Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
  Advanced Search
  HOME    TRACKER    ASP.NET


Advertisements:










Security :: User Being Asked To Log In Again After Approx 20 Minutes?


I have a web application that uses forms authentication, memberships and roles.I'm finding it difficult to test but it looks as thoughthe application is forcing my users to log in again after about 20 minutes of inactivity. However, the nature of my application requires users to stay logged infor longer than this even if they aren't using the application constantly.

I've already set the following line in my web.config file so that doesn't seem to be making a difference:

[Code]....

Is there something else that I need to set to prevent my users from being redirected to the login page too early on? I'd like them to be inactive for about an hour before forceably logging them off. I don't want them to lose their work if they don't use the system for 20 minutes.


View 4 Replies (Posted: Oct 07, 2010 10:25 AM)

Sponsored Links:

Related Forum Messages For ASP.NET category:
Security :: How To Redirect The User After 2 Minutes If There Is Inactivity For 2 Minutes
I want to redirect the user after 2 mins if there is inactivity for 2 mins. I am not using ASP.NEt membership. And I dont want to use Sessiontimeout for this. Session timeout will logout the user even if he is working on the system. My objective is like screensaver process.

If there is no action for the specified time, the screensaver runs. Similarly, I want to redirect the user to login page.

note that i have already handled it with the following javascript:

[Code]....

Here what my problem is,

the user is working on the site...ok.. he want to see someother site.he browse someother site and works on....or even he can do some other work in his system...but he is active in his system... What this script does is, it automatically logout the user and redirect him to login page. But it should not do while he is active...IT SHOULD REDIRECT IF HE IS NOT ACTIVE REALLY (Similar to Screensaver process)

Is it possible ?

Posted: Feb 13, 2011 05:47 AM

View 1 Replies!   View Related
Security :: Timeout Is In Minutes?
I have implemented the basic forms authentication.In web.config I have set the following, in the authentication tagtimeout = "50000000000"Other than that, I have an out-of the box implementation.I have no custom provider.My clients want to pretty much enter the username once a day.The timeout is in minutes, so I am sure that they are not waiting over 5 million minutes,so something else has to be booting them.

Posted: Jan 25, 2010 05:18 PM

View 7 Replies!   View Related
Security :: Logon Box Appears Every 5 Minutes?
I get about 5 minutes of inactivity before a logon box appears for a site I manage. Once logged in, our users must be able to stay logged on all day with no annoying logon popups.This started happening after a change i made to IIS6. We formerly had digest authentication and windows integrated authentication checked and everything worked fine but our users complained because they had to put creds in as <domainuserid>. We want to get rid of the domain requirement. To do this i unchecked windows integrated authentication and added the domain to the "Realm" text box. I can log in now without the domain, and everything works as before but I only get a few minutes before I have to relogon. I tried increasing the connection timout to 36000 and have keep alives checked on the web site property page. I also tried setting the web servers registry setting: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesInetInfoParametersDigestContextCacheTTL to 36000 (ten hours). these changes had no effect that I can see.Our setup:we use SSL and have a test certificate that is expired We are hitting the site on our intranet with IE7 or IE8. The production version of this site is on the internet though.IIS6 on a 2003 serverkeep alives is checkedanonymous authentication is uncheckeddigest authentication is checkedwindows integrated authentication is uncheckedIISRESET was run after each change.

Posted: Jan 08, 2010 12:56 PM

View 7 Replies!   View Related
Security :: Loose Authentication After 30 Minutes?
This is my web.config settings:

[Code]....

AND this:

[Code]....

neither keep me in for more than 30 minutes.

for some reason the Ticket is set correctly for 90 days. But the cookie is always January 01, 0001. Below is the output of the Authentication Dates.

Ticket Issue Date: Wednesday, January 05, 2011 4:35:42 PM
Ticket Expiry Date: Tuesday, April 05, 2011 4:35:42 PM
Cookie Name: .ASPXFORMSAUTH
Cookie Expiry Date: Monday, January 01, 0001 12:00:00 AM

Posted: Jan 05, 2011 08:46 PM

View 5 Replies!   View Related
How Long A User Has Been Logged In Minutes
How do I calculate how long a user has been logged in in minutes? I am usingthe default ASPNETDB.mdf to manage user logins.

Posted: Nov 08, 2008 08:14 PM

View 1 Replies!   View Related
C# - How To Prompt User If Page Is Idle From Last 5 Minutes
What is the best approach to prompt user, if he is idle on webpage from last 5 minuts.

i mean how to know that use is idle on web page from last 5 minuts.

Posted: Mar 28 at 4:53

View 2 Replies!   View Related
How To Retrieve Large(approx: 50 MB) Xml String From Webpage
What is the preferred way to retrieve large(approx: 50 MB) xml string from ASP.NET webpage?

