.NET C #: how to handle authentication expiration on an AJAX call

Question

.NET C #: how to handle authentication expiration on an AJAX call

In context, I have a form authentication timeout value set in my web.config and I am using ASP.NET MVC 1. I think it would be easier to indicate my problem as two use cases - the first thing that happens without Authentication timeout, and the second with authentication timeout:

The usual case:

The user logs in to the application, and the authentication timer starts ticking. While the authentication period is still valid, the user clicks something on the page that launches the AJAX call (via jQuery). We get to the server, process the request and return a partial view to the user (how ActionResult). Html comes as a string to the ajax success method, and I take this html and paste it into the div on the page. This is all expected.

Reported Case:

The user logs in to the application, and the authentication timer starts ticking. After x time, the authentication expires. With the expiration of the time, the user clicks something on the page that launches an AJAX call (using jQuery). We hit the server, but the authentication ticket has expired..NET will automatically redirect to the value loginURLdefined in the same web.config element, which sets the timeout period. For me, this page is the login page, where the user is prompted to enter a username / password for login. Thus, the Home/LoginController action is triggered and ultimately returns the full (non-partial) view back as the html string for the ajax success method. This makes the page bomb, because I'm trying to take the full html of the page (with tags<html> and that’s all) and paste it into a div on the page.

So this is my problem. When the authentication has expired and .NET redirects me to the login page, I return the full html page for the ajax success method. Of course, everything works fine when the server is not in the AJAX call - it redirects the penalty to the login page. But how can I handle this? Does anyone have any ideas?

Thank.

+3

ajax asp.net-mvc timeout forms-authentication

Matt powell Jan 21 '11 at 10:32

source share

2 answers

 public class BasicAuthenticationAttribute : ActionFilterAttribute, IAuthenticationFilter
{
    public void OnAuthentication(AuthenticationContext filterContext)
    {
        var user = filterContext.HttpContext.User;
        if (user == null || !user.Identity.IsAuthenticated)
        {
            if (filterContext.HttpContext.Request.IsAjaxRequest())
            {
                filterContext.Result = new JsonResult
                {
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet,
                    Data = new { redirectTo = FormsAuthentication.LoginUrl }
                };
            }
            else
            {
                filterContext.Result = new HttpUnauthorizedResult();
            }
        }
    }
    public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
    {
        //  throw new NotImplementedException();
    }
}

and then you can use as follows

$.get('/foo', function(result) {
if (result.redirectTo) {
    window.location.href = result.redirectTo;
} else {
    // standard stuff
}

});

0

Dhruv patel Aug 25 '16 at 16:39

source share

Omu · Accepted Answer · 2011-01-22T00:11:23+0000

therefore, the "Account / Login" action is performed when the ticket expires

public Action Login()
{
   if(Request.IsAjaxRequest())
   return Content(@"<meta http-equiv="refresh" content="1" />");
   //if it is ajax request the div will be filled with this meta tag which will refresh the page


  return View();
}

.NET C #: how to handle authentication expiration on an AJAX call

More articles: