locked
Problem with Forms Authentication timeout RRS feed

  • Question

  • User-863000154 posted

    Hello,

    I'm developing an ASP.NET 4.5 Webforms application with SQL Server Compact 4.0, for membership i am using the Microsoft ASP.NET universal providers for SQL Compact, that means i use forms authentication and role authorizartion.

    My Web.config settings for authentication and session:

        <authentication mode="Forms">
          <forms loginUrl="~/Default.aspx" timeout="2880" />
        </authentication>
    
        <sessionState mode="InProc" customProvider="DefaultSessionProvider" >
          <providers>
            <add name="DefaultSessionProvider"
                 type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                 connectionStringName="DefaultConnection"
                 applicationName="/"/>
          </providers>
        </sessionState>

    Everything looks fine about login and folder security per role, but the problem is that the "session" (i think so) timeout is variable.. the session is finished in times between 1 minute mininum and 5 minutes maximum, and then i am redirected to the login page.

    I will appreciate your help

    Tuesday, January 8, 2013 7:26 AM

All replies

  • User-718146471 posted

    You would actually want to change the session in IIS instead of in the app. I've seen it before where IIS can override what the app settings state for session.

    Tuesday, January 8, 2013 7:36 AM
  • User-863000154 posted

    Hello,

    Could you explain me the steps to change it in IIS?

    Thanks

    Tuesday, January 8, 2013 8:00 AM
  • User-718146471 posted

    Sure, here is a how-to from MSDN: http://technet.microsoft.com/en-us/library/cc725820(v=ws.10).aspx 

    Tuesday, January 8, 2013 8:09 AM
  • User-863000154 posted

    In my shared hosting i got WinServer 2012 and IIS8,

    I do not found in IIS8 the settings of the article you gave me, but i found something in: Site -> Features view -> ASP.NET -> Session State

    session state iis 8.0

    Is this Ok? the time configured there is 30minutes, but is not working.. what time should i put there?

    Tuesday, January 8, 2013 2:54 PM
  • User-1199946673 posted

    In my shared hosting

    In a shared hosted environment, a very common problem is that the Application Pool recycles frequently. When you're using Session State In Process, that means that all sessions are lost when the Application Pool recycles. To overcome this, you should use another Session State Mode.

    But this doesn't solve the problem that users are logged out, because forms authentication has nothing to do with session. When a user logs in, an authentication ticket is created. This ticket is encrypted with the Machine Key specified in Web.Config. When you didn't specify one, ASP.NET will create one for you. But when the application pool recycles, ASP.NET will create a new one. The authentication cookie encrypted with the previous key can't be decrypted with the new key, so the user will be redirected to the login page. To slve this, you need to add a machine key section in Web.Config, so the same key is used on each and every requestL

    http://aspnetresources.com/tools/machineKey

     

    Tuesday, January 8, 2013 5:32 PM
  • User-863000154 posted

    The machine Key is not the problem, i have defined one in my web.config, i will try to change the session state to be stored in my sql compact database, i think this could do the work...

    Tuesday, January 8, 2013 5:39 PM
  • User-1199946673 posted

    i will try to change the session state to be stored in my sql compact database, i think this could do the work...

    No, because as I already said, Session has nothing to do with Forms Authentication!

    Tuesday, January 8, 2013 5:46 PM
  • User-863000154 posted

    Ok understood, what do you think i should do?

    Tuesday, January 8, 2013 5:54 PM
  • User-1199946673 posted

    Can you show us your web.config file? Make sure to hide sensitive information....

