Security :: Inactive Users Being Logged Out Too Quickly?
		
			Dec 5, 2010
				I have a site where the admin can log in to make changes to his content, but while making changes (using a specific asp.net control) with no page loads or callbacks while editing, the user is sometimes being logged out.
I want to increase the time it takes for the system to wait before logging-out inactive users.
I'm using the standard membership provider.
	
	View 1 Replies
  
    
		
Similar Messages:
	
    	
    	
        Oct 6, 2010
        If a logged in user is inactive on the page for more than 20 minutes and thenclicks a button to cause post back they get the  error below.Server Error in '/' Application.Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.Description:An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster 
	View 5 Replies
   
  
    
	
    	
    	
        Jun 23, 2010
        i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
	View 1 Replies
   
  
    
	
    	
    	
        Feb 10, 2011
        I know how to identify the current user during a specific browsing session and can thus control the data, etc, made visible to that individual user. I also know how to find out how many users logged in within the recent past, using:
Membership.GetNumberOfUsersOnline()
.... which I believe calculates the number of users who have logged in within the past 15 minutes. However, I would like to know if there is any way to identify all the users who are logged in at a point in time. Is this possible?
	View 9 Replies
   
  
    
	
    	
    	
        Mar 8, 2011
        I am using ASP.Net Forms based security with the login control.  On my site a user will make a number of selections that will be written to a database.  Is their a unique user id that I can get from the AspNetSqlProvider that I can use to id users in my  database?  When a user logs back in after being away I want to be able to retireve the users information using this id.
	View 7 Replies
   
  
    
	
    	
    	
        Oct 26, 2010
        I need something to secure my PDF files link ...
i have a page like http......../folder/userName.pdf
i need to to encrypt the file name ( i put it "login userName" ) ...
how do i let logged in users download their pdf files without knowing the URL above , for security reasons only ...
	View 4 Replies
   
  
    
	
    	
    	
        Jul 2, 2010
        I used [URL] as a guide and have something configured to show me the users which are logged into the system.  This uses the aspnet_Users.LastActivityDate  column to see when someone last did something on the system.  It also uses the userIsOnlineTimeWindow within the web.config to determine whether a user is online or not.
But because of this userIsOnlineTimeWindow limitation of .NET, even when someone logs out of the system or closes their browser window, the system still sees them as being online.  Also, if they are on a page and don't do anything for 10 minutes, the system will show them offline until they refresh their page or go to another page. know of a better, more real-time way to tracking users which are logged in, logged out, etc?
I don't want to wait 10 minutes for the system to show that a user is offline and also if there's 10 minutes of inactivity, it shows them being offline.
	View 1 Replies
   
  
    
	
    	
    	
        Mar 6, 2011
        How do I keep the pages from time out when users are logged in?
	View 3 Replies
   
  
    
	
    	
    	
        Nov 1, 2010
        I have a web application with a login form. A user enters a user name and password. If they exist in the database the user is authenticated using these two lines:
[Code]....
The problem is that when a user logs in at first he is logged in as himself. When navigating on the web application for a while the user assumes the identity of another logged in user. This happens all the time. In my web.config the authentication mode looks like this:
[Code]....
The site does not use ASP.NET session variables. Instead each page initializes a Singleton class, which stores itself in a static class variable, always accessing the users data already read from the database. The Singleton implementation is:
[Code]....
Could the problem with assuming another logged in users "session" be related to static classes in my application or a Forms Authentication configuration or a configuration in IIS (e.g. is it possible for users to have their own process?).
	View 12 Replies
   
  
    
	
    	
    	
        Sep 14, 2010
        I have designed a navigation structure that is customisable from within my application and linked to the users role.
So I can restrict what menu items a user gets based on their role.
I have managed to do this quite well using SQL Tables and an ASP.Net Menu.
I can get it to only show the menuitems that are marked active and I have created an Stored procedure to get the menu items for a particular role.
Where I am struggling is getting the Logged On Users Roleid to pass it to the Stored Procedure.
I can get it using a regular aspx page but my menu is on my masterpage and I do not want to have to code it in each and every page.
I even tried to do it with a user-control but same happens.  It seems that the User class is just not available when in a masterpage.
how I can pass the roleid from a Class or something or from the page to the masterpage?
	View 2 Replies
   
  
    
	
    	
    	
        Apr 11, 2010
        I have a Login.aspx in my application.
After users logged in, if they press "back" in the browser, it goes to the Login.aspx page.
But I don't want to show users the Login.aspx page when they are logged in. how to restrict users to see the login.aspx page if they are logged in??
I am using sql role based membership provider and standard login control provided by Visual web developer 2008.
	View 7 Replies
   
  
    
	
    	
    	
        Jun 16, 2010
        For some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?
[code]....
	View 1 Replies
   
  
    
	
    	
    	
        Apr 1, 2010
        In the web.config file i have put some code in so that when users log in they will be re-directed to another part of the website which only registered users can access. for the admin part only the admin can log in and it takes him to the admin section and that works fine. it is only this that is causing me problems. 
the code i inserted for which the user needs to be diverted to is: 
<location path ="UserLoggedInFindUs.aspx">
<system.web>
<authorization>
<deny users ="?"/>
[Code]....
	View 11 Replies
   
  
    
	
    	
    	
        Apr 2, 2010
        In the web.config file i have put some code in so that when users log in they will be re-directed to another part of the website which only registered users can access. for the admin part only the admin can log in and it takes him to the admin section and that works fine. it is only this that is causing me problems. 
the code i inserted for which the user needs to be diverted to is: 
<location path ="UserLoggedInFindUs.aspx">
<system.web>
<authorization>
<deny users ="?"/>
[Code]....
	View 2 Replies
   
  
    
	
    	
