Security :: Loose Authentication After 30 Minutes?
Jan 5, 2011
This is my web.config settings:
[Code]....
AND this:
[Code]....
neither keep me in for more than 30 minutes.
for some reason the Ticket is set correctly for 90 days. But the cookie is always January 01, 0001. Below is the output of the Authentication Dates.
Ticket Issue Date: Wednesday, January 05, 2011 4:35:42 PM
Ticket Expiry Date: Tuesday, April 05, 2011 4:35:42 PM
Cookie Name: .ASPXFORMSAUTH
Cookie Expiry Date: Monday, January 01, 0001 12:00:00 AM
View 5 Replies
Similar Messages:
Feb 13, 2011
I want to redirect the user after 2 mins if there is inactivity for 2 mins. I am not using ASP.NEt membership. And I dont want to use Sessiontimeout for this. Session timeout will logout the user even if he is working on the system. My objective is like screensaver process.
If there is no action for the specified time, the screensaver runs. Similarly, I want to redirect the user to login page.
note that i have already handled it with the following javascript:
[Code]....
Here what my problem is,
the user is working on the site...ok.. he want to see someother site.he browse someother site and works on....or even he can do some other work in his system...but he is active in his system... What this script does is, it automatically logout the user and redirect him to login page. But it should not do while he is active...IT SHOULD REDIRECT IF HE IS NOT ACTIVE REALLY (Similar to Screensaver process)
Is it possible ?
View 1 Replies
Jan 25, 2010
I have implemented the basic forms authentication.In web.config I have set the following, in the authentication tagtimeout = "50000000000" Other than that, I have an out-of the box implementation.I have no custom provider.My clients want to pretty much enter the username once a day.The timeout is in minutes, so I am sure that they are not waiting over 5 million minutes,so something else has to be booting them.
View 7 Replies
Jan 8, 2010
I get about 5 minutes of inactivity before a logon box appears for a site I manage. Once logged in, our users must be able to stay logged on all day with no annoying logon popups. This started happening after a change i made to IIS6. We formerly had digest authentication and windows integrated authentication checked and everything worked fine but our users complained because they had to put creds in as <domainuserid>. We want to get rid of the domain requirement. To do this i unchecked windows integrated authentication and added the domain to the "Realm" text box. I can log in now without the domain, and everything works as before but I only get a few minutes before I have to relogon. I tried increasing the connection timout to 36000 and have keep alives checked on the web site property page. I also tried setting the web servers registry setting: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesInetInfoParametersDigestContextCacheTTL to 36000 (ten hours). these changes had no effect that I can see.Our setup:we use SSL and have a test certificate that is expired We are hitting the site on our intranet with IE7 or IE8. The production version of this site is on the internet though.IIS6 on a 2003 serverkeep alives is checkedanonymous authentication is uncheckeddigest authentication is checkedwindows integrated authentication is uncheckedIISRESET was run after each change.
View 7 Replies
Oct 7, 2010
I have a web application that uses forms authentication, memberships and roles. I'm finding it difficult to test but it looks as though the application is forcing my users to log in again after about 20 minutes of inactivity. However, the nature of my application requires users to stay logged in for longer than this even if they aren't using the application constantly.
I've already set the following line in my web.config file so that doesn't seem to be making a difference:
[Code]....
Is there something else that I need to set to prevent my users from being redirected to the login page too early on? I'd like them to be inactive for about an hour before forceably logging them off. I don't want them to lose their work if they don't use the system for 20 minutes.
View 4 Replies
Jul 14, 2010
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
View 3 Replies
Jan 4, 2011
What's the difference between Basic Authentication and Integrated Windows Authentication in IIS?
View 3 Replies
Mar 10, 2010
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
View 1 Replies
Sep 3, 2010
What do I need to do in order to change an application from Forms Authentication to windows authentication?
View 2 Replies
Aug 9, 2010
I have a web farm web project, and want to make sure windows authentication is working well without any problem in web farm, can any one give me some web sites or information about that?
View 1 Replies
Feb 8, 2010
Am going to develop authentication part in the web site. I want my authentication module should not be hacked by any one and also want in secure side.
View 1 Replies
Sep 2, 2010
I needed information regarding the capabilities & integration of AzMan tool with Asp.net.Currently, I got a Sharepoint 2007 website along with ASP.NET 2008 where I am using Form Based Authenication.Now, the requirement is any user within a domain registered in AD should be able to login in website through intranet.
Can I acheive this using AzMan, or I need to create two websites one with FBA for internet users and the other one for the intranet users with AD authenication. Also my intenet website is deployed and in use where usermapping and roles are already created, so using this tool what will be the impact on existing webiste.