    Tuesday, January 8, 2013 6:04 PM
  • User-863000154 posted

    Ok, here you got:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <configSections>
        <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
        <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
      </configSections>
      <connectionStrings>
        <add name="PortalSegurosDbEntities" connectionString="metadata=res://*/xxx.csdl|res://*/xxx.ssdl|res://*/xxx.msl;provider=System.Data.SqlServerCe.4.0;provider connection string=&quot;data source=|DataDirectory|\xxx.sdf&quot;" providerName="System.Data.EntityClient" />
        <add name="DefaultConnection" connectionString="Data Source=|DataDirectory|\xxx.sdf" providerName="System.Data.SqlServerCe.4.0" />
      </connectionStrings>
      <system.data>
        <DbProviderFactories>
          <remove invariant="System.Data.SqlServerCe.4.0" />
          <add name="Microsoft SQL Server Compact Data Provider 4.0"
               invariant="System.Data.SqlServerCe.4.0"
               description=".NET Framework Data Provider for Microsoft SQL Server Compact"
               type="System.Data.SqlServerCe.SqlCeProviderFactory, System.Data.SqlServerCe, Version=4.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
        </DbProviderFactories>
      </system.data>
      <system.web>
        <machineKey validationKey="527EA2D2AB8CBDECFD2CB5F432D60327583E63907ECD3EEDC44E2546A1AF76C6C251" decryptionKey="D12E35DF859FC202BD7B9BC652104EBF00E487" validation="SHA1" decryption="AES" />
        <trust level="Full" originUrl="" />
        <compilation debug="true" targetFramework="4.5">
          <assemblies>
            <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <add assembly="System.Data.SqlServerCe, Version=4.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
          </assemblies>
        </compilation>
        <httpRuntime targetFramework="4.5" />
        <pages theme="Tema" clientIDMode="AutoID" controlRenderingCompatibilityVersion="4.0">
          <controls>
            <add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
          </controls>
        </pages>
        <httpHandlers>
          <add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" />
          <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" />
          <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
          <add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
          <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
        </httpHandlers>
        <httpModules>
          <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" />
          <add name="RadCompression" type="Telerik.Web.UI.RadCompression" />
        </httpModules>
        <authentication mode="Forms">
          <forms loginUrl="~/Default.aspx" timeout="2880" />
        </authentication>
        <profile defaultProvider="DefaultProfileProvider">
          <providers>
            <add name="DefaultProfileProvider"
                 type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                 connectionStringName="DefaultConnection"
                 applicationName="/" />
          </providers>
        </profile>
        <membership defaultProvider="DefaultMembershipProvider">
          <providers>
            <add name="DefaultMembershipProvider"
                 type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                 connectionStringName="DefaultConnection"
                 enablePasswordRetrieval="true"
                 passwordFormat="Encrypted"
                 enablePasswordReset="true"
                 requiresQuestionAndAnswer="true"
                 requiresUniqueEmail="true"
                 maxInvalidPasswordAttempts="5"
                 minRequiredPasswordLength="6"
                 minRequiredNonalphanumericCharacters="0"
                 passwordAttemptWindow="10"
                 applicationName="/" />
          </providers>
        </membership>
        <roleManager defaultProvider="DefaultRoleProvider" enabled="true">
          <providers>
            <add name="DefaultRoleProvider"
                 type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                 connectionStringName="DefaultConnection"
                 applicationName="/" />
          </providers>
        </roleManager>
        <!--
                If you are deploying to a cloud environment that has multiple web server instances,
                you should change session state mode from "InProc" to "Custom". In addition,
                change the connection string named "DefaultConnection" to connect to an instance
                of SQL Server (including SQL Azure and SQL  Compact) instead of to SQL Server Express.
          -->
        <sessionState mode="Custom" customProvider="DefaultSessionProvider" timeout="30"  >
          <providers>
            <add name="DefaultSessionProvider"
                 type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                 connectionStringName="DefaultConnection" />
          </providers>
        </sessionState>
      </system.web>
      <appSettings>
        <add key="Telerik.Skin" value="Web20" />
        <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
      </appSettings>
      <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules runAllManagedModulesForAllRequests="true">
          <remove name="RadUploadModule" />
          <remove name="RadCompression" />
          <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode" />
          <add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode" />
        </modules>
        <handlers>
          <remove name="ChartImage_axd" />
          <remove name="Telerik_Web_UI_SpellCheckHandler_axd" />
          <remove name="Telerik_Web_UI_DialogHandler_aspx" />
          <remove name="Telerik_RadUploadProgressHandler_ashx" />
          <remove name="Telerik_Web_UI_WebResource_axd" />
          <add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode" />
          <add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode" />
          <add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode" />
          <add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode" />
          <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" preCondition="integratedMode" />
        </handlers>
      </system.webServer>
      <entityFramework>
        <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
          <parameters>
            <parameter value="v11.0" />
          </parameters>
        </defaultConnectionFactory>
      </entityFramework>
    </configuration>
    


    Tuesday, January 8, 2013 6:15 PM
  • User-1199946673 posted

    I don't think your machinekey is correct, they are too short.

    Generate a new key with the online tool in my first reply?

    Tuesday, January 8, 2013 7:14 PM
  • User-863000154 posted

    The MachineKey is ok, i did not paste the whole string for security reasons. Did you see any cause for my problem?

    Tuesday, January 8, 2013 8:35 PM