We use callbacks all over the place in our asp.net applications. Because of
various security and technical concerns we also use forms authentication by
default. Well this creates a problem when the forms authentication ticket
expires. In the traditional model using postbacks when the authentication
ticket expires you are redirected to the login page however when a callback
occurs there is no action by default. After discovering this I began
googling for information and found this blog post
http://blogs.msdn.com/irenak/archive/2007/03/12/sysk-304-how-to-detect-and-handle-form-based-authentication-timeout-during-asp-net-script-callback.aspx.
Admittedly it is a little hacky but I think it works well for our purpose.
Read the article, but the jist is this:
Micorsofts callback javascript handler expects a response that either begins
with an 's' for success or 'e' for error. The authentication failure does
not return either of these
To get around you add a handler for the Application_AuthenticateRequest
event in the global.asax. In the handler, write a message to the response
the begins with an 'e' then you can redirect to the login page from within
the the Callback error javascript.