View 2 Replies
Jun 3, 2010
I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser pop up the dialog box for the username and password) and upon entering the username and password the rss feed gets displayed.But with forms authentication turn on when i click the rss feed link i am getting redirected to the administrator login page.
If i set my authentication mode to none than the feed works like dream but the admin module do not work as it uses forms authentication.
How can i resolve the conflict for that one.I am using the asp.net mvc filter on my feed contoller to pop up the dialog box for the username and password.
[Code]....
View 1 Replies
Feb 16, 2011
I'm developing an internal booking sytem. Users log in to the sytem and can view existing bookings and search for bookings. They can also create new or edit existing bookings. When completing such actions I need a confirmation prior to completing the booking or updating the recorded. The confirmation is based on a reauthentication of the user.... in otherwords he needs to enter his passord again.
How can I achieve this? The system is internam and I'm using Forms Authentication. I an also using roles as som of the admin forms can only be viewed by administrators.
View 1 Replies
Aug 20, 2010
I have the following gridview that is inside an updatepanel:
<asp:UpdatePanel ID="UpdatePanel1" runat="server">
<ContentTemplate>
<asp:Button ID="ButtonAdd" runat="server" OnClick="ButtonAdd_Click" Text="Novo Artigo" />
<asp:GridView ID="Dados" runat="server" AutoGenerateColumns="False" CssClass="Grid">
<Columns>
<asp:TemplateField HeaderText="Artigo">
<ItemTemplate>
<asp:TextBox ID="Artigo" runat="server"></asp:TextBox>
<asp:ModalPopupExtender ID="ModalPopupExtender1" runat="server"
TargetControlID="Artigo"
PopupControlID="PanelArtigos"
>
</asp:ModalPopupExtender>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Descrição">
<ItemTemplate>
<asp:TextBox ID="Descricao" runat="server" Width="300px"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="IVA">
<ItemTemplate>
<asp:TextBox ID="IVA" runat="server" Width="40px" Enabled="false"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Pr. Unit.">
<ItemTemplate>
<asp:TextBox ID="PU" runat="server" Width="50px"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="% Desc.">
<ItemTemplate>
<asp:TextBox ID="Desconto" runat="server"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="UN">
<ItemTemplate>
<asp:TextBox ID="UN" runat="server" Width="50px" Enabled="false"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Quant.">
<ItemTemplate>
<asp:TextBox ID="Quantidade" runat="server" Width="50px"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Total Liquido">
<ItemTemplate>
<asp:TextBox ID="TotalLiquido" runat="server" Enabled="false"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField>
<ItemTemplate>
<asp:LinkButton ID="RemoveArtigo" runat="server" OnClick="RemoveArtigo_Click">Remover
</asp:LinkButton>
</ItemTemplate>
</asp:TemplateField>
</Columns>
<HeaderStyle Font-Size="Small" />
<RowStyle Font-Size="Small" CssClass="grid" />
</asp:GridView>
</ContentTemplate>
</asp:UpdatePanel>
As you can see, i have some textbox's. When i change a value in a textbox, for example, the Desconto value, and leave that textbox, i want that the row where i am to be updated, using the new value present in the textbox. It's like a TextChanged or onBlur, but inside the update panel it's not working. what is the best way to do it? I am using VB.NET. When adding the OnTextChanged="Desconto_TextChanged" i receive this compilation error: Compilation Error Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately. Compiler Error Message: BC30456: 'Desconto_TextChanged' is not a member of 'ASP.index_aspx'. Source Error:
Line 204:
Line 205:
Line 206:
Line 207:
Line 208:
Source File:
C:inetpubwwwrootFacturasFacturasindex.aspx
Line: 206
View 2 Replies
May 25, 2010
Do you have the same problem? Every time I'm executing an resourceWriter.Generate(); I always loose my session and my public value.
View 1 Replies
Sep 20, 2010
How to read a .doc file from as a string in asp.net page to a literal control without format loose and to display images also.
Is it possible to read .pdf as above.
View 1 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Sep 21, 2010
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that enables a user to be able to see a dataBase information only after that user has been successfully authenticated.
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
View 4 Replies
Feb 2, 2010
I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.
But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.
I need to show/hide ASP.NET pages based on the incoming user's roles.
Is it possible somehow to use web.sitemap with these roles?
Or should I come up with my own way to map a web page to role/s?
View 1 Replies
Jul 7, 2010
we are experiencing big difficulties in the configuration of ASP.Net state service and II7. The service seems not working correctly because when the application pools recycles the applicatio loose the session.If we try the same configuration in IIS6 it works correcly.What is the correct way to configure the aspnet session state service in iis7?
View 2 Replies
Oct 16, 2012
I'm working on a project in which i added an user control. I put some css effect in it and a also added a dropdown. When i run the application the effects are working but when i change the dropdown values the css effects will lost somehow.
View 1 Replies