    	
        Nov 28, 2010
        First of all, thank you for the attention.
I am having some trouble, I am very new to asp.net, and the last problem I had, I spent about 59 hours trying to solve, Now I have a new one !
:D well, I guess this is part of the learning process...
Well, in Visual Studio 2010, I clicked New Website. @ C# language, ... The template it gives is pretty nice, it creates a database MDF file, and a login/register setup ready to go !...
You guys can see it live AT CLICK HERE ...
Everything is working, well at least here at the local machine...
There are 2 pages in there, Default.aspX, and About.aspx ... I want to allow ONLY logged in users to view those 2 pages... I tryed a few things, added my account to a role called ADMIN,
In the web.cong I changed Allow"*" to allow"ADMIN" ... still didn't work.. Also, I was trying to avoid using roles for now, and I was trying to find a way to do this for individual pages in the same directory as well... If possible with out touching the web.config file...
	View 3 Replies
   
  
    
	
    	
    	
        Sep 24, 2010
        I have a CreateUserWizard that uses the membership provider and creates a user in a sql server database.I need to change the IsApproved property on creation to false.I know that it can be done by createing a custom navigation template... but then i will have to code all the checks for the creation of the user...Is there any other way to access that attribute?this is the aspx code:
[Code]....
	View 2 Replies
   
  
    
	
    	
    	
        Jan 2, 2011
        I have a Asp Mvc 2 site using forms authentication.  When I run it locally I can log in and stay logged in indefinitely.
However when I put it on the server I seem to only stay logged in for a few minutes and then seems to be logged out.  I have looked at the cookies and there are 2 which seem relevant:
.ASPXAUTH which is a session cookie .ASPXANONYMOUS which expires in 3 months.  
When I refresh the page the cookies stay the same until I get logged out, when I seem to get a new .ASPXANONYMOUS cookie, but the .ASPXAUTH seems to be the same. It seems that I might be able to stay logged in until I do something after a certain amount of time.  If I submit a form as soon as I am logged in then it works ok, but if I keep submitting data again and again then after a minute or so, one of the submits will happen as a logged out user and not as the user who was logged in, which all the other submits worked as. What might cause this behaviour and how can I track down what is different & change it so that I can stay logged in indefinitely?
its a single server, but after some more investigation and searching the likely candidate seems to be that I am using more than 100mb on the server and the application pool is getting recycled.  I suppose now i need to know How can I check how much memory I'm using. What advice there is to reduce that.
	View 2 Replies
   
  
    
	
    	
    	
        Nov 28, 2010
         When a user logs in, they are redireced to files within members folder.  When a user happens to log in and gets redireced, there is the chance they will retype the default page address and go to the homepage, which is accessable to everyone.  The issue is, the log in status control shows "Logout".  how do I check if a user accesses the homepage, if they are logged in and if they are send them elsewhere.  I've tried different codes, but not getting the result.  Here is one code I tried... 
[Code]....
	View 4 Replies
   
  
    
	
    	
    	
        Mar 8, 2011
        I can get the logged in username from membership system:
// Get user details
var user = Membership.GetUser();
IsLoggedIn = (user != null);
But how do I get things like their avatar, user ID and the rest?
	View 1 Replies
   
  
    
	
    	
    	
        Apr 22, 2010
        I'm creating a ASP MVC application. And because of the complex authorization i'm trying to build my own login system. (So i'm not using asp membership providers, and related classes).Now i'm able to create new accounts in the database with hashed passwords.But how do i keep track that a user is logged in.Is generating a long random number and putting this with the userID in the database and cookie enough? 
	View 1 Replies
   
  
    
	
    	
    	
        Mar 2, 2011
        I have created a simple ASP.Net page to create self printable tickets so non-technical people can change the text and layout of a ticket. Obviously the user has to be logged in to be able to print their tickets. 
When providing the URL for wkhtmltopdf to convert, the tickets are not created because wkhtmltopdf does not have a session to prove the user is logged in.
Is it possible to pass the session to wkhtmltopdf in the URL, or is their a better solution?
	View 1 Replies
   
  
    
	
    	
    	
        Feb 20, 2010
        I have a web application using Forms authentication provided by AD. I would like to know if it's possible to use EWS to send mail as the currently logged in user without having to supply credentials, or; would I be required to set up an account with impersonating access which will send mail on behalf of the currently logged in user?
	View 1 Replies
   
  
    
	
    	
    	
        Mar 1, 2011
        I developed a website in asp.net,c# and SQL server2000. In each and every page I want to show the logged in users name with green color text.
I used Forms authentication. 
	View 4 Replies
   
  
    
	
    	
    	
        Apr 21, 2010
        I have basic login functionality implemented using SQL Server and the LoginView, LoginStatus, and LoginName controls.I have two roles defined: one for Administrators and one for Users.I have two users defined, one for each role. I would like to redirect those authenticated as users to one page and those authenticated as administrators to another. Do I need to define RoleGroups to do this? Is there a good, basic way to accomplish this? I'm not sure what to do next.
	View 3 Replies
   
  
    
	
    	
    	
        Apr 22, 2010
        I have created a simple website in asp.net using forms authendications but when I publish my website in IIS 6 on a Windows Server 2003 machine it keeps the users logged in for ever even though I have set the web.config to expire after 30 min. My website has 2 pages a login.aspx and a home.html. When I run the website in my development machine using the ASP.NET Development Server I have no problem the website works as expected meaning the users can not access the home.html unless the have been authendicated by the login.aspx page. 
Also once loged in, after clearing the browser cookies the web site asks for login again which is again the behavior that I am trying to accomplish. However once the website is on IIS does not take in account the authendication that I have set up on my web.config. What is overriding my web.config? Do I need to make some changes to the global configuration of IIS?
	View 2 Replies