Ask a Question related to ASP.NET Security, Design and Development.
-
tparks69 #1
forms authentication ticket expiration problem
I have set up forms based authentication according to the KB article
([url]http://support.microsoft.com/kb/308157/EN-US/[/url]) using the
FormsAuthenticationTicket based method. I have the timeout parameter set to
"2" in web.config, and also in the code that creates the ticket. When I
refresh default.aspx after waiting 2 minutes, I should get bounced back to
loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:
From web.config:
*************
<authentication mode="Forms">
<forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
protection="All" timeout="2"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
*************
From loginform.aspx:
****************
tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
custom data")
cookiestr = FormsAuthentication.Encrypt(tkt)
ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
cookiestr)
If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
ck.Path = FormsAuthentication.FormsCookiePath()
Response.Cookies.Add(ck)
***************
Any suggestions greatly appreciated.
Tom
tparks69 Guest
-
Forms Authentication Ticket isn't destroyed when logging out
I am using forms authentication on my web application which requires users to log in to add content on their website. Upon loggin out, i used the... -
Basic Forms Authentication Expiration ?
Yes. When the user is authenticated with FormsAuthentcation.RedirectFromLoginPage or with FormsAuthentication.SetAuthCookie, pass false to the... -
Forms Authentication Ticket Reissue
When using Forms Authentication with the SlidingExpiration attribute set to 'true', the authentication ticket is reissued sometime after half of... -
forms based authentication - ticket not expiring
I have set up forms based authentication according to the KB article (http://support.microsoft.com/kb/308157/EN-US/) using the... -
Authentication ticket, cookieless, forms authentication?
Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the... -
PL #2 Re: forms authentication ticket expiration problem
Try setting slidingExpiration="false" in the <forms ..>
PL.
"tparks69" <tparks69@discussions.microsoft.com> skrev i meddelandet news:93AF4BEE-A9DE-4353-BF9A-51324665F9F4@microsoft.com...>I have set up forms based authentication according to the KB article
> ([url]http://support.microsoft.com/kb/308157/EN-US/[/url]) using the
> FormsAuthenticationTicket based method. I have the timeout parameter set to
> "2" in web.config, and also in the code that creates the ticket. When I
> refresh default.aspx after waiting 2 minutes, I should get bounced back to
> loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:
>
> From web.config:
> *************
> <authentication mode="Forms">
> <forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
> protection="All" timeout="2"></forms>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
>
> *************
>
> From loginform.aspx:
> ****************
> tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
> DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
> custom data")
> cookiestr = FormsAuthentication.Encrypt(tkt)
> ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
> cookiestr)
> If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
> ck.Path = FormsAuthentication.FormsCookiePath()
> Response.Cookies.Add(ck)
> ***************
>
> Any suggestions greatly appreciated.
>
> Tom
PL Guest
-
tparks69 #3 Re: forms authentication ticket expiration problem
That seems to have done it. Thanks!
"PL" wrote:
>
>
> Try setting slidingExpiration="false" in the <forms ..>
>
> PL.
>
>
> "tparks69" <tparks69@discussions.microsoft.com> skrev i meddelandet news:93AF4BEE-A9DE-4353-BF9A-51324665F9F4@microsoft.com...>> >I have set up forms based authentication according to the KB article
> > ([url]http://support.microsoft.com/kb/308157/EN-US/[/url]) using the
> > FormsAuthenticationTicket based method. I have the timeout parameter set to
> > "2" in web.config, and also in the code that creates the ticket. When I
> > refresh default.aspx after waiting 2 minutes, I should get bounced back to
> > loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:
> >
> > From web.config:
> > *************
> > <authentication mode="Forms">
> > <forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
> > protection="All" timeout="2"></forms>
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > </authorization>
> >
> > *************
> >
> > From loginform.aspx:
> > ****************
> > tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
> > DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
> > custom data")
> > cookiestr = FormsAuthentication.Encrypt(tkt)
> > ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
> > cookiestr)
> > If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
> > ck.Path = FormsAuthentication.FormsCookiePath()
> > Response.Cookies.Add(ck)
> > ***************
> >
> > Any suggestions greatly appreciated.
> >
> > Tom
>
>tparks69 Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
