I have to show a confirmation box just before 5 minutes of expiry time of the oAuth token by asking 'Your session will expire in 5 minutes. Do you want to continue? '. If the user clicks on 'Yes', I have to update the access token by sending a request with a refresh token and the user should be able to continue using the app. If user clicks on 'No' , the user has to logout.
To achieve this, I have tried the following. On the master page, set an UpdatePanel for confirmation box with a timer. The interval of timer is set as token expiry time - 5 minutes.
Now the confirmation box will come within the expected time unless the user is not doing anything with the webpage.
But the confirmation box will not come if the user is doing anything with the webpage like redirecting or doing any form filling in the app.
What is the best way to achieve this? Can I done this timer checking as a background task of the application irrespective of webpages?
protected void Page_Load(object sender, EventArgs e)
{
refreshTimer.Interval = obj.login_token_expires_in - (5 * 60 * 1000);//should show alert 5 minutes before token expired time
}
protected void Timer1_Tick(object sender, EventArgs e)
{
mp1.Show();
}
protected void btn_token_yes_Click(object sender, EventArgs e)
{
mp1.Hide();
bool accessToken = GetLoginTokenWithRefreshToken(obj_erms_GlobalVariables.login_user_id, obj_erms_GlobalVariables.login_refresh_token);
if (!accessToken)
{
imgbtnLogout_Click(null, new ImageClickEventArgs(0, 0));
}
}
protected void btn_token_no_Click(object sender, EventArgs e)
{
mp1.Hide();
imgbtnLogout_Click(null, new ImageClickEventArgs(0, 0));
}
private bool GetLoginTokenWithRefreshToken(string username, string refresh_token)
{
bool status = false;
string log_data = string.Empty;
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(erms_GlobalVariables.WebAPITokenURI);
HttpResponseMessage response =
client.PostAsync("erms_token", new StringContent(string.Format("grant_type=refresh_token&username={0}&refresh_token={1}",
HttpUtility.UrlEncode(username), HttpUtility.UrlEncode(refresh_token)), Encoding.UTF8, "application/x-www-form-urlencoded")).Result;
if (response.IsSuccessStatusCode)
{
string resultJSON = response.Content.ReadAsStringAsync().Result;
eToken result = JsonConvert.DeserializeObject<eR_Token>(resultJSON);
obj = result.access_token;
obj.login_refresh_token = result.refresh_token;
obj.login_token_expires_in = Convert.ToInt32(result.expires_in * 1000);//seconds to millisec
Session["login_token"] = result.access_token;
refreshTimer.Interval = obj_erms_GlobalVariables.login_token_expires_in - (5 * 60 * 1000);//should show alert 5 minutes before token expired time
status = true;
}
else
{
status = false;
}
return status;
}
<asp:ScriptManager runat="server" ID="ScriptManager1"></asp:ScriptManager>
<asp:Button ID="btnConfirmedTokenRefresh" runat="server" Style="display: none" />
<cc1:modalpopupextender id="mp1" runat="server" popupcontrolid="Panl1addtask" targetcontrolid="btnConfirmedTokenRefresh"
backgroundcssclass="modalBackground">
</cc1:modalpopupextender>
<asp:Panel ID="Panl1addtask" runat="server" align="center"
Style="display: none;">
<asp:UpdatePanel ID="UpdatePanel3" runat="server">
<ContentTemplate>
<asp:Timer ID="refreshTimer" runat="server"
OnTick="Timer1_Tick">
</asp:Timer>
<table class="lightbox_table" style="height: 200px; width: 500px">
<tr>
<td align="center">Your session will be expire in 5 minutes.
<br />
Do you want to continue?
</td>
</tr>
<tr>
<td colspan="3" align="center">
<asp:Button ID="btn_token_yes" runat="server" CausesValidation="true" ValidationGroup="valGroup2" OnClick="btn_token_yes_Click" class="button_orange_medium" Text="Yes" />
<asp:Button ID="btn_token_no" runat="server" OnClick="btn_token_no_Click" Text="No" class="button_orange_medium" />
</td>
</tr>
</table>
</ContentTemplate>
<Triggers>
<asp:AsyncPostBackTrigger ControlID="refreshTimer" EventName="Tick" />
</Triggers>
</asp:UpdatePanel>
</asp:Panel>
