When a user cllicks into a specific form, I would like to have them re-authenticate due to the personal content of the form they're accessing. I'm not sure what I need to do to get this done. They already have to login to the appllication, but need the second layer of security. I would also like them to be logged out after 15 minutes of inactivity. Anyone have any ideas?
reauthenticate users
Collapse
X
-
Well the timeout part is pretty easy.
You just set the forms authentication cookie to expire after 15 minutes.
The "re-authentication" part is going to be a bit more tricky.
I'm not entirely sure how you'd do this but maybe place the super-sensitive content in a separate folder with it's own web.config file. This section of the site would have to be set up using the same authentication provider as the regular-sensitive content....and would have it's own Login feature which would issue another authentication cookie that would expire after the user's finished with the super-sensitive content.
-FrinnyComment
-
Yes...but it's not easy and doesn't work Opera.
First read this article then read this post...I'm still in the middle of writing an article on the topic.
-FrinnyComment
Comment