I want to allow admins to be logged in for longer than normal users. I don't see a hook for setting the cookie timeout programmatically or in a role-based way. Is this possible in ASP using Forms Authentication?
View 2 Replies
The session state timeout is set using this web.config element
<sessionState mode="InProc" cookieless="false" timeout="120" />
The forms auth is configured using this web.config element
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
</system.web>
What is the difference between the timeouts specified in each of these elements? If both are different, how would it work?
I am exporting a HTML table to excel by sending the data as a HTML Table string and setting the content headers:
[code]....
Is there a simple way of setting the content-length based on the size of the HTML string? Or should I just leave it blank anyway...would be nice to have the content-length ideally...
I'm working with ASP.Net web services and am having a problem with a long-running process that takes about 5 minutes to complete, and it's timing out. To fix this, I was able to set the executionTimeout on the server's web.config to 10 minutes, and then set the .Timeout property on the Web Service object to approximately 9 minutes. Now, I'm worried that this may possibly cause some other web service calls to sit there for 10 minutes before they time out rather than the previous 90-100 seconds. I know the default on the client side is 100 seconds, but wasn't sure if updating the server's timeout setting would affect this.
Bottom line is - Is it safe to update the server's timeout setting to a long amount like 10 minutes, and rely on the default timeout on the client, or could this end up causing some problems?
<authentication mode="Forms">
<forms path="/" defaultUrl="Default.aspx" loginUrl="Login.aspx" name=".ASPXAUTH" slidingExpiration="true" timeout="3000" cookieless="UseDeviceProfile"/>
</authentication>
private void SetAuthticationCookie(string username)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, 3000);
string encTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie myCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
Response.Cookies.Add(myCookie);
[Code]....
We're running IIS7 and have windows authentication enabled. Everything else is disabled. When we go to the page though, we aren't prompted for a windows logon, but are redirected to the default forms authentication login page (Accoun
View 1 Repliesif it is possible to use a WCF Dataservice as the MemberShipProvider for a forms auth application. I have written code for a provider (below), but I do not know what to do as far as a connection string, or any other web.config properties.
Please Help!!! Here is the code for my provider, anytime it says Odbc that is because I based this off of the custom Odbc provider on the msdn site. The only ACTUAL references to any odbc connection are in the comments:
[Code]....
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />
[Code] ....
I need this up and running quick but I spent the last few hours researching/worrying about which would be better:
Asp.net Forms Authentication
vs
Custom Header Token:
On the server
[code]...
Been scratching my head on this one today quite a bit. Time to ask the guru's.Implementing your basic Forms Auth for a 2.0 web app in conjunction with SQL Membership Provider and Role Provider. Web.Config from virtual directory root
[Code]....
All other subdirectories do not contain web.config files but rather wanted them to just work off inheritence from the root web.config. Upon publishing of this setup - I am having one hell of a time maintaining the user 'authenticated' state. (Not sure if that's the best explanation of what is going on.. but)
is it possible to set a maximum length in my field in gridview?
Below is my gridview sample that retrieve a formatted html in my database..All i want to achieve is to limit the maximum length of characters i.e "50" then automatically create a pagination for the succeeding characters..to be posted in the gridview
<div id="GridScroll" class="grid_scroll">
<asp:GridView ID="GridView2" runat="server" AutoGenerateColumns="False" BorderStyle="None"
GridLines="None"
DataSourceID="SqlDataSource1" Height="308px" Width="1174px" ShowHeader="False">
<Columns>
<asp:TemplateField SortExpression="NewsText" ShowHeader="False">.......
I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.
However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?
In pageload, if you do Response.Cookies.Add(..., immediately in the next line, you can access that cookie via Request.Cookies(... I know that under the covers, the cookie is added to Request.Cookies by .net, but the original request never had that cookie.
If what I'm saying is correct, why is it this way? Shouldn't the cookie be available in the following request? Shouldn't the immediate access to Request.Cookies(... be null?
Setting role when creating new user with ASP.net MVC
I am looking at the default ASP.net MVC 2 controller.
How do I set the role for the new user that is created in the Register method?
Is this possible with just a simple property set or do I have to do something special?
Is there any way to stablish a global timeot when calling webservices from Javascript in an ASP.NET application?Now the only way I know is setting the timeout manually for each service: service1.set_timeout=100000;
I'd like to do it globally.
have a website which as far as I know has the following timeout settings:1) In Web.config, FORM's authentication timeout="10"2) In Web.config, MEMBERSHIP's userIsOnlineTimeWindow="10"3) Assigned in Global.asax on Session_Start(): Session.Timeout =10;In the past I had problems because at least 1) and 3) weren't in sync, not sure about 2).
