asked on

Forms authentication ticket seems to expire pre-maturely and kick out the user

Although I set the timeout to 60 or 1440, it seems the user gets logged out in few minutes, may be 20-30 mts.

Any suggestions would be great.HOw canI start debugging this issue?

<sessionState mode="InProc" stateConnectionString="tcpip=something" sqlConnectionString="data source=something;Trusted_Connection=yes" cookieless="false" timeout="60" />
<forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
Dim tkt As FormsAuthenticationTicket
Dim cookiestr As String
Dim ck As HttpCookie
Dim intTimeoutMinutes As Integer = 1
Dim intRtn As Integer = 1

Try
'set cookie timout period based on isPersistent
If isPersistent Then
intTimeoutMinutes = 43200 '30 days
Else
intTimeoutMinutes = 60
End If
'create auth cookie
tkt = New FormsAuthenticationTicket(1, strUserName, DateTime.Now(), DateTime.Now.AddMinutes(intTimeoutMinutes), isPersistent, strUserName)
cookiestr = FormsAuthentication.Encrypt(tkt)
ck = New HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
If isPersistent Then
ck.Expires = tkt.Expiration
End If
ck.Path = FormsAuthentication.FormsCookiePath()
'write auth cookie to client PC
System.Web.HttpContext.Current.Response.Cookies.Add(ck)

Catch ex As Exception
intRtn = -1
End Try

Nasir Razzaq

Why are you creating the cookies yourself? Forms authentication creates and manages the cookies for you.

TrialUser

ASKER

You mean just this would do it :
FormsAuthentication.SetAuthCookie(strUserName, False) ?

TrialUser

ASKER

Ok, with my original code, it works in the local. However when I published it does not work in the production environment. The timeout does not take its minutes from the Web.config or what is set in the code.

Is there any setting in the IIS 7? Thanks

ASKER CERTIFIED SOLUTION

Nasir Razzaq

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

TrialUser

ASKER

I was getting this error :.
The error I got is :
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

TrialUser

ASKER

Nasir Razzaq

Is that on a particular page or all pages? Do you have only one web.config in the whole of your site?

TrialUser

ASKER

There is only web.config file.

TrialUser

ASKER

I re-wrote the code. Stripped out the code where I create the forms authentication cookie and did this still does not work. Makes me think somethng is wrong in the IIS 7 configuration. Please suggest. I really need to get this resolved asap. Any help will be rgeatly appreciated, Thanks
FormsAuthentication.RedirectFromLoginPage(strUserName, isPersistent)
authentication mode="Forms">
<forms loginUrl="frmstartlogin.aspx" name=".ASPXFORMSAUTH" defaultUrl="frmstart.aspx" path="/" timeout="35">
</forms>
</authentication>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" timeout="20"/><sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" timeout="20"/>

Alan Warren

subscribed

Rahul Agarwal

Have you try this

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
1, // version
txtEmail.Text, // name
DateTime.Now, // issueDate
DateTime.Now.AddMinutes(30), // expiration
false, // isPersistent
roles, // userData
FormsAuthentication.FormsCookiePath // cookiePath
);

Reference:
http://weblogs.asp.net/owscott/archive/2006/07/15/Forms-Authentication-Timeout.aspx

rajeeshmca

Hi,

Check the AppPool assigned for the website in the IIS.

Right Click on the assigned AppPool and click "Advanced Settings"

In that check for "Idle Timeout - Minutes" under the process Model..

Regards
Rajeesh