Placing the xml string in file and downloading the file is not a choice.(This should be my last resort if nothing else works)

I have following method on ASP.NET server which is exposed through WCF service to silverlight client.

[code]...

Unfortunately these xml strings are approximately 50MB to 100 MB. Silverlight client needs to retrive these large strings and store it in a file on the client machine at the path selected by the user through saveFileDialog.

My concern is WCF service will not allow such large messages. How can I address this issue?

Posted: Feb 25 10 at 15:39

View 3 Replies!   View Related
AJAX :: Display 20 (approx.) Rows In A GridView/DataView?
I need to expose a Web service whichwill provide an array/DataTable of20 rows (average)of data - certainly no more than 100 rows would ever be needed. The largest item in these rows would be a date.The Web service would be called by a separate Web site in order to display these20 (approx.) rows in a GridView/DataView. I would have to be able to dynamically choose which domain to go to and find the Web service.I would possibly have to secure the Web service with a password but this is not vital (possibly with soap headers over https).

My question is what technologies should I use to create this Web service? I know enough about .asmx Web services to struggle through and get this working, but should I get a book on WCF and learn that instead?I use AJAX and jQuery so am also wondering if I should be using one of those client side, to call the Web service and populate the grid?

Posted: Feb 16, 2010 01:33 AM

View 3 Replies!   View Related
Remove Session(Maintained Using Cookies) If User Is Idle For 15 Minutes?
I am using "cookies" to maintain session in my asp.net azure application.

What I want is that when a user logs in to my website and remains idle for 15 minutes it should automatically log them out and redirect them to the login page.

How can I achieve this?

Posted: 2 days ago

View 2 Replies!   View Related
Forms Data Controls :: Returning Data In A Gridview Control / Asked How Many Is Too Many In A Code Review?
I am returning data in a gridview control. Now, I was asked how many is too many in a code review today. They asked me whether I am dumping everything frombackend to Grid (with paging), the answer was yet. Now, what ifthegetData object returns 100,000 records, will I still be dumping all of this into the grid control or dump in portions.

Posted: Nov 19, 2009 05:51 PM

View 7 Replies!   View Related
Security :: User Level Security - Enable And Disable Based On The User To Access Certain Form
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.

Posted: Jun 26, 2010 04:27 AM

View 1 Replies!   View Related
Security :: Running Application Under The Security Context Of The Logged In User (LDAP Authentication)
We are using membership provider for LDAP authentication. It is working as it should.

But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.

We need to have this working because all the permissions on the database are based on the logged in user.

We are using form authentication for LDAP authentication. And having impersonation = true in web.config.

Posted: Mar 17, 2011 03:55 PM

View 1 Replies!   View Related
Security :: Identity Impersonate + Integrated Security(DB) And Programatically Impersonating The User?
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.

My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?

Posted: Nov 19, 2010 02:22 AM

View 2 Replies!   View Related
Security :: SQL Server: Login Failed For User: '$' / Achieve The Security Settings Or Are They Unfeasible / Unnecessary
I hate to be the 12345th person to request assistance on this topic, but despite looking at previous requests, I can't seem to find the solution.

Background

I have a new ASP.NET 2.0 web application which is hosted on (for argument's sake) WEBSERVER (using IIS 6.0), and which accesses data on SQLSERVER (using SQL Server 2000).

Because this is an intranet application, I want the application's authentication mode to be Windows, and the IIS authentication mode to be Integrated Windows (with Anonymous access disabled). ie: IIS should authenticate the user as smithjohn and SQLSERVER should also authenticate the user as smithjohn.

I don't know if this is relevant, but because of an existing nasty Windows application, all relevant domain users already have their own <DOMAIN><username> User account on SQLSERVER.

Error

When I build and browse the pages in Visual Web Developer Express, I can retrieve information from SQLSERVER without any problems.

When I publish the site, and upload it to WEBSERVER, I get the following error upon attempting to retrieve data from a stored procedure on SQLSERVER:

System.Data.SqlClient.SqlException: Login failed for user '<DOMAIN><WEBSERVER>$'. at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at snapshot.btnGo_Click(Object sender, EventArgs e)

More Detail

Connection String (in Web.Config):

<add name="strConnMyDatabase" connectionString="Data Source=SQLSERVER;Initial Catalog=MyDatabase;Integrated Security=True" providerName="System.Data.SqlClient"/>
Authentication Type (in Web.Config)
<authentication mode="Windows"/>
There are no impersonation settings defined in Web.ConfigIIS 'Directory Security' settings are:
Anonymous Access disabledIntegrated Windows authentication enabled
The stored procedure (usp_MyProcedure) has the following execute permissions:
DOMAINDomain UsersSQLSERVERMyRole (to which my SQL Server User account belongs)

Questions

Is it possible to achieve the security settings I've outlined, or are they unfeasible / unnecessary? My assumption is that if I use an 'ASPNET' user account, I'll lose the ability to distinguish between (for example) a Marketing department user, and a Finance department user, and that information may be useful if I develop more sensitive data pages in the future. How do I resolve the SQL Exception I'm generating?

Posted: Dec 11, 2006 03:47 AM

View 8 Replies!   View Related
Security :: User Control Library Causing Security Exception?
I have createduser web control library project and these controls i'm using in my web application. These User controls just works fine in my local machine but when i moved this project(including Library) to our Localserver, it is throwing security exception

Error1Cannot register assembly "LocalServerLibraryDemoLibraryDemoLibraryinDebugLibrary.dll". Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Library

Anybody knows why this error occuring...?

Posted: Jul 22, 2010 11:02 AM

View 2 Replies!   View Related
Security :: How To Manually Check A User's Security Question Answer
I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.

I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.

In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.

A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.

Posted: Jan 30, 2011 04:45 PM

View 5 Replies!   View Related
Security :: Enable User To Edit / Delete Based On User's Role Permission
I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID.The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.

sqlDept="SELECTUSERNAMEFROMUsersLEFTJOINUserListONUserList.GM_UserName=Users.UserNameWHEREUserList.Department='Dept XYZ'"

I'm able to do this.

IfSession("Userid")="TestUser1"OrSession("UserID")="TestUser2"ThenDo thisElse Do thatEndIf
BUT unable to do this...
If user's Department = 'Department XYZ' Then
Do This
Else
Do that
End IF

Posted: Feb 24, 2011 02:39 PM

View 2 Replies!   View Related
Security :: Using Page.User.Identity.Name To Fetch User Information From A MsSQL Database?
I have implemented Forms authentication in an ASP.NET MVC 2 website

By using <%: Page.User.Identity.Name %> on the Site.Master page I can display the userid of the logged in user.

I would like to use this value and display other information about the user that is stored in a User table in a MsSQL database, like:

<%: GetFirstname(Page.User.Identity.Name) %>

Posted: Dec 23, 2010 04:36 PM

View 2 Replies!   View Related
Security :: Admin And User Security Folder Setup
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.

Here are the relevant sections of my web.config file.

<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>

Can someone point me to articles or provide assistance with the proper configuration?

Posted: Mar 11, 2011 01:12 AM

View 3 Replies!   View Related
Security :: Provide Security At User Level For Certain Pages
I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only .

Posted: Sep 08, 2010 09:05 AM

View 8 Replies!   View Related
Security :: VS - Where To Create User Wizard Save User And Pass And Info
I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?

Posted: Sep 07, 2010 02:48 PM

View 5 Replies!   View Related
Security :: Access Denied For Logged User (anonymous User Is Fine)
I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.

It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:

System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.

It is weird that as anonymous i can do it.

The website server help states this:

"Grant write, modify, delete access rights on website's folder

Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.

There is no need and no way to change this permissions.

If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.

The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.

To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."

But i am not using impersonate and the tag is not in my web.config.

Posted: Jan 07, 2011 02:55 PM

View 2 Replies!   View Related
Security :: Dynamically Create Membership User And Check If User Name Is Valid Or Used?
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.

Posted: Jul 25, 2010 01:25 PM

View 2 Replies!   View Related
Security :: How To Create User Account Belong To Normal User Automatically
I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?

Posted: Mar 25, 2010 08:20 PM

View 6 Replies!   View Related
Security :: Adding User Role Selection To Create New User Wizard?
Im pretty much a newb when it comes to developing throuh ASP.net. I was wondering if there is a way to allow users who create new accounts using the "Create New User Wizard" through VWD to select the type of role they belong to, or do I have to build a custom extender to do that?

The reason for this is I want the end user to select what "Type" (Role) of user they are and then have their user role page load and store their personal information in that role's section of the back end sql database.

Posted: Aug 18, 2009 10:22 PM

View 5 Replies!   View Related
Security :: How To Know If A Request Come From Internal User (employee) Or External User (vendor)
I have an extranet site (asp.net), we want that if an employee click on the link, it will automatically get them in. But if an external user does it, they will be redirected to a login page.

is it possible? how to know if a request come from internal user (employee) or external user (vendor).

Posted: Mar 24, 2010 08:24 PM

View 2 Replies!   View Related
Security :: Userid Of Newly Created User / To Store Additional Details Of The User In Another Database Table
Ourapplication lets the administrator create new users. Sincethe administrator is logged in, I have set Logincreateduser = false so that the administrator is not logged out even after creating the new user.

The problem is :I need the userid of the newly created user to store additional details of the user in another database table. I see that i can get the username using Createuserwizard1.username; but how do I get the userID?

