I have a page (View), which sends AJAX queries in some intervals. User can work with this page very long time. But session expired in about 40-60 minutes. So AJAX-requests don't return usefull information.
My Web.config
<system.web>
<sessionState
timeout="259200"
cookieName="SunTest.SessionId"
regenerateExpiredSessionId="true"
sqlCommandTimeout="200"
stateNetworkTimeout="200">
</sessionState>
<roleManager enabled="true" defaultProvider="SqlProvider" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="259200" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="/" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~" timeout="259200" protection="All" />
</authentication>
I've changed my web.config
<appSettings>
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
</appSettings>
<system.web>
<sessionState
mode="SQLServer"
allowCustomSqlDatabase="true"
sqlConnectionString="Data Source=servername;Initial Catalog=dbname;User ID=username;Password=password"
timeout="259200"
cookieName="SunTest.SessionId"
regenerateExpiredSessionId="true"
sqlCommandTimeout="200"
stateNetworkTimeout="200">
</sessionState>
<roleManager createPersistentCookie="true" enabled="true" defaultProvider="SqlProvider" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="259200" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="/" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms domain="help2b-2.hosting.parking.ru" name="ASPXFORMSAUTH" path="/" loginUrl="~" slidingExpiration="true" cookieless="UseCookies" timeout="259200" requireSSL="false" />
</authentication>
It makes these cookies:
So, there are 3 cookies:
SunTest.SessionId. 301 byte. Expires - Session.
ASPXFORMSAUTH. 301 byte. Expires - Session.
.ASPROLES. 565 byte. Expires - Tue, 10 Jul 2012 04:14:48 GMT
But after several minutes (something about 30-40), it deletes the .ASPROLES cookie. The user is signed out. So, AJAX queries don't work.
What is wrong with this config?
Are all your users losing session state at the same time? If so, your app pool could be recycling. There are several reasons why this can happen.
I would recommend you consider setting up your user session management so that it is able to survive application and session restarts. Here are some options.
Had the same problem, added the below two appSettings:
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
My Forms:
<forms name="ASPXFORMSAUTH" path="/" domain="something.com" loginUrl="~/Account/LogOn" cookieless="UseCookies" slidingExpiration="true" timeout="1441" requireSSL="false" />
works well now!
A lot of the stated goals of MVC were to move to a stateless model - how much application change can you make to move to a stateless model? If you were to add some identifying information to your ajax calls and make them stateless, using session state wouldn't be a dependency (over simplified, of course - I have no idea what your app is doing).
How are you creating your form tag?
Are you using IIS 7?
In case take a look at:
Application pool’s Idle Time-out(minutes)
Session state – State server’s Time-out (seconds)
Related
I am using custom session mode in asp.net MVC and set the timeout to 2 minutes. But after 2 minutes session is not expiring ?
<sessionState timeout="10" mode="Custom" customProvider="DynamoDBSessionStoreProvider" cookieless="false" regenerateExpiredSessionId="true">
<providers>
<add name="DynamoDBSessionStoreProvider" type="Amazon.SessionProvider.DynamoDBSessionStateStore" Region="us-west-2" Application="--" Table="ASP.NET_SessionState" ReadCapacityUnits="3" WriteCapacityUnits="1" CreateIfNotExist="true" AWSAccessKey="--" AWSSecretKey="--" />
</providers>
</sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/Home" timeout="10" slidingExpiration="false" />
</authentication>
When I login to my webform in my production environment ( IIS 7.5 + SQL Server 2008), my session expires after just a few couple of seconds (less than 1 minute).
But when I do the same in my dev environment (ASP.Net Development Server + SQL Server 2008) the session is persistant long enough... (several minutes).
I use the ASP.Net membership technology with Forms authentication mode and try to use Cookies.
It look like something on the server is overriding my parameters, but I don't have access to the production IIS configuration (I subscribed to a shared hosting)
Here are my web.config parmeters:
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Pages/Front/Login.aspx"
protection="All"
timeout="900"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="~/Pages/Front"
cookieless="UseCookies"
name="MySite" />
</authentication>
<membership defaultProvider="AspNetSqlMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="XXX"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="/"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<roleManager enabled="true"
cookieName="booble.com"
cookieProtection="All"
cookieSlidingExpiration="true"
cookieTimeout="90"
createPersistentCookie="true"
cookieRequireSSL="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="XXX" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
<sessionState timeout="90" />
<customErrors defaultRedirect="Error.aspx" mode="On" redirectMode="ResponseRewrite" >
<error statusCode="404" redirect="Error404.aspx"/>
</customErrors>
<!-- needed because of my Provider-->
<pages enableViewStateMac="false" />
<siteMap enabled="true" defaultProvider="AspNetXmlSiteMapProvider">
<providers>
<clear />
<add siteMapFile="Web.sitemap" name="AspNetXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web>
Thanks a LOT in advance for your answers !
The problem was coming from my shared hosting provider, I contacted them in their help forum and on of their admin "changed" something on server-side, and now it works... they didn't want to tell me what they have modified.
FYI my shared hosting provider is named OVH.com, so if you have a session timeout problem (expiring every 30 sec to 1 min), even if you have configured your web.config correctly (to be sure,I even put my sessionState mode="SQLServer") , just contact them and they will do the necessary.
I'll post here if I get an explanation, thanks for your readings
Check if your session timeout is being set through code too.
<sessionState timeout="90" />
and
cookieTimeout="90"
Should have worked fine. Development servers are very forgiving about session timeouts.
Developement server doesn't represent a proper IIS 7 environment
This provides a convenient way to test your ASP.NET application
without IIS 7 - however, we recommend that you configure
Visual Studio to test your application by using the IIS 7 environment.
The reasons for this are: The ASP.NET Development Server does not
support hosting ASP.NET applications in Integrated mode, which is the
default mode of operation used by IIS 7. This may introduce
differences in application behavior.
Refer here
hello i found an error when i am working with the asp.net web administration tool security tab....and i am using the sqlProvider as the default provider.
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: An error occurred while attempting to initialize a System.Data.SqlClient.SqlConnection object. The value that was provided for the connection string may be wrong, or it may contain an invalid syntax. Parameter name: connectionString
Do you have a <connectionStrings /> element in your web.config file? You need this to be able to connect to your MembershipProvider and RoleProvider.
Here are the necessary elements you'll need to utilize the SqlMembershipProvider and the SqlRoleProvider.
Notice that there are the following sections:
<connectionStrings />
<membership /> (in the <system.web /> section)
<roleManager /> (in the <system.web /> section)
web.config
<configuration>
<connectionStrings>
<add name="YourConnectionString"
providerName="System.Data.SqlClient"
connectionString="data source=YOURSERVER;
initial catalog=YOURDB;user id=YOURINSTANCELOGIN;password=YOURPASSWORD;"/>
</connectionStrings>
<system.web>
<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="YourConnectionString"
applicationName="YourApplicationName"/>
</providers>
</membership>
<roleManager
enabled="true"
defaultProvider="AspNetSqlRoleProvider">
<providers>
<clear />
<add
connectionStringName="YourConnectionString"
applicationName="YourApplicationName"
name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
</system.web>
</configuration>
I have my config setup like below:
<configuration>
<connectionStrings>
<add name="ADConnectionString" connectionString="LDAP://myldap/CN=Users,DC=nevco,DC=local"/>
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="10" loginUrl="Login.aspx" defaultUrl="Default.aspx" />
</authentication>
<membership defaultProvider="DomainLoginMembershipProvider">
<providers>
<clear/>
<add name="DomainLoginMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
</system.web>
</configuration>
I can attempt to log on but every time it says I am using the incorrect username/password. Does it look like I am doing anything wrong above? Is there any way for me to find more information on why it's not finding my username/pass?
UPDATE:
Do I need to provide a Username and Password in my membership/providers section?
Ok, I ended up using an LDAP browser to examine the structure. After a little fudging around I changed my LDAP url to this:
LDAP://myldap/DC=nevco,DC=local
And it started working. Hope this helps someone!
Why make the user login in at all?
Try this provider
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
you can then do something to see if they are authorized Roles.
Roles.IsUserInRole("someGroupInAd")
Your web site would have to be setup with Integrated Windows Authentication in IIS
how can I add default users in my web.config to test my asp: login control
Thanx
I was wrong wrong wrong in my initial answer. You can set default users in Web.config if you do some simple authentication by yourself, but it doesn't seem to work when you are using the Login control.
I did some research, and it seems that, if you use the Login control, you can't set default users in Web.config and you have no way but setting a provider (as in a database) to store users credentials.
You can follow this tutorial from MSDN to configure what database to use:
Configuring an ASP.NET Application to Use Membership
The Web.config stuff:
<configuration>
<connectionStrings>
<add name="MySqlConnection" connectionString="Data
Source=MySqlServer;Initial Catalog=aspnetdb;Integrated
Security=SSPI;" />
</connectionStrings>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx"
name=".ASPXFORMSAUTH" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
</system.web>
</configuration>