I want to log a user into an ASP.NET MVC site, and the session expires abnormally quickly, in minutes. I want the session to hold for days instead. Authentication is done using System.Web.Security:
FormsAuthentication.Authenticate(username, password);
My web.config looks like this:
<system.web>
<customErrors mode="Off" />
<httpRuntime targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="86400"
slidingExpiration="true"
defaultUrl="Day/ListDays"
path="/"
protection="All"
requireSSL="false"
cookieless="UseDeviceProfile"
domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="Clear">
<user name="user" password="-" />
</credentials>
</forms>
</authentication>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>
Related
My asp.net webform application is deployed and hosted in IIS.
I set 120 for the timeout of session state in Web.config.
According to the document, the timeout is in minutes, but the session actually is timeout in 120 seconds. I did not understand this behavior. Do you konw the reason?
<system.web>
<compilation defaultLanguage="c#" debug="true" targetFramework="4.5.2"/>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="xxx" loginUrl="Error.aspx" protection="All" timeout="240"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc" cookieless="false" timeout="120"/>
<globalization requestEncoding="Shift_JIS" responseEncoding="Shift_JIS" fileEncoding="Shift_JIS"/>
<httpRuntime maxRequestLength="1048576" executionTimeout="1800"/>
<xhtmlConformance mode="Legacy"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
I have been able to do this transition for the session cookie but not for the login cookie
and I have the following web.config
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
if I change cookieSameSite="None" to cookieSameSite="Lax" or strict. I can see that the change takes place, but it seems to still have the old behavior of not emiting the samesite value when set to None
I'm using .net framework 4.7.2 and have installed the server update that allowed me to do the session with samesite=none
turn out I was missing sameSite="None" <httpCookies
so now I have : <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
I have this in my web.config:
...
<system.web>
<sessionState mode="InProc" timeout="30" cookieless="UseCookies" />
<authentication mode="Form">
<forms loginUrl="http://myurl" path="/" cookieless="UseCookies" slidingExpiration="true" requireSSL="true" />
</authentication>
...
How can I get the value of loginurl at runtime?
System.Web.Security.FormsAuthentication.LoginUrl
Gets the URL for the login page that the FormsAuthentication class
will redirect to.
Details at MSDN.
I am using custom session mode in asp.net MVC and set the timeout to 2 minutes. But after 2 minutes session is not expiring ?
<sessionState timeout="10" mode="Custom" customProvider="DynamoDBSessionStoreProvider" cookieless="false" regenerateExpiredSessionId="true">
<providers>
<add name="DynamoDBSessionStoreProvider" type="Amazon.SessionProvider.DynamoDBSessionStateStore" Region="us-west-2" Application="--" Table="ASP.NET_SessionState" ReadCapacityUnits="3" WriteCapacityUnits="1" CreateIfNotExist="true" AWSAccessKey="--" AWSSecretKey="--" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/Home" timeout="10" slidingExpiration="false" />
</authentication>
Now I read a book "ASP.NET MVC5" by Freeman and I try to create authentification window. But I've changed file Web.config like in the book and have error.
<system.web>
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
<credentials passwordFormat="Clear"> <!-- Error -->
<user name="admin" password="secret" />
</credentials>
</authentication>
</system.web>
Error: authentication does not contain element credentials.
Your credentials element should be within your forms element. Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880">
<credentials passwordFormat="Clear"> <!-- Error -->
<user name="admin" password="secret" />
</credentials>
</forms>
</authentication>als>