[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.6

Form authentication persistant cookie/ticket not working

Asked by IUAATech in Programming for ASP.NET, .NET Framework 3.x versions, C# Programming Language

Tags: asp.net, C#

My original code for creating a persistant Forms authentication cookie/ticket used to work perfectly before. However, (I believe) as a result of the recent upgrade to .NET Framework 3.5, it has stopped working and I have lots of people at work mad at me since their cookie expires after 10 minutes of inactivity.

The authentication setting in Web.Config file is pretty straight forward: <authentication mode="Forms" />

And my code for creating a user ticket uses the function CreateUserTicket and the redirection is handled by the function RequestLogin.

Even though both the cookies in the CreateUserTicket functions are set to expire after 30 days, the user is redirected to the login page after 10 minutes.

And the Page_Load code for Login.aspx is also attached. It basically checks to see if the user is authenticated.

Finally, I have a "Base Class" for all the aspx pages and the OnLoad Event checks to see if the the "UserInformation" cookie is valid or not:
public class BasePage : System.Web.UI.Page
{
    protected override void OnLoad(EventArgs e)
    {
        if (User.Identity.IsAuthenticated && Request.Cookies["UserInformation"] == null)
        {
            FormsAuthentication.SignOut();
            Response.Redirect("~/Login.aspx");
        }
        base.OnLoad(e);
    }
}

So my question is, what am I missing in my code. I have spent quite a deal of time researching this, but I haven't been able to fix this problem yet.

Please, any help would be appreciated. I am using .NET Framework 3.5 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:

void CreateUserTicket(short userId, bool rememberMe, string userName, string application)
    {
        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
            1,
            Convert.ToString(userId),
            DateTime.Now,
            DateTime.Now.AddDays(30),
            rememberMe,
            UserProfileBLL.GetUserRoles(userName, application),
            FormsAuthentication.FormsCookiePath);
 
        // Encrypt the cookie using the machine key for secure transport
        string hash = FormsAuthentication.Encrypt(ticket);
        HttpCookie authCookie = new HttpCookie(
            FormsAuthentication.FormsCookieName, // Name of auth cookie
            hash); // Hashed ticket
 
        // Set the cookie's expiration time to the tickets expiration time
        if (ticket.IsPersistent)
        {
            authCookie.Expires = ticket.Expiration;
        }
        // Add the cookie to the list for outgoing response
        Response.Cookies.Add(authCookie);
 
        UserProfile userProfile = UserProfileBLL.GetUserProfile(userId);
        HttpCookie userInfoCookie = new HttpCookie("UserInformation");
        userInfoCookie.Values.Add("FirstName", userProfile.FirstName);
        userInfoCookie.Values.Add("LastName", userProfile.LastName);
        userInfoCookie.Values.Add("Email", userProfile.Email);
        userInfoCookie.Values.Add("App", application);
        userInfoCookie.Expires = DateTime.Now.AddDays(30);
        Response.Cookies.Add(userInfoCookie);
    }
 
    void RequestLogin()
    {
        // Redirect to requested URL, or homepage if no previous pagerequested
        string returnUrl = this.Request.QueryString["ReturnUrl"];
        if (returnUrl == null) returnUrl = ResolveUrl("~/Default.aspx");
 
        // Don't call FormsAuthentication.RedirectFromLoginPage since it
        // could replace the authentication ticket (cookie) we just added
        Response.Redirect(returnUrl);
    }
 
    protected void Page_Load(object sender, EventArgs e)
    {
        if (User.Identity.IsAuthenticated)
        {
            RequestLogin();
        }
        else
        {
            ((Literal)Master.FindControl("liLoginStatus")).Visible = false;
            ((ComponentArt.Web.UI.Menu)Master.FindControl("Menu1")).Visible = false;
        }
    }
[+][-]07/20/08 01:02 PM, ID: 22046748Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Programming for ASP.NET, .NET Framework 3.x versions, C# Programming Language
Tags: asp.net, C#
Sign Up Now!
Solution Provided By: tedbilly
Participating Experts: 1
Solution Grade: A
 
[+][-]07/20/08 01:20 PM, ID: 22046786Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/20/08 06:22 PM, ID: 22047625Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/08 06:50 AM, ID: 22050461Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/21/08 01:45 PM, ID: 22054189Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-89 / EE_QW_2_20070628