Ask a Question related to ASP.NET Security, Design and Development.
-
Alessandro Zucchi #1
problem with slidingExpiration
Hi all,
I'm trying to use Forms authentication with slidingExpiration option set to
true since I want permit users to stay logged in when they use the web
application. Only idle timeout must logged out the users.
************************************************** *********
Follow the code:
string CF="ZCCLSN70R21C816A";
int expiration=2;
DateTime dt= DateTime.Now;
DateTime dte=dt.AddMinutes(expiration);
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
expiration);
//cripto l'authentication ticket
string cookiestr = FormsAuthentication.Encrypt(tkt);
//creo il cookie
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
cookiestr);
//aggiungo il cookie
//ck.Expires=tkt.Expiration;
Response.Cookies.Set(ck);
***********************************************
Follow Web.config
<!--Pagina di login-->
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="miocook" protection="All" path="./"
timeout="2" slidingExpiration="true" />
</authentication>
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="30"
/>
************************************************** ********
The problem is that after 2 minutes, also if I use the application, the
cookie expire.
It look to me that the flag slidingExpiration has no effect.
Anyone can help me ?
By
Alessandro Zucchi Guest
-
contribute problem - access denied file may not existpermission problem
Recieving the following error message - "access denied file may not exist , or there could be a permission problem" this happened this morning ,... -
slidingExpiration broken
In my app root web.config I have <authentication mode="Forms"> <forms name="UH" timeout ="4" slidingExpiration="true" loginUrl="/default.aspx"... -
Problem playing Quicktime thru .DCR embedded in HTML - pathreferencing problem?
Greetings earthlings and Director heads. Here's the problem: created an HTML file containing shockwave (dcr) movie that calls quicktime movies in... -
Uploading problem = weird warning (was: access denied problem.....)
Hi, I had a problem where my upload form was not working on our production server but was working on two other servers, after checking the... -
Problem with Apache Web Server config file and PHP (please give advice on what problem may be me)
HI: Can anyone refer me to someone that can help with the problem below. I installed Apache Web Server on my laptop which has Windows XP. I... -
Hernan de Lahitte #2 Re: problem with slidingExpiration
I think you should use the typical "RedirectFromLoginPage()" so you allow
the Forms Auth internal data to initialize appropriately.
For your scenario, this would be something like the sample below:
RedirectFromLoginPage(CF, false)
This may replace all your ticket/cookie stuff and will actually use your
config settings as well.
--
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]
"Alessandro Zucchi" <Alessandro [email]Zucchi@discussions.microsoft.com[/email]> wrote in
message news:0BE0F4EF-37D9-4C8D-AE16-6FC28E819C3C@microsoft.com...> Hi all,
> I'm trying to use Forms authentication with slidingExpiration option set
> to
> true since I want permit users to stay logged in when they use the web
> application. Only idle timeout must logged out the users.
>
> ************************************************** *********
> Follow the code:
>
> string CF="ZCCLSN70R21C816A";
> int expiration=2;
> DateTime dt= DateTime.Now;
> DateTime dte=dt.AddMinutes(expiration);
> FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
> expiration);
>
> //cripto l'authentication ticket
> string cookiestr = FormsAuthentication.Encrypt(tkt);
> //creo il cookie
> HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
> cookiestr);
> //aggiungo il cookie
> //ck.Expires=tkt.Expiration;
> Response.Cookies.Set(ck);
>
> ***********************************************
> Follow Web.config
> <!--Pagina di login-->
> <authentication mode="Forms">
> <forms loginUrl="login.aspx" name="miocook" protection="All" path="./"
> timeout="2" slidingExpiration="true" />
> </authentication>
>
> <authorization>
> <deny users ="?" />
> <allow users = "*" />
> </authorization>
>
> <sessionState
> mode="StateServer"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes"
> cookieless="false"
> timeout="30"
> />
> ************************************************** ********
> The problem is that after 2 minutes, also if I use the application, the
> cookie expire.
> It look to me that the flag slidingExpiration has no effect.
>
> Anyone can help me ?
> By
>
Hernan de Lahitte Guest
-
Alessandro Zucchi #3 Re: problem with slidingExpiration
Hi Hernan,
I tried your solution , but doesn't run. Follow the complete code.
************************************************** ******
string CF="ZCCLSN70R21C816A";
FormsAuthentication.Initialize();
Response.Cookies.Clear();
//Creo il ticket
int expiration=2;
DateTime dt= DateTime.Now;
DateTime dte=dt.AddMinutes(expiration);
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
expiration);
//cripto l'authentication ticket
string cookiestr = FormsAuthentication.Encrypt(tkt);
//creo il cookie
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
cookiestr);
//aggiungo il cookie
//ck.Expires=tkt.Expiration; //NON SERVE NEI "NON PERSINSTANCE COOKIES"
Response.Cookies.Set(ck);
//Redirec on protected page
FormsAuthentication.RedirectFromLoginPage(CF, false); // Target on protected
page.
//Response.Redirect("./path/relpath.aspx",true);
************************************************** ********
After 2 minutes the user is logged out also if I use the application
(multiple refresh on protected page).
By
"Hernan de Lahitte" wrote:
> I think you should use the typical "RedirectFromLoginPage()" so you allow
> the Forms Auth internal data to initialize appropriately.
> For your scenario, this would be something like the sample below:
>
> RedirectFromLoginPage(CF, false)
>
> This may replace all your ticket/cookie stuff and will actually use your
> config settings as well.
>
> --
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
>
> "Alessandro Zucchi" <Alessandro [email]Zucchi@discussions.microsoft.com[/email]> wrote in
> message news:0BE0F4EF-37D9-4C8D-AE16-6FC28E819C3C@microsoft.com...>> > Hi all,
> > I'm trying to use Forms authentication with slidingExpiration option set
> > to
> > true since I want permit users to stay logged in when they use the web
> > application. Only idle timeout must logged out the users.
> >
> > ************************************************** *********
> > Follow the code:
> >
> > string CF="ZCCLSN70R21C816A";
> > int expiration=2;
> > DateTime dt= DateTime.Now;
> > DateTime dte=dt.AddMinutes(expiration);
> > FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
> > expiration);
> >
> > //cripto l'authentication ticket
> > string cookiestr = FormsAuthentication.Encrypt(tkt);
> > //creo il cookie
> > HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
> > cookiestr);
> > //aggiungo il cookie
> > //ck.Expires=tkt.Expiration;
> > Response.Cookies.Set(ck);
> >
> > ***********************************************
> > Follow Web.config
> > <!--Pagina di login-->
> > <authentication mode="Forms">
> > <forms loginUrl="login.aspx" name="miocook" protection="All" path="./"
> > timeout="2" slidingExpiration="true" />
> > </authentication>
> >
> > <authorization>
> > <deny users ="?" />
> > <allow users = "*" />
> > </authorization>
> >
> > <sessionState
> > mode="StateServer"
> > stateConnectionString="tcpip=127.0.0.1:42424"
> > sqlConnectionString="data
> > source=127.0.0.1;Trusted_Connection=yes"
> > cookieless="false"
> > timeout="30"
> > />
> > ************************************************** ********
> > The problem is that after 2 minutes, also if I use the application, the
> > cookie expire.
> > It look to me that the flag slidingExpiration has no effect.
> >
> > Anyone can help me ?
> > By
> >
>
>Alessandro Zucchi Guest
-
Hernan de Lahitte #4 Re: problem with slidingExpiration
Check out the path attribute in your config file. It should be "/" (without
dot ".")
On the other hand, if you are using .NET Framework v.1.1 SP2, notice that
the criteria to renew the ticket when slidingExpiration is turned on is
something like this:
If elapsedTime <= TTL / 2 Then renew Otherwise use the current ticket.
In other words, if the elapsed time since ticket creation is greater then
half the ticket timeout (in your scenario would be 1 minute) the the ticket
won't be renewed. Otherwise a new ticket will be granted with a fresh
timeout (2 mins in your case).
Summarizing, if you hit your page after 1 minute, it won't extend your Forms
session lifetime regardless your slidingExpiration setting.
-
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]
"Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
message news:3FE13202-9985-49DA-8EE1-05D0C00CD911@microsoft.com...> Hi Hernan,
>
> I tried your solution , but doesn't run. Follow the complete code.
