I'm using the Default web.config that we get once we make a new project , I didn't see any "timeout" parameter so I added it like this :
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout ="7">
<providers>
<add name="DefaultSessionProvider"
type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
connectionStringName="DefaultConnection"/>
</providers>
</sessionState>
I'm logged into my account , I keep refreshing the page for like 14-15 minutes now but I'm not getting logged off . (where it's supposed to get me logged off after 7 minutes).
If you want authentication timeout specify in the <authentication> tag.
<authentication mode="Forms">
<forms timeout="7"/>
</authentication>
If you want session
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="7" />
</system.web>
There are a few ways this can be accomplished, and it depends on how your website is setup.
In the web.config property sessionState
Configure the IIS app pool
If you're using Identity, you will want to set the ExpireTimeSpan in the ConfigureAuth()
Related
When user login, I'm storing user_id in Session variable and on second page I'm checking on page load if user_id exists then fine, otherwise redirect to sign in page but when I login and and redirected to next page after few seconds it will redirect on login page. I have tried all solutions but all in vain
Important Note:
Another thing is that application working fine on development server and also on local IIS in LAN but on live server this issue is occurring.
Following web.config file code is
<system.web>
<customErrors mode="Off" />
<trust level="Full" />
<authentication mode="Forms">
<forms loginUrl="~/Security/Registration" timeout="30"
slidingExpiration="true" />
</authentication>
<sessionState timeout="30"></sessionState>
<compilation targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
Why don't you update sessionState with below line :
<sessionState mode="InProc" cookieless="false" timeout="30" />
You can set timeout in web.config
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="30" />
....
I have developed a simple ASP.Net MVC 4 application using Windows Authentication to run on our company's local network. It works fine when deployed on IIS. But if I run the application through Visual studio, I get error message
Here is how my Web.Config file looks like
<system.web>
<authentication mode="Windows" />
<roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime maxUrlLength="32767" maxQueryStringLength="32767" targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<!--<remove name="FormsAuthenticationModule" />-->
</modules>
<security>
<requestFiltering>
<requestLimits maxUrl="32767" maxQueryString="32767" />
</requestFiltering>
</security>
For debugging, Application is configured to run using "Local IIS Web Server" with "Use IIS Express" option checked in Applications's Properties ->Web tab.
It turns out to be that I had to Enable Windows Authentication, Disable Anonymous Authentication in the Development Server Properties of my Project.
You need to add to project Web.config this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
</system.web>
Where /Account/Login is your login method from controller.
Make sure your Directory Browsing is enabled.
See this link for adding user in IIS.
On my local version of my site, you are free to roam with no problem. However when running off of the built version on the web, you are randomly logged out.
It happens whenever I click out of the Internet Window, but it also does it between page loads.
My web config is seen below,
<!--CONNECTION STRING-->
<connectionStrings>
<add name="RaiseFantasyLeagueConnectionString" connectionString="Data Source=MATT-PC\SQLEXPRESS;Initial Catalog=Raise;Integrated Security=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off"></customErrors>
<sessionState timeout="30"></sessionState>
<!--MEMBERSHIP-->
<roleManager enabled="true" defaultProvider="SqlRoleManager">
<providers>
<add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="RaiseFantasyLeagueConnectionString" applicationName="MyApplication" />
</providers>
</roleManager>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="30">
<providers>
<clear/>
<add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="RaiseFantasyLeagueConnectionString" applicationName="Raise Fantasy League" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<!--AUTHENTICATION-->
<authentication mode="Forms">
<forms name="RaiseFLAuthentication" loginUrl="home.aspx" cookieless="UseCookies" defaultUrl="/myPredictions.aspx" timeout="240"/></authentication>
<!--AUTHORIZATION-->
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
I was told to put into my web config, but this has not solved the problem.
Can anyone tell me what I am missing?
Another issue I am having is that from the home page, if I log in I am not taken to the defult URL, just a 404 page. The URL does not even change from the default address.
Can anyone see why that may be happening?
I have set up member folders in c# asp.net webforms before to only allow certain users and to redirect if the user is not authenticated. I am wondering is this possible / how would I implement the authentication based on weather a Session variable is present(filled with a value) or not authenticate if the Session is null.
I was hoping that something like this would be possible similar to how you can set permissions in we.config for entire folder.
It can be done with help of standart asp.net features. I will try to advice one possible solution for it. First you need to setup "web form authentication" ASP.NET Authentication, you should modify your web.config.
<system.web>
<authentication mode="Forms">
<forms name="Custom" loginUrl="/login.aspx" />
</authentication>
</system.web>
Then you need to specify members locations in the web.config also ASP.NET Authorization.
<location path="folders/memberN">
<system.web>
<authorization>
<allow roles="memberN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
This will allow all users in group "memberN" to work under "folders/memberN" path.
Next we need to add membership and role providers to your web.config. Membership and role providerse configured based on sql server provider.
<configuration>
<connectionStrings>
<add name="SqlServices"
connectionString="Data Source=MySqlServer;Integrated Security=SSPI;Initial
Catalog=aspnetdb;" />
</connectionStrings>
<system.web>
<roleManager defaultProvider="SqlProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/">
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlServices"
applicationName="SampleApplication" />
</providers>
</roleManager>
<membership
defaultProvider="SqlProvider"
userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlProvider" />
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
applicationName="/" />
</providers>
</membership>
</system.web>
</configuration>
Finnaly we need to create special tabels in the database (more details).
%WINDOWS%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe -S <server> -E -d <database> -A all
We use Windows Authentication with a session timeout of 20 seconds.
After 20 seconds, the session expires and the user is redirected to the
sessionExpired page. The problem is this: When the user uses IE,
closes the browser and logs in again using Windows Authentication,
a new session is not created for the same user. The old session remains present,
and the user is redirected to the sessionExpired page again.
What am I missing? What could be the problem?
Update:
My Configuration file is as follows
<system.web>
<roleManager enabled="false"/>
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<sessionState timeout="20"/>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="userName"
connectionPassword="password"/>
</providers>
</membership>
</system.web>