.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Can a user's session and their security ticket expire at different times?

Posted By:      Posted Date: April 14, 2011    Points: 0   Category :ASP.Net

Hi there,

If a user's security ticket and session state are configured to expire after twenty minutes, is it possible that one could go before the other? So for example, a user could have access to a protected web page but their sessions has been lost?

Cheers, WT.

View Complete Post

More Related Resource Links

MS SQL Server: Disconnect Users From Database - Kill User Session

If you ever wanted to restore your database from a SQL backup file (.bak), but there are still users connected to your database, the backup operation will fail causing the error: Exclusive access could not be obtained because the database is in use.

stsadm Import command + include user security



When I move sites from test to staging to production, I am using the stsadm –o export command with the –includeusersecurity option in the staging environment.  In production environment, I then use the stsadm –o import command with the –includeusersecurity option.  I was assuming that this option was bringing over the security on the exported site only.  This does not seem to be the case.

Last night I exported one sub site to produtction.  Today, I was notified that the security groups on other sub sites have been altered.  


So why is it when using the –includeusersecurity option effect all sub sites and not just the one sub site being moved from staging to production

session object security in asp.net 4

hi,So I'm developing a complicated solution where users need to register, on the web application. I'm not going to use asp.net forms authentication because it would be too complicated to make it work in my app. We do not have SSL, it doesnt need to be super secure but the only thing I am worried about is:When the user logins, he is authenticated, then his username is stored in an asp.net session object. Every protected page then check if there is a username, is there isn't he is redirected. Is this secure?Is there a way an attacker can manipulate a session object to have it store a valid username, which will fool the pages to think that user has logged in. Is there any way to make it slightly more secure without hitting too much on performance?All the options I see are all about forms authentication.Thanks so much

limit ASP.NET User Session without blocking production

 If the Web Site is in production and there are hits from one particular place (Say London!) and the after 1000 (or x) requests, user session should not be allowed. So what to do in such situation without affecting current production site?  Please Advice. Thanks!  

Long execution times for Search pages even after 4th or 5th user has accessed the same page.

Hi Guys We have a Sharepoint 2010 farm with two NLB web fronts ends, a Index server and a two box SQL cluster. The same problem also occurs on a dev box which has Sharepoint 2010 and SQl server running on the same single box. When a user access the search or advanced search page we get long execution times of between 15 and 30 seconds.  The strange thing is that the user will have a slow response the first time, then they are fine for a period of an hour or two and then they hit the slow response again.  Below i have copied info from the developer dashboard.  Does anyone have a suggestion of where to start tackiling this issue. Thanks 1st Run.  (Note this site was accessed by 3 other users first) BeginRequestHandler (0.05 ms) PostAuthenticateRequestHandler (0.06 ms) PostResolveRequestCacheHandler (18.48 ms) GetWebPartPageContent (16.87 ms) GetFileAndMetaInfo (15.57 ms) GetWebPartPageContent (35.25 ms) GetFileAndMetaInfo (34.99 ms) GetWebPartPageContent#1 (89.27 ms) GetFileAndMetaInfo (89.06 ms) Add WebParts (3975.17 ms) Search Box (3974.54 ms) SearchBoxEx.OnLoad (15426.56 ms) SearchBoxEx.HandleContextualScoping (0.01 ms) UserPreference.GetUserPreference (15418.52 ms) UserPreference.GetFromCache (0.04 ms) SearchServiceApplicationProxy.GetUse

Accessing Session State in a User Control

We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control? If so, how? If not, any suggested solutions? Thanks in advance for any help.

current user identity in custom security trimmer

The crux of my problem is that I want to impersonate  a user’s NTLM credentials in the context of a SharePoint custom security trimmer to execute HttpWebRequests to check user access to URLs.  When accessing WindowsIdentity.GetCurent() in the security trimmer, the System.Security.Principal.WindowsIdentity object returns the identity of the application pool running the search query service, NOT the currently logged in user.   When accessing System.Threading.Thread.CurrentPrinciple.Identity in the security trimmer, the Microsoft.IdentityModel.Claims.ClaimsIdentity object of the current logged in user is returned.  However, there is a catch.  …   If I execute the following code in a .NET web application, the cast of the ClaimsIdentity to a WindowsIdentity succeeds because the identity has the authentication type of NTLM.    WindowsIdentity winId = (WindowsIdentity)System.Threading.Thread.CurrentPrincipal.Identity; WindowsImpersonationContext wic = winId.Impersonate(); request.Credentials = CredentialCache.DefaultCredentials; //access means a response comes back when a request is made to the url using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()) { returnStatus = true; } wic.Undo(); However, when I execute the same code in the context of the SharePoint security trimmer (the search query service li

