Develop Reference

Authentication expires in ASP.NET MVC

I want to log a user into an ASP.NET MVC site, and the session expires abnormally quickly, in minutes. I want the session to hold for days instead. Authentication is done using System.Web.Security:
FormsAuthentication.Authenticate(username, password);
My web.config looks like this:
<system.web>
<customErrors mode="Off" />
<httpRuntime targetFramework="4.5" />
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="86400"
slidingExpiration="true"
defaultUrl="Day/ListDays"
path="/"
protection="All"
requireSSL="false"
cookieless="UseDeviceProfile"
domain=""
enableCrossAppRedirects="false">
<credentials passwordFormat="Clear">
<user name="user" password="-" />
</credentials>
</forms>
</authentication>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>

Custom Session not expiring in asp.net MVC

I am using custom session mode in asp.net MVC and set the timeout to 2 minutes. But after 2 minutes session is not expiring ?
<sessionState timeout="10" mode="Custom" customProvider="DynamoDBSessionStoreProvider" cookieless="false" regenerateExpiredSessionId="true">
<providers>
<add name="DynamoDBSessionStoreProvider" type="Amazon.SessionProvider.DynamoDBSessionStateStore" Region="us-west-2" Application="--" Table="ASP.NET_SessionState" ReadCapacityUnits="3" WriteCapacityUnits="1" CreateIfNotExist="true" AWSAccessKey="--" AWSSecretKey="--" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/Home" timeout="10" slidingExpiration="false" />
</authentication>

Element authentication does not contain element credentials

Now I read a book "ASP.NET MVC5" by Freeman and I try to create authentification window. But I've changed file Web.config like in the book and have error.
<system.web>
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
<credentials passwordFormat="Clear"> <!-- Error -->
<user name="admin" password="secret" />
</credentials>
</authentication>
</system.web>
Error: authentication does not contain element credentials.

Your credentials element should be within your forms element. Something like:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880">
<credentials passwordFormat="Clear"> <!-- Error -->
<user name="admin" password="secret" />
</credentials>
</forms>
</authentication>als>

Web Configuration file in a sub directory gives error

I am using VS 2012 , I want to implement folder level user authentication and authorization, i have following folder/files structure.
Following is Admin -> Web.congfig file.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
</authentication>
</system.web>
<location path="~/Admin/Admin.aspx"></location>
<system.web>
<authorization>
<deny users="*"/>
<allow users="Admin"/>
</authorization>
</system.web>
</configuration>
When i compile the application it gives me the following error message.
Error: 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. E:\Kjan\Reports\Admin\Web.config 5

You can not use
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="30" defaultUrl="~/default.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Admin" password="abc"/>
</credentials>
</forms>
In you inner web.config file.
Use this on root folder and <user name="Admin" password="abc"/> in your inner web.config file.
Some useful links
Multiple/Different authentication settings in web.config
If you are woking on different Areas then MVC
Different authentication mode for different areas

try this
select Menu Build->Configuration Manager select Build checkbox

ASP .NET MVC 3. Session expired too quickly

I have a page (View), which sends AJAX queries in some intervals. User can work with this page very long time. But session expired in about 40-60 minutes. So AJAX-requests don't return usefull information.
My Web.config
<system.web>
<sessionState
timeout="259200"
cookieName="SunTest.SessionId"
regenerateExpiredSessionId="true"
sqlCommandTimeout="200"
stateNetworkTimeout="200">
</sessionState>
<roleManager enabled="true" defaultProvider="SqlProvider" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="259200" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="/" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~" timeout="259200" protection="All" />
</authentication>
I've changed my web.config
<appSettings>
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
</appSettings>
<system.web>
<sessionState
mode="SQLServer"
allowCustomSqlDatabase="true"
sqlConnectionString="Data Source=servername;Initial Catalog=dbname;User ID=username;Password=password"
timeout="259200"
cookieName="SunTest.SessionId"
regenerateExpiredSessionId="true"
sqlCommandTimeout="200"
stateNetworkTimeout="200">
</sessionState>
<roleManager createPersistentCookie="true" enabled="true" defaultProvider="SqlProvider" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="259200" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="/" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms domain="help2b-2.hosting.parking.ru" name="ASPXFORMSAUTH" path="/" loginUrl="~" slidingExpiration="true" cookieless="UseCookies" timeout="259200" requireSSL="false" />
</authentication>
It makes these cookies:
So, there are 3 cookies:
SunTest.SessionId. 301 byte. Expires - Session.
ASPXFORMSAUTH. 301 byte. Expires - Session.
.ASPROLES. 565 byte. Expires - Tue, 10 Jul 2012 04:14:48 GMT
But after several minutes (something about 30-40), it deletes the .ASPROLES cookie. The user is signed out. So, AJAX queries don't work.
What is wrong with this config?

Are all your users losing session state at the same time? If so, your app pool could be recycling. There are several reasons why this can happen.
I would recommend you consider setting up your user session management so that it is able to survive application and session restarts. Here are some options.

Had the same problem, added the below two appSettings:
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
My Forms:
<forms name="ASPXFORMSAUTH" path="/" domain="something.com" loginUrl="~/Account/LogOn" cookieless="UseCookies" slidingExpiration="true" timeout="1441" requireSSL="false" />
works well now!

A lot of the stated goals of MVC were to move to a stateless model - how much application change can you make to move to a stateless model? If you were to add some identifying information to your ajax calls and make them stateless, using session state wouldn't be a dependency (over simplified, of course - I have no idea what your app is doing).
How are you creating your form tag?

Are you using IIS 7?
In case take a look at:
Application pool’s Idle Time-out(minutes)
Session state – State server’s Time-out (seconds)