Security :: User Being Asked To Log In Again After Approx 20 Minutes?

Oct 7, 2010

I have a web application that uses forms authentication, memberships and roles. I'm finding it difficult to test but it looks as though the application is forcing my users to log in again after about 20 minutes of inactivity. However, the nature of my application requires users to stay logged in for longer than this even if they aren't using the application constantly.

I've already set the following line in my web.config file so that doesn't seem to be making a difference:

[Code]....

Is there something else that I need to set to prevent my users from being redirected to the login page too early on? I'd like them to be inactive for about an hour before forceably logging them off. I don't want them to lose their work if they don't use the system for 20 minutes.



ADVERTISEMENT

Security :: How To Redirect The User After 2 Minutes If There Is Inactivity For 2 Minutes

Feb 13, 2011

I want to redirect the user after 2 mins if there is inactivity for 2 mins. I am not using ASP.NEt membership. And I dont want to use Sessiontimeout for this. Session timeout will logout the user even if he is working on the system. My objective is like screensaver process.

If there is no action for the specified time, the screensaver runs. Similarly, I want to redirect the user to login page.

note that i have already handled it with the following javascript:

[Code]....

Here what my problem is,

the user is working on the site...ok.. he want to see someother site.he browse someother site and works on....or even he can do some other work in his system...but he is active in his system... What this script does is, it automatically logout the user and redirect him to login page. But it should not do while he is active...IT SHOULD REDIRECT IF HE IS NOT ACTIVE REALLY (Similar to Screensaver process)

Is it possible ?

View 1 Replies View Related

Security :: Timeout Is In Minutes?

Jan 25, 2010

I have implemented the basic forms authentication.In web.config I have set the following, in the authentication tagtimeout = "50000000000" Other than that, I have an out-of the box implementation.I have no custom provider.My clients want to pretty much enter the username once a day.The timeout is in minutes, so I am sure that they are not waiting over 5 million minutes,so something else has to be booting them.

View 7 Replies View Related

Security :: Logon Box Appears Every 5 Minutes?

Jan 8, 2010

I get about 5 minutes of inactivity before a logon box appears for a site I manage. Once logged in, our users must be able to stay logged on all day with no annoying logon popups. This started happening after a change i made to IIS6. We formerly had digest authentication and windows integrated authentication checked and everything worked fine but our users complained because they had to put creds in as <domainuserid>. We want to get rid of the domain requirement. To do this i unchecked windows integrated authentication and added the domain to the "Realm" text box. I can log in now without the domain, and everything works as before but I only get a few minutes before I have to relogon. I tried increasing the connection timout to 36000 and have keep alives checked on the web site property page. I also tried setting the web servers registry setting: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesInetInfoParametersDigestContextCacheTTL to 36000 (ten hours). these changes had no effect that I can see.Our setup:we use SSL and have a test certificate that is expired We are hitting the site on our intranet with IE7 or IE8. The production version of this site is on the internet though.IIS6 on a 2003 serverkeep alives is checkedanonymous authentication is uncheckeddigest authentication is checkedwindows integrated authentication is uncheckedIISRESET was run after each change.

View 7 Replies View Related

Security :: Loose Authentication After 30 Minutes?

Jan 5, 2011

This is my web.config settings:

[Code]....

AND this:

[Code]....

neither keep me in for more than 30 minutes.

for some reason the Ticket is set correctly for 90 days. But the cookie is always January 01, 0001. Below is the output of the Authentication Dates.

Ticket Issue Date: Wednesday, January 05, 2011 4:35:42 PM
Ticket Expiry Date: Tuesday, April 05, 2011 4:35:42 PM
Cookie Name: .ASPXFORMSAUTH
Cookie Expiry Date: Monday, January 01, 0001 12:00:00 AM

View 5 Replies View Related

How Long A User Has Been Logged In Minutes

Nov 8, 2008

How do I calculate how long a user has been logged in in minutes? I am using the default ASPNETDB.mdf to manage user logins.

View 1 Replies View Related

C# - How To Prompt User If Page Is Idle From Last 5 Minutes

Mar 28, 2011

What is the best approach to prompt user, if he is idle on webpage from last 5 minuts.

i mean how to know that use is idle on web page from last 5 minuts.

View 2 Replies View Related

How To Retrieve Large(approx: 50 MB) Xml String From Webpage

Feb 25, 2010

What is the preferred way to retrieve large(approx: 50 MB) xml string from ASP.NET webpage?

Placing the xml string in file and downloading the file is not a choice.(This should be my last resort if nothing else works)

I have following method on ASP.NET server which is exposed through WCF service to silverlight client.

[code]...