i make a web site using frame but session is expire Error message is my Config file is attache

i make a web site using frame  but session is expire message is Object reference not set to an instance of an object Description: HTTP 500. Error processing request. Stack Trace: System.NullReferenceException: Object reference not set to an instance of an object at System.Web.UI.Control.OnLoad (System.EventArgs e) [0x00000] in <filename unknown>:0 at System.Web.UI.Control.LoadRecursive () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.ProcessLoad () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.ProcessPostData () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.InternalProcessRequest () [0x00000] in <filename unknown>:0 at System.Web.UI.Page.ProcessRequest (System.Web.HttpContext context) [0x00000] in <filename unknown>:0 My Web Config file is<configuration>    <!-- store the database connection info here -->     <appSettings>        <add key="sBook_StoreDBConnectionString" value="Provider=Microsoft.Jet.OLEDB.4.0;User ID=Admin;Data Source=C:\Program Files\CodeCharge\Examples\BookStore\BookStore_MSAccess.mdb;Persist Security Info=False" />            </appSettings>  <system.web>  <httpRuntime executionTimeout=&quo

how to redirect user to login page if session is null

i have 2 page,1.login.aspx ---  2.welcome.aspxin my login.aspx im storing username into sesssion as below:Session["usernm"] = txtUsername.Text;in my welcome.aspx  pagein page_load event if (Session["usernm"]==null)        {            Response.Redirect("Login.aspx");        }----- here if i manulally paste the url ( http://localhost:4125/Loginado/welcome.aspx) it should go to  login.aspx for user credentialsbut its going directly to welcome.aspx  page.

change snapshot agent user (Agent security)

Hi, we have replicated dbon sql server 2008 (transaction replication) now we want to change the user used for the snapshot agent, from sql Managment studio go to publication property and then agent security and then snapshot agent (now we are using domain user) here we want to use the other option which is " to be run under sql server agent service account" but I couldnt choose this option because its unactive so how we can activate this option for existing replication without restarting the replication (i can use this option for the new replication wizard) Thanks

How to Provide Security at User level base in asp.net for certain pages

 Hi I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only . What to do. Could you please provide answer asap.   Thanks  

When Session is expire

i am using frame in Web Site . but session is expire than Login Page open in within frame how to open Login Page in Seprate Window  and my main frame page is not show

Session expire error

Hi,I have Store procedure its take some times to execute, While its executing my session expires the browser seems to freeze and the user do not seem to know what to do. Instead, Could i please re-direct to the login page with a red line message saying "Your session has expired. Please login again."whats the best way to do that?krdslakmal

users are known in user profile, but not in security

Hi all, I am having this weird issue here: SP2010 was working fine, user profile sync and claims-based security on the web app. Now, with no clear reason, it cannot find users anymore on the security part. People search still works, but I cannot add users on SharePoint to log in. Strange thing is: if I type half a username, it still resolves the full name, but it has a red stripe underneath it as a sign that it does not recognize the user. So it can find the name of the user, but it cannot add it to SharePoint.   Once more, the user profile sync is working great and I can find users on people search.   Any thoughts ? 

Report Manager Security: If a user login to Report Service than he should be able to see only a fold

Report Manager Security: If a user login to Report Service than he should be able to see only a folder for which he has role assing and rest of the folder should be hidden for him. How this security i can achive with c#

Check session timeout and warn user before timeout


I know there are several articles explaining how to warn the user before their session times out, but so far none of them have worked for our scenario, so I'm hoping someone here will be able to help me figure this one out...  Here's what we've got:

Our application uses SQLServer to store session state.  We've got it set to timeout in 60 minutes.  Unfortunately (I fought hard against this, but lost the battle) our application uses popups for several major screens.  So tracking the session timeout on the client side doesn't really work, because I have no idea what window the user is in at any given point.  I've tried the solution where you inject Javascript into the page using the current session timeout on each request, but again, because the user could be actively using the application in a different window, it doesn't work for us.  So I guess I have a couple key questions:

  1. Is there any way to get the timeout for a session without triggering a request to the server, which would just renew the session?
  2. Is there a way to track the session timeout value across multiple windows? 
    I believe there is a limit to the number of "branches" the main window can have in our app.  In other words, the user can only be 2 levels deep from the main/root window, s
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend