Security :: Logon Box Appears Every 5 Minutes?
Jan 8, 2010
I get about 5 minutes of inactivity before a logon box appears for a site I manage. Once logged in, our users must be able to stay logged on all day with no annoying logon popups. This started happening after a change i made to IIS6. We formerly had digest authentication and windows integrated authentication checked and everything worked fine but our users complained because they had to put creds in as <domainuserid>. We want to get rid of the domain requirement. To do this i unchecked windows integrated authentication and added the domain to the "Realm" text box. I can log in now without the domain, and everything works as before but I only get a few minutes before I have to relogon. I tried increasing the connection timout to 36000 and have keep alives checked on the web site property page. I also tried setting the web servers registry setting: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesInetInfoParametersDigestContextCacheTTL to 36000 (ten hours). these changes had no effect that I can see.Our setup:we use SSL and have a test certificate that is expired We are hitting the site on our intranet with IE7 or IE8. The production version of this site is on the internet though.IIS6 on a 2003 serverkeep alives is checkedanonymous authentication is uncheckeddigest authentication is checkedwindows integrated authentication is uncheckedIISRESET was run after each change.
View 7 Replies
Similar Messages:
Feb 13, 2011
I want to redirect the user after 2 mins if there is inactivity for 2 mins. I am not using ASP.NEt membership. And I dont want to use Sessiontimeout for this. Session timeout will logout the user even if he is working on the system. My objective is like screensaver process.
If there is no action for the specified time, the screensaver runs. Similarly, I want to redirect the user to login page.
note that i have already handled it with the following javascript:
[Code]....
Here what my problem is,
the user is working on the site...ok.. he want to see someother site.he browse someother site and works on....or even he can do some other work in his system...but he is active in his system... What this script does is, it automatically logout the user and redirect him to login page. But it should not do while he is active...IT SHOULD REDIRECT IF HE IS NOT ACTIVE REALLY (Similar to Screensaver process)
Is it possible ?
View 1 Replies
Oct 4, 2010
I have an app that uses impersonation to gain access to a database (on server separate from IIS). The app connects to the database using a trusted connection and seems to be working just fine. However, we get these logon failure events in the security event viewer:
[Code]....
It must have something to do with impersonation because the login failure is for the domain account which my app is impersonating under. But again, the app is working fine so I'm having a hard time figuring out how to stop these logon failures.
View 2 Replies
Jan 14, 2010
I managed to user to perform multiple log on from other IE window session in my web application if the same log on is currently being used.Unfortunately I have problem to control multiple log on if the user is logging in using tab browsing in the same session. I know this is due to the same session Id but is there any way to trace down to the tab level within the same session?
View 2 Replies
Sep 5, 2010
We will put the active directory logon when the user access the website, the user needs to fill in his user name and password.
How do we store/get the details of the logon user once the user is logged in?
View 2 Replies
Oct 6, 2010
How to enforce logon hours validation
View 10 Replies
Mar 22, 2010
I have created an intranet site in win 2008 server. Enabled Windows Authentication and disabled Anonymous. I want to get AD logon username(current win logon user).I used HttpContext.Current.User.Identity.Name and also tried User.Identity.NameI am accessing the site from client machine. I am not getting the client's logon user instead getting the server's logon user. But I want client's logon user only.I just want to get username. I dont need any login screens or bla blaWhen I run in my development system(XP), its working fine.
When I deploy to windows 2008 server, I am getting problem(Getting only the server's logon user instead of getting the client's logon user).So, problem in the server settings. So, any settings I need to set to get this worked?I enabled Windows Authentication for my site in IIS management window. Disabled Anonymous authentication.
View 1 Replies
Oct 13, 2010
I have created an Intranet site using windows authentication based on role membership. It is working great. My Web.config is shown below.
<authentication mode="Windows" />
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
<authorization>
<allow roles="D820Developers, D820IT, D820Staff, D820Providers, D820Supervisors, D820Directors, D820Interns" />
<deny users="?"/>
</authorization>
Now my user wants the capability of being able to login to the intranet site as another user. For example, IT guy needs to login on a user's system to set some data.
I have created a standard MS Login Page. However when I try to login on the page I get the message
Your login attempt was not successful. Please try again
I do not have a database (aspnetdb.mdf) storing user information but login against the active directory. Can you use the login form with windows authentication without a database?
View 1 Replies
Jan 19, 2011
I'm using forms authentication in my application but i want to get the active directory domain anme and user name of the logon user. is that possible. The IIS Directory security settings are Anonymous Access allowed and Integrated windows authentication ticked. I tried the following but to no avail
Request.LogonUserIdentity.Name (this is returning the machine name and user name used for anonymous access)
System.Security.Principal.WindowsIdentity.GetCurrent().Name -> returning NT AUTHORITYNETWORK SERVICE
View 3 Replies
May 11, 2010
Ok so I've created a login page that accesses my Active Directory and challenges against it. What I would like, is if a user is logged onto the computer within the intranet with Active Directory Credentials for them to bypass the login to the web page.
However if they are outside of the building on a random computer, they should be presented with a login box just like they are now.
View 1 Replies
Jan 25, 2010
I have implemented the basic forms authentication.In web.config I have set the following, in the authentication tagtimeout = "50000000000" Other than that, I have an out-of the box implementation.I have no custom provider.My clients want to pretty much enter the username once a day.The timeout is in minutes, so I am sure that they are not waiting over 5 million minutes,so something else has to be booting them.
View 7 Replies
Aug 16, 2010
I'm running IIS 6.0 on a Windows 2003 server and running an ASP.NET 4 application which connects to an SQL Server 2005 database on another server. I have my Default.aspx page set to Windows authentication with anonymous access disabled.
When I load up the page it asks for a username and password (as expected), I enter my credentials and it comes up with the following error:Login failed for user ''. The user is not associated with a trusted SQL Server connection.
If I add the following to my web.config file: <identity impersonate="true"/> then I get the following error:
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.
And if I add the <identity impersonate> tag set to true and with my username and password included it connects successfully.
I can't leave this in there as I want each user to connect as themselves, so why is the server not using the credentials that I enter when prompted to connect to the database ?
View 5 Replies
Jan 5, 2011
This is my web.config settings:
[Code]....
AND this:
[Code]....
neither keep me in for more than 30 minutes.
for some reason the Ticket is set correctly for 90 days. But the cookie is always January 01, 0001. Below is the output of the Authentication Dates.
Ticket Issue Date: Wednesday, January 05, 2011 4:35:42 PM
Ticket Expiry Date: Tuesday, April 05, 2011 4:35:42 PM
Cookie Name: .ASPXFORMSAUTH
Cookie Expiry Date: Monday, January 01, 0001 12:00:00 AM
View 5 Replies
Oct 7, 2010
I have a web application that uses forms authentication, memberships and roles. I'm finding it difficult to test but it looks as though the application is forcing my users to log in again after about 20 minutes of inactivity. However, the nature of my application requires users to stay logged in for longer than this even if they aren't using the application constantly.
I've already set the following line in my web.config file so that doesn't seem to be making a difference:
[Code]....
Is there something else that I need to set to prevent my users from being redirected to the login page too early on? I'd like them to be inactive for about an hour before forceably logging them off. I don't want them to lose their work if they don't use the system for 20 minutes.
View 4 Replies
May 31, 2010
I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
View 4 Replies
Jul 17, 2010
I want to get username and machine name of local computer logon to domain. So, how can I get it?My site has annonymous access checked in IIS. cause this application is for the Internet not our company's Intranet.for example, I logon to domain (test.com) in the local computer name is PC1, with the account and pass is: client1 and 1234567.I visit my website, now I want to get user and computer name to show up on asp.net.
View 1 Replies
Aug 19, 2010
I am a windows application developer doing a web application with VB.net and SQL 2008 for the first time.I have developed a web application where users are supposed to view a file after selecting from a listbox. I then pick the users logon ID from windows then store in database and produce statistical reports later. It was working fine on my local machine till i deployed it on server to make it accessible on the intranet. The server OS is Windows 2008 Server and runs IIS. My issues are as follows,1. The application is unable to store the user logon id from the client.2. When more than one user uses the application, then there are errors but one user does not produce errors.