Unfortunately these xml strings are approximately 50MB to 100 MB. Silverlight client needs to retrive these large strings and store it in a file on the client machine at the path selected by the user through saveFileDialog.

My concern is WCF service will not allow such large messages. How can I address this issue?

View 3 Replies View Related

AJAX :: Display  20 (approx.) Rows In A GridView/DataView?

Feb 16, 2010

I need to expose a Web service which will provide an array/DataTable of 20 rows (average) of data - certainly no more than 100 rows would ever be needed. The largest item in these rows would be a date.The Web service would be called by a separate Web site in order to display these 20 (approx.) rows in a GridView/DataView. I would have to be able to dynamically choose which domain to go to and find the Web service.I would possibly have to secure the Web service with a password but this is not vital (possibly with soap headers over https).

My question is what technologies should I use to create this Web service? I know enough about .asmx Web services to struggle through and get this working, but should I get a book on WCF and learn that instead?I use AJAX and jQuery so am also wondering if I should be using one of those client side, to call the Web service and populate the grid?

View 3 Replies View Related

Remove Session(Maintained Using Cookies) If User Is Idle For 15 Minutes?

Apr 3, 2011

I am using "cookies" to maintain session in my asp.net azure application.

What I want is that when a user logs in to my website and remains idle for 15 minutes it should automatically log them out and redirect them to the login page.

How can I achieve this?

View 2 Replies View Related

Forms Data Controls :: Returning Data In A Gridview Control / Asked How Many Is Too Many In A Code Review?

Nov 19, 2009

I am returning data in a gridview control. Now, I was asked how many is too many in a code review today. They asked me whether I am dumping everything from backend to Grid (with paging), the answer was yet. Now, what if the getData object returns 100,000 records, will I still be dumping all of this into the grid control or dump in portions.

View 7 Replies View Related

Security :: User Level Security - Enable And Disable Based On The User To Access Certain Form

Jun 26, 2010

i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.

View 1 Replies View Related

Security :: Running Application Under The Security Context Of The Logged In User (LDAP Authentication)

Mar 17, 2011

We are using membership provider for LDAP authentication. It is working as it should.

But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.

We need to have this working because all the permissions on the database are based on the logged in user.

We are using form authentication for LDAP authentication. And having impersonation = true in web.config.

View 1 Replies View Related

Security :: Identity Impersonate + Integrated Security(DB) And Programatically Impersonating The User?

Nov 19, 2010

I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.

My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?

View 2 Replies View Related

Security :: SQL Server: Login Failed For User: '$' / Achieve The Security Settings Or Are They Unfeasible / Unnecessary

Dec 11, 2006

I hate to be the 12345th person to request assistance on this topic, but despite looking at previous requests, I can't seem to find the solution.

Background

I have a new ASP.NET 2.0 web application which is hosted on (for argument's sake) WEBSERVER (using IIS 6.0), and which accesses data on SQLSERVER (using SQL Server 2000).

Because this is an intranet application, I want the application's authentication mode to be Windows, and the IIS authentication mode to be Integrated Windows (with Anonymous access disabled). ie: IIS should authenticate the user as smithjohn and SQLSERVER should also authenticate the user as smithjohn.

I don't know if this is relevant, but because of an existing nasty Windows application, all relevant domain users already have their own <DOMAIN><username> User account on SQLSERVER.

Error

When I build and browse the pages in Visual Web Developer Express, I can retrieve information from SQLSERVER without any problems.

When I publish the site, and upload it to WEBSERVER, I get the following error upon attempting to retrieve data from a stored procedure on SQLSERVER:

System.Data.SqlClient.SqlException: Login failed for user '<DOMAIN><WEBSERVER>$'. at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at snapshot.btnGo_Click(Object sender, EventArgs e)

More Detail

Connection String (in Web.Config):

<add name="strConnMyDatabase" connectionString="Data Source=SQLSERVER;Initial Catalog=MyDatabase;Integrated Security=True" providerName="System.Data.SqlClient"/>
Authentication Type (in Web.Config)
<authentication mode="Windows"/>
There are no impersonation settings defined in Web.ConfigIIS 'Directory Security' settings are:
Anonymous Access disabledIntegrated Windows authentication enabled
The stored procedure (usp_MyProcedure) has the following execute permissions:
DOMAINDomain UsersSQLSERVERMyRole (to which my SQL Server User account belongs)

Questions

Is it possible to achieve the security settings I've outlined, or are they unfeasible / unnecessary? My assumption is that if I use an 'ASPNET' user account, I'll lose the ability to distinguish between (for example) a Marketing department user, and a Finance department user, and that information may be useful if I develop more sensitive data pages in the future. How do I resolve the SQL Exception I'm generating?

View 8 Replies View Related

Security :: User Control Library Causing Security Exception?

Jul 22, 2010

I have created user web control library project and these controls i'm using in my web application. These User controls just works fine in my local machine but when i moved this project(including Library) to our Local server , it is throwing security exception

Error 1 Cannot register assembly "LocalServerLibraryDemoLibraryDemoLibraryinDebugLibrary.dll". Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Library

Anybody knows why this error occuring...?

View 2 Replies View Related

Security :: How To Manually Check A User's Security Question Answer

Jan 30, 2011

I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.

I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.

In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.

A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.

View 5 Replies View Related

Security :: Enable User To Edit / Delete Based On User's Role Permission

Feb 24, 2011

I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.

sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"

I'm able to do this.

If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If
BUT unable to do this...
If user's Department = 'Department XYZ' Then
Do This
Else
Do that
End IF

View 2 Replies View Related

Security :: Using Page.User.Identity.Name To Fetch User Information From A MsSQL Database?

Dec 23, 2010

I have implemented Forms authentication in an ASP.NET MVC 2 website

By using <%: Page.User.Identity.Name %> on the Site.Master page I can display the userid of the logged in user.

I would like to use this value and display other information about the user that is stored in a User table in a MsSQL database, like:

<%: GetFirstname(Page.User.Identity.Name) %>

View 2 Replies View Related

Security :: Admin And User Security Folder Setup

Mar 11, 2011

I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.

Here are the relevant sections of my web.config file.

<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>

Can someone point me to articles or provide assistance with the proper configuration?

View 3 Replies View Related

Security :: Provide Security At User Level For Certain Pages

Sep 8, 2010

I have a site We have different Pages under one folder. we have stored these pages information in a database table with pageid. Then we have User access table. there we store userid and pageid , for which pages user has access. Now I need to provide access to that pages only .

View 8 Replies View Related

Security :: VS - Where To Create User Wizard Save User And Pass And Info

Sep 7, 2010

I Have Question : Can I Edit Create User Wizard To Save Info To My Project Sql ? And Where Normal Create User Wizard Save Info Of Register?

View 5 Replies View Related

Security :: Access Denied For Logged User (anonymous User Is Fine)

Jan 7, 2011

I deployed a website where a logged user or an anonymous user can select data and download a XML file. The website generate the XML file in the server and then deliver it.

It works fine in my development environment, but after deployment, the anonymous user can download the file, but the logged user receive this error:

System.UnauthorizedAccessException: Access to the path 'd:HostsLocalUserheringerwebsiteUpload20110107094051.xml' is denied.

It is weird that as anonymous i can do it.

The website server help states this:

"Grant write, modify, delete access rights on website's folder

Your website executes under unique user account that by default has full control over the website's folder.
So your application can create, open, read, write and delete files and folders inside of your root folder.

There is no need and no way to change this permissions.

If, when running ASP.Net application, you still unable to create file or update it, you have to check your Web.Config file for "<Identity impersonate..." tag and remove it.

The only exception is when the application tries to modify a file or folder in "Application_Start" event of Global.asax file. This is by design that user authenticated only after the Application_Start even. Before the user is authenticated your website runs under an identity of Application Pool which is "Network services". That account doesn't have access to the folder of your website.

To make it work you eather have to move the code that tries to modify files or folders out of the "Application_Start" event of the Global.asax file or inside the event you'll need to impersonate your user by code."

But i am not using impersonate and the tag is not in my web.config.

View 2 Replies View Related

Security :: Dynamically Create Membership User And Check If User Name Is Valid Or Used?

Jul 25, 2010

I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.

View 2 Replies View Related

Security :: How To Create User Account Belong To Normal User Automatically

Mar 25, 2010

I facing a problem here. how can I make the create user wizard category all the new user become normal user role? I have created 2 role which is Manager and Normal User. Normal User can't view the Manager page. But after i create a new user account, i can view manager and normal user page. I want to make all the new member registration will be normal user role?

View 6 Replies View Related

Security :: Adding User Role Selection To Create New User Wizard?

Aug 18, 2009

Im pretty much a newb when it comes to developing throuh ASP.net. I was wondering if there is a way to allow users who create new accounts using the "Create New User Wizard" through VWD to select the type of role they belong to, or do I have to build a custom extender to do that?

The reason for this is I want the end user to select what "Type" (Role) of user they are and then have their user role page load and store their personal information in that role's section of the back end sql database.

View 5 Replies View Related

Security :: How To Know If A Request Come From Internal User (employee) Or External User (vendor)

Mar 24, 2010

I have an extranet site (asp.net), we want that if an employee click on the link, it will automatically get them in. But if an external user does it, they will be redirected to a login page.

is it possible? how to know if a request come from internal user (employee) or external user (vendor).

View 2 Replies View Related

Security :: Userid Of Newly Created User / To Store Additional Details Of The User In Another Database Table

Nov 10, 2010

Our application lets the administrator create new users. Since the administrator is logged in, I have set Logincreateduser = false so that the administrator is not logged out even after creating the new user.

The problem is :I need the userid of the newly created user to store additional details of the user in another database table. I see that i can get the username using Createuserwizard1.username; but how do I get the userID?

View 2 Replies View Related

Security :: Store User Password In Custom Membership User

Aug 12, 2010

I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure

public override bool ValidateUser(string username, string password) is
{
//select hashed password from db
return (EncodePassword(password) == dbpassword)
}
[code]....

View 4 Replies View Related

Security :: Accessing User Id Immediately After User Signed Up

Jan 8, 2011

On our website users can sign up. The sign up controls (converted to a template) has the usual text boxes and then the create user button. When pressing this button the account is created. After reloading the website, the user can see his credentials in his 'my account' tab. Question: How can we access the newly created user (especially his userid) right after the create user button was clicked? Right now this does not work, we can only start accessing this after the page has been reloaded. But surely the account is created the instant the button was pressed. I have tried this:

MembershipUser myObject = Membership.GetUser();
UserID = (System.Guid)(myObject.ProviderUserKey);

But it looks as if the user is not yet logged in at this stage. Can this somehow be forced so that we can access the newly created userid right after the user has clicked the create user button?

View 2 Replies View Related

Security :: Getting User Name Of Authenticated User In Session_Start Of Global?

Jan 6, 2011

I am using form authentication in my website. I have a scenario wherein the user is authenticated but the session has timed out. So, i would like to initialize some session variables in Session_Start of Global.asax (First i check if Request.IsAuthenticated=True). For that i required the name of the user who authenticated. On .aspx pages we can get it using Page.User.Identity.Name but how to get it in global.asax page.

View 1 Replies View Related

Security :: Isolating The User Name In Page.User.Identity.Name?

Mar 4, 2010

Is there a simple way to just retrieve the user's name, and not the Domain name, when using this function:

string quizTaker = Page.User.Identity.Name.ToString();

Right now it returns "DOMAIN_NAMEUserName"

I would like to just use isolate and use the user's name, without the Domain name.

View 2 Replies View Related

Security :: Create User Control To Make A New User?

Jun 5, 2010

I used the Create User Control to make a new user.

Is there a similar tool (I did not see one) that allows the user to edit their own profile?

If not what is the best way to do it? I have created user tables in AWAT.

View 5 Replies View Related

Security :: Get User Name From User Who Login To A Textbox?

Sep 21, 2010

i want to get the username of the people who login suscess in to a textbox, i try to make it through the session , but it s not work , i do it in aspx.vb VS2010

View 19 Replies View Related

Security :: Select User View Only Noticesselect User View Only Logsselect User View Only Newsetc?

Feb 14, 2011

have a web in which there are different areas i have a 1 admin which manage all things like news, Events, Notices, Logs, Forums, Publications etc.........i want assign user rights that select user view only Noticesselect user view only Logsselect user view only Newsetc....

View 7 Replies View Related

Security :: Storing User Id Beside The User Name?

Jun 13, 2010

Moderator Note:Post split from this thread[http://forums.asp.net/t/1403132.aspx]

Q: Im a novice with ASP.net. I want to append a UserID to the Context.Identity.User.Name field.

Something like:

FormsAuthentication.RedirectFromLoginPage(UserName+UserID, false);

Where can I set this code while still using asp.net membership and the login control.

Is it possible to set this in an OnLogin or OnAuthenticate event handler.

Is there someway to see the "login control" code, that way I can just copy it but append my own value when setting the name.

View 2 Replies View Related

Security :: User.IsInRole For Any User?

Feb 13, 2010

how can I find out if one of the user is the member of any role? For the logged user, I use User.IsInRole("Admin"), but how to find out if the nonlogged user is in the role?

View 2 Replies View Related

Users Get Logged Off After About 10 Minutes?

Oct 30, 2008

I have my website set up to autheticate through Active Directory. After about 10 minutes users get logged off and you have to log back in to get into the website.

View 1 Replies View Related

Add Hours And Minutes To The String?

Jun 2, 2010

I have the date format string dd-mm-yy. how to add hours and minutes to the string (i.e 13-03-2010.21.03) ....

DateTime.Today.ToString("dd-mm-yy") ?

View 5 Replies View Related

Call A Function After Every 5 Minutes Later?

Dec 10, 2009

How to call a function after every 5 min. i create a function for our apps. i have a problem that how can i call this function after every 5 min. i says for c# not for any other language because I developed our webapps in c#

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved