Controlling session time in WinForms app - best approach? [modified]
-
We have a Vb.Net 2.0 WinForms app that we force our users to log into using their network credentials (via LDAP and ADS). The app allows access to a lot of sensitive information so want to automatically log the user out after a certain time of being inactive (just like you can do on a web form) and then make them log in again to continue - so my question what is the best method in .Net 2.0 for doing this? I looked in System.Security but I can't find anything obvious there and a google didn't turn up anything useful either. I hoped I could test some sort of Form.IsAuthenticated proeprty as in a web app but this does not appear to be the case. (BTW, we don't want to quit the application when a user times out - rather, we'll just set the entire form to be disabled until they log in again.) Currently what I've done is added a timer to the form and when the user logs in I set the timer's Interval to the number of milliseconds (from the app.config file) that they are allowed to remain logged in when inactive and then call timer.Start(). The problem with this method is reliably resetting the session (by stopping and re-starting the timer) when they do some action (such as clicking a button or entering text etc) - I tried catching Form events such as MouseDown, MouseClick and a few others but if the user clicks a control (eg: a label, textbox, button etc) and not directly on the form's surface itself these events don't get fired which can lead to users getting logged out even when they're using the app... which is clearly not the desired result! So can anyone tell me the best way to go about doing this using .Net's security model instead of the above method? TIA for any help/advice... Mike -- modified at 17:40 Tuesday 12th December, 2006
-
We have a Vb.Net 2.0 WinForms app that we force our users to log into using their network credentials (via LDAP and ADS). The app allows access to a lot of sensitive information so want to automatically log the user out after a certain time of being inactive (just like you can do on a web form) and then make them log in again to continue - so my question what is the best method in .Net 2.0 for doing this? I looked in System.Security but I can't find anything obvious there and a google didn't turn up anything useful either. I hoped I could test some sort of Form.IsAuthenticated proeprty as in a web app but this does not appear to be the case. (BTW, we don't want to quit the application when a user times out - rather, we'll just set the entire form to be disabled until they log in again.) Currently what I've done is added a timer to the form and when the user logs in I set the timer's Interval to the number of milliseconds (from the app.config file) that they are allowed to remain logged in when inactive and then call timer.Start(). The problem with this method is reliably resetting the session (by stopping and re-starting the timer) when they do some action (such as clicking a button or entering text etc) - I tried catching Form events such as MouseDown, MouseClick and a few others but if the user clicks a control (eg: a label, textbox, button etc) and not directly on the form's surface itself these events don't get fired which can lead to users getting logged out even when they're using the app... which is clearly not the desired result! So can anyone tell me the best way to go about doing this using .Net's security model instead of the above method? TIA for any help/advice... Mike -- modified at 17:40 Tuesday 12th December, 2006
Use Microsoft UI Application Block which allows to maintian session state in Win Form also and same session can be used for web form.
-
Use Microsoft UI Application Block which allows to maintian session state in Win Form also and same session can be used for web form.