my site (ASP.NET webForm ) log out with out user request , user forced to login page and interrupt his work ? please advice ...
this line from my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880" />
</authentication>
Try increasing the Session timeout value, by default this is 30 minutes.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="3000" />
</system.web>
Related
I have this in my web.config:
...
<system.web>
<sessionState mode="InProc" timeout="30" cookieless="UseCookies" />
<authentication mode="Form">
<forms loginUrl="http://myurl" path="/" cookieless="UseCookies" slidingExpiration="true" requireSSL="true" />
</authentication>
...
How can I get the value of loginurl at runtime?
System.Web.Security.FormsAuthentication.LoginUrl
Gets the URL for the login page that the FormsAuthentication class
will redirect to.
Details at MSDN.
I have two applications in the same domain: mydomain/app1 and mydomain/app2, and I need to share authentication between them. One app is in Asp.Net WebForms, and the second is using WebApi2.
I configured web.config like below:
App1:
<authentication mode="Forms">
<forms loginUrl="/Login.aspx" defaultUrl="/Default.aspx" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
App2:
<authentication mode="Forms">
<forms loginUrl="/index.html" defaultUrl="/index.html" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="mydomain" requireSSL="false" timeout="60" enableCrossAppRedirects="false">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*"/>
</authorization>
<machineKey validationKey="generated key1" decryptionKey="generated key2" validation="SHA1"/>
I am signing into app1 and observe the cookie content.
Then I am requesting an URL from app2 in another browser tab. The cookie (name and content) in the second tab is the same as in the first one.
I expect that the request from the second tab to be authenticated by the app2 since the cookie is already authenticated by the app1.
Yet, this is not happening, and I am redirected to the login page of app2.
As suggested by the OP, here is the answer that works in that case.
They've changed the cookie encryption between 4 and 4.5. You can either make both running under the same .net or turn on the compatibility on the 4.5 site by adding an attribute to your machine key config node.
https://social.microsoft.com/Forums/en-US/1791c5e3-4087-4e92-a460-51c5c4221f49/any-forms-auth-changes-in-45?forum=Offtopic
I have two web applications on old server with IIS 6 with SSO and it works perfect. Now I have new server with IIS 7 and after migration web applications SSO stopped working - when I try go to second application Login page is shown again...
Can somebody tell me what i doing wrong or what I don't know?
here is first web.config
<authentication mode="Forms">
<forms loginUrl="LoginR.aspx" timeout="20" />
</authentication>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validation="SHA1" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
and second web.config
<authentication mode="Forms">
<forms loginUrl="Http://NEWServerName/FirstAppName/LoginR.aspx" timeout="20" protection="All" path="/" domain="XXX" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<machineKey decryption="AES" decryptionKey="6A6F8E0BCFF28507DDF6316D4BE0CB2AEA85501D0BED1282" validationKey="01D0AECBA272DA4662076316AF00F9F2C8F07E12349D1725587612769C9A7B8048AD26BC2298AB2A0D18D2CAF2FC22762E1A3737CFA7EE0E46771DDAAE5B6E1C" />
Set application pools to integrated mode.
I wanted to make my login as the default page before the user accesses the home page. This is my code.
<system.webServer>
<defaultDocument>
<files>
<clear/>
<add value="Login.aspx"/>
</files>
</defaultDocument>
</system.webServer>
Thanks! :)
just Right click on that page and click on set as start up page.
What you need to do is first establish the authorization and authentication mechanism. You can use FormsAuthentication and configure the settings in a web.config file. For example, to enable forms authentication you would set the following value in the config file:
<authentication mode="Forms">
<forms
name=".ASPXAUTH"
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile" domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="SHA1" />
</forms>
<passport redirectUrl="internal" />
</authentication>
Here you can see that loginUrl is set to login.aspx. This way, if a user is not authenticated, he or she will be redirected to login.aspx
This is much better approach than establishing your own logic for redirection to login or setting login.aspx as a start page.
I am trying to set the timeout parameter of session state but it doesnt time out.
<sessionState mode="InProc" timeout="1"></sessionState>
I am refreshing the page after 1 minute and I still the session state value.
Why?
Use this way (if in case you are using FA as well)
<system.web>
<authentication mode="Forms">
<forms timeout="1"/>
</authentication>
<sessionState timeout="1" />
</system.web>
<system.web>
<authentication mode="Forms">
<forms timeout="1"/>
</authentication>
<sessionState timeout="1" />
</system.web>
you welcome
The MSDN says it shouldn't be lower then 4 minutes. Refer to the following it might help:
http://justgeeks.blogspot.com/2008/07/aspnet-session-timeouts.html