I have created an asp.net mvc web application, it's working fine on localhost but when I upload it, users will get logged out automatically while they are working.
I used:
FormsAuthentication.SetAuthCookie(dbuser.FName, false /* createPersistentCookie */);
and in Web.config:
<authentication mode="Forms">
<forms loginUrl="~/home/login" timeout="2880" />
</authentication>
I tried a lot of things but didn't find a solution. How can I prevent the auto logout from happening?
Ensure that where ever you are hosting it is hosting it as a single instance or handling the session state in an instance-independent manner - ASP.net does not automaically handle session transfers in web gardens or farms. The moment your client hits the other server, they will be logged out.
If you are hosting it on AppHarbor with two web workers for example, you will need to handle the state setup yourself.
Have you tried setting:
Session Timeout Value
<system.web>
<sessionState mode="InProc" timeout="20"/>
</system.web>
At last I have to change my whole coding converting into cookie base user module
Related
I have Two Asp.net MVC 5 Applications running in the same server, when I login To the first one,I Automatically Logged Out From the second one ,And when I create user on both with the same username if login to one I login automatically in the other one ,I Don't Know what am doing wrong .
I user Microsoft visual studio 2013 default ASP.NET MVC 5 project Template.
Check to see if both apps are using the same application pool. Otherwise ensure they are not using the same back end data tables ie. the same Identity tables. If they overlap that could be your issue.
This might be caused by cookie name collision, if both applications are served from the same domain (domain.com/app1 and domain.com/app2) or from subdomain of one of them (domain.com and app.domain.com) - your two applications may have a default authentication cookie name of .ASPXAUTH.
You can change the authentication cookie name in web.config:
<system.web>
<authentication mode="Forms">
<forms name=".MYAPPASPXAUTH" loginUrl="~/Account/Login" timeout="2880" />
</authentication>
</system.web>
Picking a unique name for each of your applications fixes the issue.
I downloaded NopCommerce open source e-commerce project.
It's ASP.NET MVC based and uses Forms Authentication.
When I login always it sends me to login page.
I debugged it and I found a problem httpContext.Request.IsAuthenticated always return false (httpContext variable is type of HttpContextBase).
I checked forms authentication cookie, the cookie is successfully created also httpContext.Request has found cookie.
Someone recommended to add machine key to web config, I added but doesn't resolve.
I don't understand what's the problem ???
Check you got set the authentication mode in your webconfig
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
</system.web>
I am working on an asp.net mvc web application, that uses form authentication which talks directly to our active directory through LDap. On the staging server the user will stay logged-in unless he manually logs out. The problem is when I deploy the application on the live server using IIS 7 the user will be logged out after around 30 minutes if he did not work on the application. I thought the problem was related to the IIS idle time out, but when I checked the settings on the staging IIS I found the following:
but on staging no automatic logout will occur, so it seems the Idle timeout setting is meaningless in my situation. I want to be able to override any undesired setting inside the IIS that might be different on different servers. So my question is how can I specify inside my web.config to not logout the user?
Bearing in mind that on both the live and staging server I have the following setting inside the web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
I'm trying to add Active Directory authentication to a help desk system that was built years ago. Gradually, we'll be upgrading the whole system. I'm starting by creating an MVC2 application that will host the login, and then my plan is to bring current functionality into the MVC as we also add new features.
But the login is the base of the whole thing. We need auditing, so we need to know who's in the system.
I've read articles, other stackoverflow posts, and followed a couple MS walkthroughs to the letter. I was able to get it working as an ASP website, but when it's an MVC application, I can't seem to get it. The ASP application required adding extensive methods, and everything I read makes it sound like MVC should be much simpler.
Here are my IIS settings and the mods I've made to my web.config:
IIS Authentication
Anonymous: Disabled
ASP.NET Impersonation: Disabled
Forms: Enabled
Windows: Disabled
...
...
I keep getting the following error:
HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
End goal is to authenticate the user at the home page. If they can't be authenticated, force the login.
EDIT: Enabled Anonymous Authentication
I enabled Anonymous Authentication to see if any underlying errors might be the source of the problem. I got the following error:
The container specified in the connection string does not exist.
It's finding the error in the definition of MyADMembershipProvider.
<add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" />
I changed my connection string to the following:
<add name="ADConnectionString" connectionString="LDAP://server.domain.com"/>
That did successfully redirect to the login page, but it didn't authenticate me automatically. And when I set Anonymous to Disabled again, I was back to the original error.
I think I'm missing some essential knowledge here that I'm not getting from the materials I'm reading.
EDIT: Authentication not working at all
I thought it might be worth adding that authentication isn't working at all.MembershipService.ValidateUser always returns false.
I think the solution is in the Authentication type. Originally, I was using the following:
IIS Authentication
Anonymous: Disabled
ASP.NET Impersonation: Disabled
Forms: Enabled
Windows: Disabled
And in my Web.config file I was using Forms authentication. Apparently for Active Directory authentication, the type has to be Windows.
Original:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
Revised:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
I know this worked, but since I'm new to MVC, I could still be missing something.
It's a very strange error for me,
in local machine all works fine, in deployed version,
I can login correctly, but after few(variable) minutes it disauthenticate me
and redirect to account\login that is the bud address because the right one is account\logon
(correctly configured into web.config)
this is the configuration of my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="9999" />
</authentication>
<sessionState timeout="9999" />
EDIT
i can undestand that is a sum of two problem :
a bug of webmatrix data dll that change the login path (i don't really need this dll)
With glimpse I'm see that the process id of w3wp.exe change every minute, this is the cause of continuous logout?