View 1 Replies
Jun 7, 2010
I am a windows application developer doing a web application with VB.net and SQL 2008 for the first time.
I have developed a web application where users are supposed to view a file after selecting from a listbox. I then pick the users logon ID from windows then store in database and produce statistical reports later. It was working fine on my local machine till i deployed it on server to make it accessible on the intranet. The server OS is Windows 2008 Server and runs IIS. My issues are as follows,
1. The application is unable to store the user logon id from the client.
2. When more than one user uses the application, then there are errors but one user does not produce errors.
View 7 Replies
Sep 25, 2010
As i have developed my asp.net application with crystal report using sql server 2005.... on windows xp OS machine x86
My hosting provider is using sql server 2008 on windows server 2008 OS x64...
Please let me know the sql native client version of ms sql server 2005
and sql native client version of ms sql server 2008
will sql native client version of ms sql server 2005 will work on sql native client version of ms sql server 2008..
or we need the same sql native client version of ms sql server 2005 to run my crystal report
View 1 Replies
Apr 10, 2010
I have written a custom membership provider for my MVC 2 app, and it all works fine. I wanted to force people to log in as soon as they went to the site, so set the authorization section of the web config to deny annonymous users. As expected, when you try and access the site, it re-routes you straight to the LogOn.aspx page. The problem I'm having is that when it initially jumps to the LogOn page, it cannot find any of the files referenced in the html header section.
The strange thing is I set a path to a css file as follows:
../../Content/site.css
yet in the page it shows up as
../Content/site.css
I even wrote a html helper that uses Url.Content on the paths passed in, but this still does not solve the problem. If I go to the LogOn page after the application has initially loaded, it references all the files correctly.
View 1 Replies
Jul 12, 2010
On Friday I gave a demo of an MVC application using the Authorize attribute on my JobCardController, and all was well. This morning, when I attempt an unauthorized action, I still get redirected to the LogOn view, using the below URL, but I appear to have what my reading tells me is called a White Screen of Death, i.e. nothing but white background and no actions invoked.
http://localhost:34054/Account/LogOn?ReturnUrl=%2fJobCard
ADDENDUM: I forgot to mention that I have moved the Account models and services out into my DataObjects and Services projects, but I had done this last week already without this problem.
I'm not asking what is wrong, but what are the common faults that could cause something like this and how can I start debugging this mess?
SOLVED: Somehow an Authorize attribute had landed up on my whole controller class, as in,
[HandleError]
[Authorize]
public class AccountController : BaseController
I removed that and everything is working again.
View 1 Replies
Feb 7, 2011
I have configured forms authentication for my MVC 3 RTM application. I updated the configuration to the following and set the autoFormsAuthentication per the Gu and StackOverflow to false. However, when my application is deployed to my web server (W2k3 Standard SP2, II6) the controllers marked with [Authorize] are always redirected to /Account/LogOn instead of the configured value.
[Code]....
View 5 Replies
Dec 3, 2010
I'm building an application using MVC3 RC and I'm trying to add a session variable as soon as anyone logs on. The variable is an int which is retrieved from a database using User.Identity.Name to retrieve the relevant database record.
I'm using the MS AccountController and tried adding the session variable immediately after the line:
FormsService.SignIn(model.UserName, model.RememberMe);
Although this is the point at which the logon is validated the User.Identity.Name is still showing as null when I try to get it immediately after.
Does anyone know when User.Identity.Name is actually populated in the session and how I can intervene to grab it at that point?
View 2 Replies
Mar 14, 2011
i created a mvc project and looked to account controller LogOn action method. methood defined as bottom.
[Code]....
[Code]....
View 3 Replies
Jun 8, 2010
I have a grid view which uses a Datasource to populate it. There is also a OnRowDataBound method which does lots of work using templatefields etc.I have a button which runs a delete method in the code behind, but when i use it the row i delete is still displayed on postback. I tried to set EnableViewState to false for the grid view, but then parts of the OnRowDataBound method failed where a variable set in the Page_Load is used.
View 3 Replies