Do these 3 have to be in sync and if so, is there a way to set the timeout once and to have it applied to all 3? I deploy my website to many clients and each may want a different timeout, so I'm looking for a dynamic method to set this, perhaps after loading the timeout period from the db or settings file.
VWD 2008 Express. IIS 6.0. Forms Authentication.My web site uses forms authentication (in case that makes a difference). Folks who are using the site indicate that it is timing out on them (logging them out) before they can finish some entries. How can I increase the timeout period? The following is my web.config file in my root directory:
[Code]....
Here is the web.config in the subdirectory to which all users are directed at login:
[Code]....
Anything I have tried didn't work. Currenly I have following code to change asp.net session cookie expiration date and path, but asp doesn't want to listen to me. I sends same cookie in Set-Cookie header two times sometimes, sometimes it sends it's default cookie ignoring path and expiration date, sometimes it sends everything as expected, and sometimes it doesn't send Set-Cookie at all. What should I do.
My code in Global.asax
protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e)
{
/// only apply session cookie persistence to requests requiring session information
if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
{
var sessionState = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
var cookieName = sessionState != null && !string.IsNullOrEmpty(sessionState.CookieName)
? sessionState.CookieName
: "ASP.NET_SessionId";
var timeout = sessionState != null
? sessionState.Timeout
: TimeSpan.FromMinutes(20);
/// Ensure ASP.NET Session Cookies are accessible throughout the subdomains.
if (Request.Cookies[cookieName] != null && Session != null && Session.SessionID != null)
{
Response.Cookies[cookieName].Value = Session.SessionID;
Response.Cookies[cookieName].Path = Request.ApplicationPath;
Response.Cookies[cookieName].Expires = DateTime.Now.Add(timeout);
}
}
}
we're in the process of trying to speed up the performance of our website by serving static content from a cookieless domain. That seems to be going well, but I have a new question:
I know that it's "static content" that we're talking about when serving it from a cookieless domain, but we also have static content being served by ASPX pages, specifically images. For example:
domain.com/resizeImages.aspx?src=images/image123.jpg&width=400&height=400
How can I serve the resizeImages.aspx image without ASP.NET setting a cookie on my browser? (At present it sets an ASPXANONYMOUS cookie.)
I am using Asp.net 2.0 and C#.I have 2 webpages, which contain lot of questionnaires. I have a submit button in my 2nd web page. I want to set a timer in the page, so that after 2 minutes, if the user has not completed the questionaire, i want to click on the submit button automiatically.
View 3 RepliesI have a site that when a user logs in it sets their initials into a session variable and sets the timeout value like so:
[Code]....
I want the user to be logged in for 3 hours. This does not work, the session expires after a short period of time, maybe 20 minutes. What do I need to change to make this page level validation work?I have tried setting in web.config also, but this doesn't work either.
<sessionState mode="InProc" cookieless="true" timeout="180" />
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 RepliesI'm implementing the session sharing structure from this link for an ASP classic site to begin the gradual conversion process to ASP.NET. I'm trying to extend the cookie expiration time so that users do not get signed out of the site when the session expires. At the place where the cookie is created in SessionPage.cs I've added the line in the CreateNewSessionCookie() method: cookie.Expires = DateTime.Now.AddDays(14);
Now this works fine, however, it only works if the user first visits an ASP.NET page, and then visits the ASP classic pages. It doesn't work if visiting an ASP classic page first (looking at the cookie through firefox confirms that different expiration values are given based on if I visit an ASP or ASP.NET page first.) I'm still a bit fuzzy on the mechanics behind this implementation as I don't have a complete understanding of session and cookie handling. However, I would have thought that the VB6 SessionMgr object is calling the SessionUtility DLL, and thus is using the same code to issue the cookie. I have re-registered the SessionUtility using gacutil, and re-exposed it using regasm. How else is the cookie being issued when a user accesses an ASP classic page? How can I change the expiration time?
I have deployed a Web application on IIS 6. I want to prevent my server from setting cookie on the client browser. I am using the following setting on the web.config file.
< sessionState
mode="InProc"
cookieless="false" [code]....
However, it looks like its creating a default cookie named ".ASPXAUTH" in the client machine. I dont want my application to create any sort of cookie.Is there anything specific I need to do in web.config?
The constructors for manually creating FormsAuthenticationTicket objects force us to set an "expiration" value, and this value overrides the "timeout" setting in web.config in my tags, which is not what I want, because now the user doesn't timeout. The "session" just expires at the given time.I need to manually create my ticket for UserData reasons, and it is just the way I decided to build my app. I guess I could spend a whole lot of time and redo the way my app. authorizes, and store the "userdata" elsewhere... but this seems extremely tedious for something so small..Is there anyway to manually create an Auth Ticket and still maintain timeout settings?! And by timeout, I mean resetting the timer on user activity. Not a fixed timeout!
View 1 Replies
