ive used the deafult login control from asp.net mvc application, with [Authorize] where required.
my problem is that i get logged out at various (random) points in the application, either when submitting a form or clicking link to new page but its hard to pinpoint where the error is as its not consistent.
i have no idea what to do... just one last thing to add, is that logout happens in the online version of my application, not in the local version.
my problem is that i get logged out at various (random) points in the application, either when submitting a form or clicking link to new page but its hard to pinpoint where the error is as its not consistent.
i have no idea what to do... just one last thing to add, is that logout happens in the online version of my application, not in the local version.
I see. Most likely the problem is that you didn't specify a machine key in your web.config.
If you didn't specify a machinekey in web.config, ASP.NET will create one on Application Start. The authentication ticket is encrypted/decrypted using this machinekey. So when a user logs in, the authentiction cookie is encrypted, and on each next request
the authentication cookie is decrypted and the user remains logged in. But when the application pool recycles (which will happen often on shared servers), a new key is generated. When this happens and a logged-in user makes a new request, ASP.NET will try
to decrypt the authentication cookie with the new key, but this won't work because it is encrypted using a different key. As a result. the user cannot be authenticated and will be redirected to the login page. To solve this, all you need to do is specify a
machine key in web.config, so the same key is used accross all requests...
archie8
Member
428 Points
308 Posts
how to go about login for application
Apr 12, 2012 03:53 PM|LINK
hi everyone, im working on a asp.net mvc 3 and c# project.
ive spent a lot of time recently on getting login control in my application
to work properly but had no luck whatsoever :(
i just want to scrap what ive currently done, and start all over again.
could anyone give me any ideas or point me in the right direction.
it would be a huge help.
thanks
archie8
Member
428 Points
308 Posts
Re: how to go about login for application
Apr 12, 2012 03:54 PM|LINK
just to add, any (not so complicated) tutorials/ step by step guides would be much appreciated :)
thanks
BrockAllen
All-Star
28134 Points
4997 Posts
MVP
Re: how to go about login for application
Apr 12, 2012 04:32 PM|LINK
If you create a new project in MVC3 and choose the Intranet project template there is a lot of starter code in there that shows the basic structure.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
hans_v
All-Star
35998 Points
6551 Posts
Re: how to go about login for application
Apr 13, 2012 07:11 AM|LINK
Did you look in the MVC section of this website?
http://www.asp.net/mvc/overview/security
archie8
Member
428 Points
308 Posts
Re: how to go about login for application
Apr 16, 2012 10:56 AM|LINK
hi, yes ive been throughout them tutorials thanks
ive used the deafult login control from asp.net mvc application, with [Authorize] where required.
my problem is that i get logged out at various (random) points in the application, either when submitting a form or clicking link to new page but its hard to pinpoint where the error is as its not consistent.
i have no idea what to do... just one last thing to add, is that logout happens in the online version of my application, not in the local version.
hans_v
All-Star
35998 Points
6551 Posts
Re: how to go about login for application
Apr 16, 2012 12:37 PM|LINK
I see. Most likely the problem is that you didn't specify a machine key in your web.config.
If you didn't specify a machinekey in web.config, ASP.NET will create one on Application Start. The authentication ticket is encrypted/decrypted using this machinekey. So when a user logs in, the authentiction cookie is encrypted, and on each next request the authentication cookie is decrypted and the user remains logged in. But when the application pool recycles (which will happen often on shared servers), a new key is generated. When this happens and a logged-in user makes a new request, ASP.NET will try to decrypt the authentication cookie with the new key, but this won't work because it is encrypted using a different key. As a result. the user cannot be authenticated and will be redirected to the login page. To solve this, all you need to do is specify a machine key in web.config, so the same key is used accross all requests...
http://aspnetresources.com/tools/machineKey
archie8
Member
428 Points
308 Posts
Re: how to go about login for application
Apr 16, 2012 01:19 PM|LINK
thank you for explaining this.
so do i only need to add machine key to web.config? or do i add the key and make some changes?
hans_v
All-Star
35998 Points
6551 Posts
Re: how to go about login for application
Apr 16, 2012 01:23 PM|LINK
Yes
No ;-)
archie8
Member
428 Points
308 Posts
Re: how to go about login for application
Apr 16, 2012 01:41 PM|LINK
thank you sir! it seems to be working now :)