0

I am working on a security component of an asp.net application. Part of the security process is to activate the screensaver after 10 minutes of idle time.

Is there a way to activate screensaver using a web app? I have searched SO & GOOD but no luck. Any ideas?

DNR
  • 3,706
  • 14
  • 56
  • 91
  • 2
    I don't think this is possible. It's not a good idea either, you basically want to take over control of someone else's computer. Why don't you just log the user out? – Botz3000 Jun 06 '12 at 14:30
  • Well, the data on the screen is highly secure information (Name, address, DOB, SSN etc). So there is a need to activate screensaver (logging the user out would require closing down applications and losing unsaved data) – DNR Jun 06 '12 at 14:32
  • You're thinking in the wrong direction. You do *not* want to take control over the user's computer. I meant logging the user out of the *website*. All you can control is your website. See my answer for a suggestion. – Botz3000 Jun 06 '12 at 14:42

6 Answers6

6

"You are holding it wrong". This is so wrong on multiple levels. You are trying to do security by obscurity, which is bound to fail.

First, there's no way you can control this from your web site. Javascript or not. Clients may have javascript blockers installed.

A Windows machine that have a screen saver that adheres to Group Policies will laugh at your attempts. An how about Mac? iOS? Android?

The proper way to do it is to protect the data by timing out the user session and redirect the user to a logoff page.

There's an sample on the MSDN Code samples site to get you started: Alert user session expire (AspNetAlertSessionExpire)

Magnus Johansson
  • 28,010
  • 19
  • 106
  • 164
2

From a web app? Not really. Web apps are sandboxed by the browser & restrict access to this sort of thing. You could possibly write an activeX control to do this, but it would only work on Windows IE browsers.

It would be better to just log the user out of the web app.

Simon Halsey
  • 5,459
  • 1
  • 21
  • 32
2

Trying to take control over the PC of users like that is a really bad idea and not possible on most browsers (just think of all the doors it would open for malicious code).

You should better log the user out of the website after a while, and using some javascript you can switch/clear the page so that no private information is visible anymore.

Botz3000
  • 39,020
  • 8
  • 103
  • 127
1

It is not possible through ASP.NET. But you can try over scripts if browser settings allows it.

Rajesh Subramanian
  • 6,400
  • 5
  • 29
  • 42
1

You can't do it, but you could make your own tools "Screensaver". Just grey out the screen with a div and make them log back in. But, as everyone else has stated, so much easier just to kick them out and make them log back in.

Limey
  • 2,642
  • 6
  • 37
  • 62
1

Here's a idle timeout jQuery plugin that tracks whether or not a user has performed any action on a webpage (click, scroll, etc). After a pre-determined amount of time (10 minutes in your case), you log the user out.

I've used it quite successfully in my apps.

Link: idleTimeout - jQuery Idle Session Auto Timeout with Prompt

Jeremy
  • 8,902
  • 2
  • 36
  • 44