How to force login after running the application?

Asked

Viewed 357 times

4

My scenario is this::

After authentication with Active Directory, the user who logged in is saved to a Session

[HttpPost]
public ActionResult Login(LoginModel model, string returnUrl)
{
    if (!this.ModelState.IsValid)
        return View(model);

    if (Membership.ValidateUser(model.Usuario, model.Senha))
    {
        Session.Add("Usuario", new UsuarioModel { Nome = "Eu", Login = "Filipe"});
        FormsAuthentication.SetAuthCookie(model.Usuario, false);
        if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
            && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
        {
            return this.Redirect(returnUrl);
        }

        return this.RedirectToAction("Index", "Home");
    }

    this.ModelState.AddModelError(string.Empty, "O usuário ou a senha são inválidos");

    return View(model);
}

After that I make some changes to the code and run the application again, but Session does not remain there and the application considers that the user is still logged in.

How can I clean up this thing that makes the user still seem to be online?

c# asp.net-mvc-5 session authentication

  • But it’s to keep the login in session and application or to force new login because changes were made to the code?

  • @Zuul, force the new login because of the changes. But keeping the login in the session would also be a good thing, you have example of this?

1 answer

3

Make the user leave the session in the event Application_End of your Global.asax.cs:

void Application_End(object sender, EventArgs e) 
{
    Session.Abandon();
}

PS: I have not tested this code.

EDIT

As the above code did not work, I think the programmatic way may not be a good output. In the file Web.config, amend the following:

<authentication mode="Forms">
    <forms cookieless="UseCookies" loginUrl="~/Account/Login" name="MinhaAutenticacao" slidingExpiration="true" timeout="300"/>
</authentication>

  • Without the OP to manifest I do not know what he wants, but as you have already put an answer, maybe leave both scenarios exposed in the answer is better, so it is always correct ;)

  • Who voted 'no' in this reply, gives the reason?

  • 2

    @Zuul It is that I read wrong even. I understood that he wanted to keep the Cookie, not expire it.

  • @Ciganomorrisonmendez, no Application_End this exception is raised: Estado da sessão não está disponível neste contexto.

  • @Filipeoliveira I updated the answer.

  • @Ciganomorrisonmendez, the application is still considering that the user is logged in, but the Session created in Login no longer exists.

Show 1 more comment

Browser other questions tagged c# asp.net-mvc-5 session authentication

You are not signed in. Login or sign up in order to post.