> ************************************************** ******
> string CF="ZCCLSN70R21C816A";
> FormsAuthentication.Initialize();
> Response.Cookies.Clear();
> //Creo il ticket
> int expiration=2;
> DateTime dt= DateTime.Now;
> DateTime dte=dt.AddMinutes(expiration);
> FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
> expiration);
>
> //cripto l'authentication ticket
> string cookiestr = FormsAuthentication.Encrypt(tkt);
>
> //creo il cookie
> HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
> cookiestr);
> //aggiungo il cookie
> //ck.Expires=tkt.Expiration; //NON SERVE NEI "NON PERSINSTANCE COOKIES"
> Response.Cookies.Set(ck);
>
> //Redirec on protected page
> FormsAuthentication.RedirectFromLoginPage(CF, false); // Target on
> protected
> page.
> //Response.Redirect("./path/relpath.aspx",true);
> ************************************************** ********
> After 2 minutes the user is logged out also if I use the application
> (multiple refresh on protected page).
>
> By
>
>
>
>
> "Hernan de Lahitte" wrote:
>>> I think you should use the typical "RedirectFromLoginPage()" so you
>> allow
>> the Forms Auth internal data to initialize appropriately.
>> For your scenario, this would be something like the sample below:
>>
>> RedirectFromLoginPage(CF, false)
>>
>> This may replace all your ticket/cookie stuff and will actually use your
>> config settings as well.
>>
>> --
>> Hernan de Lahitte
>> [url]http://weblogs.asp.net/hernandl[/url]
>> [url]http://www.lagash.com/english/index.html[/url]
>>
>>
>> "Alessandro Zucchi" <Alessandro [email]Zucchi@discussions.microsoft.com[/email]> wrote
>> in
>> message news:0BE0F4EF-37D9-4C8D-AE16-6FC28E819C3C@microsoft.com...>>>> > Hi all,
>> > I'm trying to use Forms authentication with slidingExpiration option
>> > set
>> > to
>> > true since I want permit users to stay logged in when they use the web
>> > application. Only idle timeout must logged out the users.
>> >
>> > ************************************************** *********
>> > Follow the code:
>> >
>> > string CF="ZCCLSN70R21C816A";
>> > int expiration=2;
>> > DateTime dt= DateTime.Now;
>> > DateTime dte=dt.AddMinutes(expiration);
>> > FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
>> > expiration);
>> >
>> > //cripto l'authentication ticket
>> > string cookiestr = FormsAuthentication.Encrypt(tkt);
>> > //creo il cookie
>> > HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
>> > cookiestr);
>> > //aggiungo il cookie
>> > //ck.Expires=tkt.Expiration;
>> > Response.Cookies.Set(ck);
>> >
>> > ***********************************************
>> > Follow Web.config
>> > <!--Pagina di login-->
>> > <authentication mode="Forms">
>> > <forms loginUrl="login.aspx" name="miocook" protection="All" path="./"
>> > timeout="2" slidingExpiration="true" />
>> > </authentication>
>> >
>> > <authorization>
>> > <deny users ="?" />
>> > <allow users = "*" />
>> > </authorization>
>> >
>> > <sessionState
>> > mode="StateServer"
>> > stateConnectionString="tcpip=127.0.0.1:42424"
>> > sqlConnectionString="data
>> > source=127.0.0.1;Trusted_Connection=yes"
>> > cookieless="false"
>> > timeout="30"
>> > />
>> > ************************************************** ********
>> > The problem is that after 2 minutes, also if I use the application, the
>> > cookie expire.
>> > It look to me that the flag slidingExpiration has no effect.
>> >
>> > Anyone can help me ?
>> > By
>> >
>>
>>
Hernan de Lahitte Guest
-
Alessandro Zucchi #5 Re: problem with slidingExpiration
Thank you.
The problem was "./" instead of "/".
Now all run.
Bye
"Hernan de Lahitte" wrote:
> Check out the path attribute in your config file. It should be "/" (without
> dot ".")
>
> On the other hand, if you are using .NET Framework v.1.1 SP2, notice that
> the criteria to renew the ticket when slidingExpiration is turned on is
> something like this:
>
> If elapsedTime <= TTL / 2 Then renew Otherwise use the current ticket.
>
> In other words, if the elapsed time since ticket creation is greater then
> half the ticket timeout (in your scenario would be 1 minute) the the ticket
> won't be renewed. Otherwise a new ticket will be granted with a fresh
> timeout (2 mins in your case).
> Summarizing, if you hit your page after 1 minute, it won't extend your Forms
> session lifetime regardless your slidingExpiration setting.
