G
George Durzi
Calling out ASP.NET Forms Auth Experts! I need your help.
Using FormsAuthentication to auth against Active Directory. During my login
process, I'm constructing a FormsAuthenticationTicket as follows:
FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
txtUserName.Value.Trim(), DateTime.Now, DateTime.Now.AddHours(8), true,
sGroups);
Where:
- 1 is the version
- txtUserName.Value.Trim() holds the user name from the login screen
- DateTime.Now is the issue Date
- DateTime.Now.AddHours(8) is the expiration date
- true designates persistence
- sGroups is a "|" character separated string of groups of which the user is
a member of
I then encrypt the AuthenticationTicket then add it to the cookies
collection
string sTicket = FormsAuthentication.Encrypt(oAuthTicket);
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);
Response.Cookies.Add(oCookie);
In web.config, I also have the timeout set to 480 minutes. This overrides
whatever is set in machine.config.
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="480" path="/"
/>
</authentication>
The problem is the users keep getting kicked out to the login screen in much
less than the set time of 480 minutes. I'm not deploying any updates to the
application during that time, so the Sessions aren't being reset, which I
know would cause the user to get kicked out.
Interesting thing though, when I do an oCookie.Expires, it gives me
01/01/2001, so the Expires property isn't being carried from the
FormsAuthenticationTicket.
However, the value of adAuthTicket.Expiration is always correct. (I'm
sticking it in a session for testing)
Can anyone explain this behaviour?
Using FormsAuthentication to auth against Active Directory. During my login
process, I'm constructing a FormsAuthenticationTicket as follows:
FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
txtUserName.Value.Trim(), DateTime.Now, DateTime.Now.AddHours(8), true,
sGroups);
Where:
- 1 is the version
- txtUserName.Value.Trim() holds the user name from the login screen
- DateTime.Now is the issue Date
- DateTime.Now.AddHours(8) is the expiration date
- true designates persistence
- sGroups is a "|" character separated string of groups of which the user is
a member of
I then encrypt the AuthenticationTicket then add it to the cookies
collection
string sTicket = FormsAuthentication.Encrypt(oAuthTicket);
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);
Response.Cookies.Add(oCookie);
In web.config, I also have the timeout set to 480 minutes. This overrides
whatever is set in machine.config.
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="adAuthCookie" timeout="480" path="/"
/>
</authentication>
The problem is the users keep getting kicked out to the login screen in much
less than the set time of 480 minutes. I'm not deploying any updates to the
application during that time, so the Sessions aren't being reset, which I
know would cause the user to get kicked out.
Interesting thing though, when I do an oCookie.Expires, it gives me
01/01/2001, so the Expires property isn't being carried from the
FormsAuthenticationTicket.
However, the value of adAuthTicket.Expiration is always correct. (I'm
sticking it in a session for testing)
Can anyone explain this behaviour?