0

In my app, the user can be authenticated with a login/password stored in a database or using its digital certificate.

In both ways, if the login succeeds a cookie is created and associated to the user.

FormsAuthentication.SetAuthCookie(model.UserName, false);
return RedirectToAction("Index", "Home");

I need this to be different. If a user logs in with its digital certificate, I want to check if the certificate is there otherwise it throws an error.

The concept is if the certificate is not there, this is because the user has left so nothing can be done.

Is that hard to do?

user1201210
  • 3,801
  • 22
  • 25
Guilherme Longo
  • 2,278
  • 7
  • 44
  • 64

1 Answers1

0

I found a simple solution to this.

On IIS, there is a way to set in the site advanced settings the connection time-out. It is the period of time (in seconds) a connection can remain inactive before being disconnected.

Click on the site node, in actions pane click Advanced Settings, click the + on Connection Limits and set Connection Time-out (seconds) to the period of time you find relevant.

I set to 1; Now basically every time the user calls an action it checks for the certificate. If it is there, the application continues normally.

It has worked for me because the digital certificate is a requirement. For those with normal login / password form auhtentication you need to find a better way or the user will be always redirected to the login page.

Guilherme Longo
  • 2,278
  • 7
  • 44
  • 64