All geek questions in one place

SlideExpiration authentication error does not work

I have below code

int intTimeout = (FormsAuthentication.Timeout.Hours * 60) + FormsAuthentication.Timeout.Minutes; var authTicket = new FormsAuthenticationTicket(1, Utility.userCookie, DateTime.Now, DateTime.Now.AddMinutes(intTimeout), true, cookieValue); string strEncryptedTicket = HttpUtility.UrlEncode(FormsAuthentication.Encrypt(authTicket)); var authCookie = new HttpCookie(Utility.userCookie, strEncryptedTicket); authCookie.Expires = authTicket.Expiration; //FormsAuthentication.RedirectFromLoginPage("", false); authCookie.Secure = FormsAuthentication.RequireSSL; //authCookie.Secure = true; HttpContext.Current.Response.Cookies[Utility.userCookie].Expires = authTicket.Expiration; HttpContext.Current.Response.Cookies[Utility.userCookie].Value = authCookie.Value;

Below web.config

 <authentication mode="Forms"> <forms timeout="2" slidingExpiration="true" requireSSL="true" /> </authentication>

I keep deleting the link to the page, it still expires after 2 minutes .

+5
source share
4 answers

Pay attention to the structure of personalized forms-based authentication in web.config:

 <forms name="name" loginUrl="URL" defaultUrl="URL" protection="[All|None|Encryption|Validation]" timeout="[MM]" path="path" requireSSL="[true|false]" slidingExpiration="[true|false]"> enableCrossAppRedirects="[true|false]" cookieless="[UseUri|UseCookies|AutoDetect|UseDeviceProfile]" domain="domain name" ticketCompatibilityMode="[Framework20|Framework40]"> <credentials>...</credentials> </forms>

As you can see, the timeout property works based on minutes, where you set it to 2 (for example, 2 minutes).

Typically, if you enabled slidingExpiration in web.config. You do not need to manually update the new cookie . For your scenario, I suggest you use a trace tool, for example. Violinist. When you refresh the page, you can check with Fiddler that the cookie expiration time is reset.

I found a good example in Weird Timeouts with a custom ASPNETFormsAuthentication that can do some kind of permission for you.

+1
source

Try removing this line from your code and try again:

 HttpContext.Current.Response.Cookies[Utility.userCookie].Expires = authTicket.Expiration;
+1
source

In the web.config file, either delete the <clear/> element, or add the following <clear/> element if it is missing.

 <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
+1
source

In my application, I define cookieAuthenticationOptions in Startup.cs like this and it works fine

 app.UseCookieAuthentication(new CookieAuthenticationOptions { ExpireTimeSpan = TimeSpan.FromHours(1), SlidingExpiration = true, CookieHttpOnly = true, CookieName = "App.Authentication", AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), });

Do you define these parameters?

Why aren't you using the SignIn AuthenticationManager method?

0
source

Source: https://habr.com/ru/post/1275860/

More articles:


All Articles