I'm developing an ASP.NET 4.5 Webforms application with SQL Server Compact 4.0, for membership i am using the Microsoft ASP.NET universal providers for SQL Compact, that means i use forms authentication and role authorizartion.
My Web.config settings for authentication and session:
Everything looks fine about login and folder security per role, but the problem is that the "session" (i think so) timeout is variable.. the session is finished in times between 1 minute mininum and 5 minutes maximum, and then i am redirected to the login
page.
You would actually want to change the session in IIS instead of in the app. I've seen it before where IIS can override what the app settings state for session.
In a shared hosted environment, a very common problem is that the Application Pool recycles frequently. When you're using Session State In Process, that means that all sessions are lost when the Application Pool recycles. To overcome this, you should use
another Session State Mode.
But this doesn't solve the problem that users are logged out, because forms authentication has nothing to do with session. When a user logs in, an authentication ticket is created. This ticket is encrypted with the Machine Key specified in Web.Config. When
you didn't specify one, ASP.NET will create one for you. But when the application pool recycles, ASP.NET will create a new one. The authentication cookie encrypted with the previous key can't be decrypted with the new key, so the user will be redirected to
the login page. To slve this, you need to add a machine key section in Web.Config, so the same key is used on each and every requestL
The machine Key is not the problem, i have defined one in my web.config, i will try to change the session state to be stored in my sql compact database, i think this could do the work...
JramirezDev
0 Points
7 Posts
Problem with Forms Authentication timeout
Jan 08, 2013 11:26 AM|LINK
Hello,
I'm developing an ASP.NET 4.5 Webforms application with SQL Server Compact 4.0, for membership i am using the Microsoft ASP.NET universal providers for SQL Compact, that means i use forms authentication and role authorizartion.
My Web.config settings for authentication and session:
<authentication mode="Forms"> <forms loginUrl="~/Default.aspx" timeout="2880" /> </authentication> <sessionState mode="InProc" customProvider="DefaultSessionProvider" > <providers> <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/"/> </providers> </sessionState>Everything looks fine about login and folder security per role, but the problem is that the "session" (i think so) timeout is variable.. the session is finished in times between 1 minute mininum and 5 minutes maximum, and then i am redirected to the login page.
I will appreciate your help
bbcompent1
All-Star
33063 Points
8516 Posts
Moderator
Re: Problem with Forms Authentication timeout
Jan 08, 2013 11:36 AM|LINK
You would actually want to change the session in IIS instead of in the app. I've seen it before where IIS can override what the app settings state for session.
JramirezDev
0 Points
7 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 12:00 PM|LINK
Hello,
Could you explain me the steps to change it in IIS?
Thanks
bbcompent1
All-Star
33063 Points
8516 Posts
Moderator
Re: Problem with Forms Authentication timeout
Jan 08, 2013 12:09 PM|LINK
Sure, here is a how-to from MSDN: http://technet.microsoft.com/en-us/library/cc725820(v=ws.10).aspx
JramirezDev
0 Points
7 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 06:54 PM|LINK
In my shared hosting i got WinServer 2012 and IIS8,
I do not found in IIS8 the settings of the article you gave me, but i found something in: Site -> Features view -> ASP.NET -> Session State
Is this Ok? the time configured there is 30minutes, but is not working.. what time should i put there?
hans_v
All-Star
35986 Points
6550 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 09:32 PM|LINK
In a shared hosted environment, a very common problem is that the Application Pool recycles frequently. When you're using Session State In Process, that means that all sessions are lost when the Application Pool recycles. To overcome this, you should use another Session State Mode.
But this doesn't solve the problem that users are logged out, because forms authentication has nothing to do with session. When a user logs in, an authentication ticket is created. This ticket is encrypted with the Machine Key specified in Web.Config. When you didn't specify one, ASP.NET will create one for you. But when the application pool recycles, ASP.NET will create a new one. The authentication cookie encrypted with the previous key can't be decrypted with the new key, so the user will be redirected to the login page. To slve this, you need to add a machine key section in Web.Config, so the same key is used on each and every requestL
http://aspnetresources.com/tools/machineKey
JramirezDev
0 Points
7 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 09:39 PM|LINK
The machine Key is not the problem, i have defined one in my web.config, i will try to change the session state to be stored in my sql compact database, i think this could do the work...
hans_v
All-Star
35986 Points
6550 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 09:46 PM|LINK
No, because as I already said, Session has nothing to do with Forms Authentication!
JramirezDev
0 Points
7 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 09:54 PM|LINK
Ok understood, what do you think i should do?
hans_v
All-Star
35986 Points
6550 Posts
Re: Problem with Forms Authentication timeout
Jan 08, 2013 10:04 PM|LINK
Can you show us your web.config file? Make sure to hide sensitive information....