c# - Logout in MixedMode Authentication. Showing the wrong user on profile object -
i using both windows , forms authentication in web application.both authentication schemes enabled in iis. explicitly sets forms cookie after windows authentication succeeded application rely on forms cookie .this works expected.
the problem after logout after logged in windows user,the new request(login.aspx) still has context.user windows principal. though within login still create new forms cookie , asp.net profile object still has windows principal user.since utilize profile object throughout application shows different user other 1 logged in
i wondering why happening ? need on logout prevent iis passing security token next request goes login.aspx
do need set context.user manually on every request on formsauthentication_onauthenticate reading cookie , setting context.user userdata within cookie
i doing document.execcommand("clearauthenticationcache") @ logout
edit: have more details : in application begin request , content.user coming null . when request reaches formsauthentication_onauthenticate context.user set windows principal.i have no clue event sets , how prevent ?
edit : have found context.user null inapplication_beginrequest gets set windows principal within `formsauthentication_onauthenticate
finally have figured out issue . real issue setting entire root folder utilize windows , forms authentication. ideally need have separate login page windows(winlogin.aspx) , set win , forms authentication page.for rest of app set forms authentication only.the winlogin should create forms cookie , redirect rest of application.
the next question helped me in figuring out : mixed mode authentication
c# asp.net authentication forms-authentication windows-authentication
No comments:
Post a Comment