I am working on an asp.net mvc web application, that uses form authentication which talks directly to our active directory through LDap. On the staging server the user will stay logged-in unless he manually logs out. The problem is when I deploy the application on the live server using IIS 7 the user will be logged out after around 30 minutes if he did not work on the application. I thought the problem was related to the IIS idle time out, but when I checked the settings on the staging IIS I found the following:
but on staging no automatic logout will occur, so it seems the Idle timeout setting is meaningless in my situation. I want to be able to override any undesired setting inside the IIS that might be different on different servers. So my question is how can I specify inside my web.config to not logout the user?
Bearing in mind that on both the live and staging server I have the following setting inside the web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Related
I have Two Asp.net MVC 5 Applications running in the same server, when I login To the first one,I Automatically Logged Out From the second one ,And when I create user on both with the same username if login to one I login automatically in the other one ,I Don't Know what am doing wrong .
I user Microsoft visual studio 2013 default ASP.NET MVC 5 project Template.
Check to see if both apps are using the same application pool. Otherwise ensure they are not using the same back end data tables ie. the same Identity tables. If they overlap that could be your issue.
This might be caused by cookie name collision, if both applications are served from the same domain (domain.com/app1 and domain.com/app2) or from subdomain of one of them (domain.com and app.domain.com) - your two applications may have a default authentication cookie name of .ASPXAUTH.
You can change the authentication cookie name in web.config:
<system.web>
<authentication mode="Forms">
<forms name=".MYAPPASPXAUTH" loginUrl="~/Account/Login" timeout="2880" />
</authentication>
</system.web>
Picking a unique name for each of your applications fixes the issue.
I have created an asp.net mvc web application, it's working fine on localhost but when I upload it, users will get logged out automatically while they are working.
I used:
FormsAuthentication.SetAuthCookie(dbuser.FName, false /* createPersistentCookie */);
and in Web.config:
<authentication mode="Forms">
<forms loginUrl="~/home/login" timeout="2880" />
</authentication>
I tried a lot of things but didn't find a solution. How can I prevent the auto logout from happening?
Ensure that where ever you are hosting it is hosting it as a single instance or handling the session state in an instance-independent manner - ASP.net does not automaically handle session transfers in web gardens or farms. The moment your client hits the other server, they will be logged out.
If you are hosting it on AppHarbor with two web workers for example, you will need to handle the state setup yourself.
Have you tried setting:
Session Timeout Value
<system.web>
<sessionState mode="InProc" timeout="20"/>
</system.web>
At last I have to change my whole coding converting into cookie base user module
I am working on an ASP.NET MVC4 project using SimpleMembership, which generates an ASPXAUTH cookie when you are logged in. It seems to be working just fine, but then today I opened up another MVC4 project, only to notice that I was already logged in.
This was extremely odd, because the new project literally does not have any users defined in the database. Even more disconcerting is when I hit "log out" on the new project, it logged me out of the original site.
Both sites are running on different ports, though both on localhost. When examining the Request to see why it is returning "IsAuthenticated == true", I noticed that the ASPXAUTH cookie is being sent to both sites, and the "domain" parameter of the cookie in the debugger is "null". This made me think that perhaps the cookie is being generated as a "domain-less" cookie (I have no idea if such a thing is even possible, to be honest!), and looked at the web.config setting to specify a domain:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" domain="http://localhost:56626" />
</authentication>
Unfortunately setting the "domain" parameter has made the cookie cease working. I've tried all permutations (with http, without http, with port, without port, etc) and every time I specify a domain, the browser receives the cookie with the properly specified domain name (I examined it in Chrome developer tools), but then fails to ever send it back to the server of subsequent requests.
So, I'm pretty confused about what is happening here. Is this a security leak that I've caused by not setting something up properly somewhere? Or is it perfectly normal behavior that an ASPXAUTH cookie will authorize a user on two totally different web apps on two different ports on the same domain? I would test this on a web host but unfortunately I don't have access to any that run MVC4 at the moment.
Thanks in advance.
ASPXAUTH is the default name given to the cookie but by changing this name for each project in the Web.Config you can make it apply only to that project.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" domain="http://localhost:56626" name=".PROJ1AUTH"/>
</authentication>
Add a Name attribute to the forms element. It will name the authcookie after the name you provide making it unique between other projects.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" name="A_UNIQUE_NAME" />
</authentication>
We have 2 different mvc web applications running on single membership provider. I have put these 2 applications on the webserver and has the virtual path:
http://aa.svr1/app1
http://aa.svr1/app2
If user opens the app1 and app2 in seperate browsers it logs out the other aplication.
When user uses one application at a time, no issuess, concurrently used, its giving log off in one of the application.
I have put the machinekey in web.config file for app1 application and was working fine.
I have made new tfs release onto live server, now again back to the same situation that when app1, app2 browsed simultaneoulsy, logging off one of the application.
What could be causing this blocking sessions/behaving unexpectedly like this ?
You could try explicitly specifying the path parameter of the authentication cookie:
<forms loginUrl="~/Account/LogOn" timeout="2880" path="app1" />
or simply use 2 different cookie names:
<forms name="app1auth" loginUrl="~/Account/LogOn" timeout="2880" />
It's a very strange error for me,
in local machine all works fine, in deployed version,
I can login correctly, but after few(variable) minutes it disauthenticate me
and redirect to account\login that is the bud address because the right one is account\logon
(correctly configured into web.config)
this is the configuration of my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="9999" />
</authentication>
<sessionState timeout="9999" />
EDIT
i can undestand that is a sum of two problem :
a bug of webmatrix data dll that change the login path (i don't really need this dll)
With glimpse I'm see that the process id of w3wp.exe change every minute, this is the cause of continuous logout?