5

We have a requirement where we would like to redirect the user to a login page when ASP.NET Session expires and the user is working in a Silverlight plugin.

So, scenario is, we have a legacy application which runs ASP.Net, all our new modules are in Silverlight, and the legacy app loads the Silverlight application. That all works :-) The user then walks away from their desk and comes back after the ASP.Net Session times out, but then tries to carry on doing something in the Silverlight App, which uses a RIA Domain Service. Because the session has time out, the RIA Domain Service fails, but it does not fail with a SessionExpired exception, nor with a User/Password invalid, it just fails with a Domain Exception which is similar to "real" exceptions thrown in the domain model so we have no way of identifying that this time it was because the session expired.

There are plenty answers for how to keep your ASP.Net session alive, we dont want to do that, we want the session to expire, but we want to be able to handle it gracefully in Silverlight and direct the user to the login page.

We have this working, but the problem is whenever an exception is raised in the Silverlight application, this redirects you to the login page, which is not the intended behaviour. We only want to redirect when it is a case of the session expiring.

Any ideas?

Warren vd Merwe
  • 51
  • 3

1 Answers1

2

I just happened to have the same problem. I added the following code to the Application_UnhandledException:

private void Application_UnhandledException(object sender, ApplicationUnhandledExceptionEventArgs e)
{
    // redirect to login on exceptions when user is not logged in
    var domainException = e.ExceptionObject as DomainOperationException;
    if (domainException != null && !WebContext.Current.User.IsAuthenticated) 
    { // probably a server-side timeout has occurred.  
        e.Handled = true;
        HtmlPage.Document.Submit(); // redirect to login page
    }
}

Whenever there is a domain exception and the user is not logged in (I assume that the user has to be logged in to see any page), I redirect to the calling page which causes ASP.NET to redirect to the login page.

EDIT: This solution is useful when you use an .aspx login form (which I normally use to prevent an unauthenticated user from downloading the Silverlight code). In case you use a Silverlight registration form, you find your answer here https://stackoverflow.com/a/8083744/178620.

Community
  • 1
  • 1
slfan
  • 8,950
  • 115
  • 65
  • 78
  • You should bring up to the RegistrationWindow, rather than trying to reload the HtmlPage. This is a much better answer: http://stackoverflow.com/a/8083744/178620 – Doguhan Uluca Jun 08 '12 at 14:48
  • Thanks a lot for your tip. You are right if you use a Silverlight login/registration window. I prefer to use asp.net forms authentication and an HTML webform for the login, because a malicious user cannot download the Silverlight application without logging in. Under these circumstances my answer is still correct and I prefer it to your solution. – slfan Jun 08 '12 at 19:51
  • I see where you're coming from now - the question specifies RIA and most people will just use the RegistrationWindow. If you don't mind updating your answer with your perspective, I'll be able to take away the down vote. – Doguhan Uluca Jun 08 '12 at 20:25
  • I nearly always use RIA services, but never the built-in registration dialogs. I tried to clarify this. – slfan Jun 09 '12 at 07:11