>
>
> -
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
>
> "Alessandro Zucchi" <AlessandroZucchi@discussions.microsoft.com> wrote in
> message news:3FE13202-9985-49DA-8EE1-05D0C00CD911@microsoft.com...>> > Hi Hernan,
> >
> > I tried your solution , but doesn't run. Follow the complete code.
> > ************************************************** ******
> > string CF="ZCCLSN70R21C816A";
> > FormsAuthentication.Initialize();
> > Response.Cookies.Clear();
> > //Creo il ticket
> > int expiration=2;
> > DateTime dt= DateTime.Now;
> > DateTime dte=dt.AddMinutes(expiration);
> > FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
> > expiration);
> >
> > //cripto l'authentication ticket
> > string cookiestr = FormsAuthentication.Encrypt(tkt);
> >
> > //creo il cookie
> > HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
> > cookiestr);
> > //aggiungo il cookie
> > //ck.Expires=tkt.Expiration; //NON SERVE NEI "NON PERSINSTANCE COOKIES"
> > Response.Cookies.Set(ck);
> >
> > //Redirec on protected page
> > FormsAuthentication.RedirectFromLoginPage(CF, false); // Target on
> > protected
> > page.
> > //Response.Redirect("./path/relpath.aspx",true);
> > ************************************************** ********
> > After 2 minutes the user is logged out also if I use the application
> > (multiple refresh on protected page).
> >
> > By
> >
> >
> >
> >
> > "Hernan de Lahitte" wrote:
> >> >> I think you should use the typical "RedirectFromLoginPage()" so you
> >> allow
> >> the Forms Auth internal data to initialize appropriately.
> >> For your scenario, this would be something like the sample below:
> >>
> >> RedirectFromLoginPage(CF, false)
> >>
> >> This may replace all your ticket/cookie stuff and will actually use your
> >> config settings as well.
> >>
> >> --
> >> Hernan de Lahitte
> >> [url]http://weblogs.asp.net/hernandl[/url]
> >> [url]http://www.lagash.com/english/index.html[/url]
> >>
> >>
> >> "Alessandro Zucchi" <Alessandro [email]Zucchi@discussions.microsoft.com[/email]> wrote
> >> in
> >> message news:0BE0F4EF-37D9-4C8D-AE16-6FC28E819C3C@microsoft.com...
> >> > Hi all,
> >> > I'm trying to use Forms authentication with slidingExpiration option
> >> > set
> >> > to
> >> > true since I want permit users to stay logged in when they use the web
> >> > application. Only idle timeout must logged out the users.
> >> >
> >> > ************************************************** *********
> >> > Follow the code:
> >> >
> >> > string CF="ZCCLSN70R21C816A";
> >> > int expiration=2;
> >> > DateTime dt= DateTime.Now;
> >> > DateTime dte=dt.AddMinutes(expiration);
> >> > FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
> >> > expiration);
> >> >
> >> > //cripto l'authentication ticket
> >> > string cookiestr = FormsAuthentication.Encrypt(tkt);
> >> > //creo il cookie
> >> > HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
> >> > cookiestr);
> >> > //aggiungo il cookie
> >> > //ck.Expires=tkt.Expiration;
> >> > Response.Cookies.Set(ck);
> >> >
> >> > ***********************************************
> >> > Follow Web.config
> >> > <!--Pagina di login-->
> >> > <authentication mode="Forms">
> >> > <forms loginUrl="login.aspx" name="miocook" protection="All" path="./"
> >> > timeout="2" slidingExpiration="true" />
> >> > </authentication>
> >> >
> >> > <authorization>
> >> > <deny users ="?" />
> >> > <allow users = "*" />
> >> > </authorization>
> >> >
> >> > <sessionState
> >> > mode="StateServer"
> >> > stateConnectionString="tcpip=127.0.0.1:42424"
> >> > sqlConnectionString="data
> >> > source=127.0.0.1;Trusted_Connection=yes"
> >> > cookieless="false"
> >> > timeout="30"
> >> > />
> >> > ************************************************** ********
> >> > The problem is that after 2 minutes, also if I use the application, the
> >> > cookie expire.
> >> > It look to me that the flag slidingExpiration has no effect.
> >> >
> >> > Anyone can help me ?
> >> > By
> >> >
> >>
> >>
> >>
>
>Alessandro Zucchi Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