Posted: Nov 10, 2010 06:58 PM

View 2 Replies!   View Related
Security :: Store User Password In Custom Membership User
I have a custom membership user classand custom MembershipProvider working against database. Due to securityreasons the user passwords arestored in the database as hashed values. Somy procedure

public override bool ValidateUser(string username, string password)is
{
//select hashed password from db
return (EncodePassword(password) == dbpassword)
}
[code]....

Posted: Aug 12, 2010 01:18 PM

View 4 Replies!   View Related
Security :: Accessing User Id Immediately After User Signed Up
On our website users can sign up. The sign up controls (converted to a template) has the usual text boxes and then the create user button. When pressing this button the account is created. After reloading the website, the user can see his credentials in his 'my account' tab. Question: How can we access the newly created user (especially his userid) right after the create user button was clicked? Right now this does not work, we can only start accessing this after the page has been reloaded. But surely the account is created the instant the button was pressed. I have tried this:

MembershipUser myObject = Membership.GetUser();
UserID = (System.Guid)(myObject.ProviderUserKey);

But it looks as if the user is not yet logged in at this stage. Can this somehow be forced so that we can access the newly created userid right after the user has clicked the create user button?

Posted: Jan 08, 2011 09:54 AM

View 2 Replies!   View Related
Security :: Getting User Name Of Authenticated User In Session_Start Of Global?
Iam using form authentication in my website. I have a scenario wherein the user isauthenticated but the session has timed out. So, i would like toinitialize some sessionvariables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True).For that i required the name of the user who authenticated. On.aspx pages we can get it using Page.User.Identity.Namebut how to get it in global.asax page.

Posted: Jan 06, 2011 06:49 PM

View 1 Replies!   View Related
Security :: Isolating The User Name In Page.User.Identity.Name?
Is there a simple way to just retrieve the user's name, and not the Domain name, when using this function:

string quizTaker = Page.User.Identity.Name.ToString();

Right now it returns "DOMAIN_NAMEUserName"

I would like to just use isolate and use the user's name, without the Domain name.

Posted: Mar 04, 2010 07:46 PM

View 2 Replies!   View Related
Security :: Create User Control To Make A New User?
I used the Create User Control to make a new user.

Is there a similar tool (I did not see one) that allows the user to edit their own profile?

If not what is the best way to do it? I have created user tables in AWAT.

Posted: Jun 05, 2010 04:26 AM

View 5 Replies!   View Related
Security :: Get User Name From User Who Login To A Textbox?
i want to get the username of the people who login suscess in to a textbox, i try to make it through the session , but it s not work , i do it in aspx.vb VS2010

Posted: Sep 21, 2010 07:03 AM

View 19 Replies!   View Related
Security :: Select User View Only Noticesselect User View Only Logsselect User View Only Newsetc?
have a web in which there are different areas i have a 1 admin which manage all things like news, Events, Notices, Logs, Forums, Publications etc.........i want assign user rights that select user view only Noticesselect user view only Logsselect user view only Newsetc....

Posted: Feb 14, 2011 09:23 AM

View 7 Replies!   View Related
Security :: Storing User Id Beside The User Name?
Moderator Note:Post split from this thread[http://forums.asp.net/t/1403132.aspx]

Q: Im a novice with ASP.net. I want to appenda UserID to the Context.Identity.User.Name field.

Something like:

FormsAuthentication.RedirectFromLoginPage(UserName+UserID, false);

Where can I set this code while still using asp.net membership and the login control.

Is it possible to set this in an OnLogin or OnAuthenticate event handler.

Is there someway to see the "login control" code, that way I can just copy it but append my own value when setting the name.

Posted: Jun 13, 2010 10:04 PM

View 2 Replies!   View Related
Security :: User.IsInRole For Any User?
how can I find out if one of the user is the member of any role? For the logged user, I use User.IsInRole("Admin"), but how to find out if the nonlogged user is in the role?

Posted: Feb 13, 2010 04:42 PM

View 2 Replies!   View Related
Users Get Logged Off After About 10 Minutes?
I have my website set up to autheticate through Active Directory. After about 10 minutes users get logged off and you have to log back in to get into the website.

Posted: Oct 30, 2008 08:22 PM

View 1 Replies!   View Related
Add Hours And Minutes To The String?
I have the date format string dd-mm-yy. how to add hours and minutes to the string (i.e 13-03-2010.21.03) ....

DateTime.Today.ToString("dd-mm-yy") ?

Posted: Jun 2 10 at 10:37

View 5 Replies!   View Related
Call A Function After Every 5 Minutes Later?
How to call a function after every 5 min. i create a function for our apps. i have a problem that how can i call this function after every 5 min. i says for c# not for any other language because I developed our webapps in c#

Posted: Dec 10, 2009 02:18 PM

View 6 Replies!   View Related
Copyright 2005-08 www.BigResource.com, All rights reserved