Determine that redirect to login was due to forms authentication timeout?

related questions