I have a few Dot Net Nuke sites to work with but from what I'm reading, as one is on Go Daddy and the other on Peer 1, this may be a patch that is already applied by these 2 providers.
In Scott Gu's blog, the edit to be applied is below. I've edited this for brevity, leaving enough detail in for my question:
Persistent Forms Authentication Cookie Behavior
...
Note: We have had a few customers report problems with persistent forms-auth cookies that turned out to be issues either in their application code, or in a third party logging component they used.
... There are two ways you can fix it: 1) update your code to not throw exceptions to end-users in these cases, or 2) modify the name of the forms-auth cookie that ASP.NET’s Forms Authentication system
uses. Approach #2 is easy and doesn’t require any code changes - just modify the <forms name=".ASPXAUTH"/> configuration section in your web.config file and switch to a different cookie name.
OK, in a DNN Web Config, here's the <forms ... /> tag:
<!-- Forms or Windows authentication -->
<authentication mode="Forms">
<forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
As can be seen, the extension is .DOTNETNUKE and not .ASPXAUTH. So, I'm almost sure if I change this in any DNN Web Config without fully knowing all consequences I'll get some surprises.
Not knowing the ramifications here, I just need to hook up with someone who can point me to the right MSDN sources so that I learn them. I know how to use cookies but never have been exposed to this part of working with them.
So, with a .DOTNETNUKE forms name, what all is entailed to getting this patch applied?
As can be seen, the extension is .DOTNETNUKE and not .ASPXAUTH. So, I'm almost sure if I change this in any DNN Web Config without fully knowing all consequences I'll get some surprises.
Not knowing the ramifications here, I just need to hook up with someone who can point me to the right MSDN sources so that I learn them. I know how to use cookies but never have been exposed to this part of working with them.
So, with a .DOTNETNUKE forms name, what all is entailed to getting this patch applied?
According to your description ,as far as I know the name Attribute of forms is an optional attribute,specifies the HTTP cookie to use for authentication. If multiple applications are running on a single server and each application requires a unique cookie,
you must configure the cookie name in each Web.config file for each application.
The default is ".ASPXAUTH".
For my experience ,ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm. When forms authentication is enabled across multiple ASP.NET applications, users are not required to re-authenticate
when switching between the applications.
Please check the link below for more information about Forms Authentication Across Applications:
mdurthaler
Member
4 Points
6 Posts
Question on editing <forms name=".aspxauth" ... />
Oct 14, 2010 02:16 PM|LINK
I have a few Dot Net Nuke sites to work with but from what I'm reading, as one is on Go Daddy and the other on Peer 1, this may be a patch that is already applied by these 2 providers.
In Scott Gu's blog, the edit to be applied is below. I've edited this for brevity, leaving enough detail in for my question:
Persistent Forms Authentication Cookie Behavior
...
Note: We have had a few customers report problems with persistent forms-auth cookies that turned out to be issues either in their application code, or in a third party logging component they used.
... There are two ways you can fix it: 1) update your code to not throw exceptions to end-users in these cases, or 2) modify the name of the forms-auth cookie that ASP.NET’s Forms Authentication system uses. Approach #2 is easy and doesn’t require any code changes - just modify the <forms name=".ASPXAUTH"/> configuration section in your web.config file and switch to a different cookie name.
OK, in a DNN Web Config, here's the <forms ... /> tag:
<authentication mode="Forms">
<forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
As can be seen, the extension is .DOTNETNUKE and not .ASPXAUTH. So, I'm almost sure if I change this in any DNN Web Config without fully knowing all consequences I'll get some surprises.
Not knowing the ramifications here, I just need to hook up with someone who can point me to the right MSDN sources so that I learn them. I know how to use cookies but never have been exposed to this part of working with them.
So, with a .DOTNETNUKE forms name, what all is entailed to getting this patch applied?
Thanks,
Mike
Ming Xu - MS...
All-Star
25269 Points
2235 Posts
Microsoft
Re: Question on editing <forms name=".aspxauth" ... />
Oct 19, 2010 02:42 AM|LINK
Hi,
According to your description ,as far as I know the name Attribute of forms is an optional attribute,specifies the HTTP cookie to use for authentication. If multiple applications are running on a single server and each application requires a unique cookie, you must configure the cookie name in each Web.config file for each application.
The default is ".ASPXAUTH".
For my experience ,ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm. When forms authentication is enabled across multiple ASP.NET applications, users are not required to re-authenticate when switching between the applications.
Please check the link below for more information about Forms Authentication Across Applications:
http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
Hope it can help you.
Feedback to us
Develop and promote your apps in Windows Store