We are seeking immediate help from a Website Security Expert to help resolve issues with Windows Authentication and help design the overall website security scheme.
The website development involves the following components:
Dedicated Windows 2003 Server
Microsoft Visual Studio 2003 version [url removed, login to view]
Microsoft Visual [url removed, login to view] [url removed, login to view] SP1
mySQL connector 1.0.4
The website is designed using aspx pages to provide a secure repository for documents which can be searched only after the user has complete a secure login procedure using a User Name and Password. The search features are working and need to be protected from access through bookmarked pages and all other attempts to bypass the login process.
One of the problems we are having is in allowing users to login and then close the browser window, open a new browser window and login again. The first set of session variables have not been released from memory for that user.
We would like to prevent two users from logging in on different computers at the same time using the same User Name and Password. The second login should see a message explaining that the User is already logged in. But, if it is the same person logging in again because they accidentally closed their browser window, they should be allowed to login. Also, the user should be logged out after 20 minutes of inactivity and then redirected to the Login page if they attempt to continue on a secure page, and then return to that secure page after login.
You should be able to use Windows XP Assist and accept an Assist invitation to view my development PC and work with me live to explain the issues and solutions. I will need your assistance in completing a clear diagram of the security scheme so that I understand all stages of the User Login/Logout process and the correct server configuration.