G
Guest
I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET
Membership database. Internal users access the app from the intranet, but
they are authenticated by the membership module. External users access the
app over SSL from the internet and are also authenticated the same way.
I would like to have a different authentication timeout value for each. I
want 720 minutes for internal users, so they can leave the app open all day
and only have to log in once. I want 30 minutes for external users.
I know I can set session timeout values to be different for each user by
setting Session.Timeout. Can I do something similar with the authentication
cookie? I surmise I could then force an external user to have a shorter
value, or cause an internal user to have a longer value. If I can set it this
way, where would I do it?
I considered deploying the app twice, but all other aspects of security are
working and I'd rather not have the extra maintenance.
Thanks in advance,
Ray
Membership database. Internal users access the app from the intranet, but
they are authenticated by the membership module. External users access the
app over SSL from the internet and are also authenticated the same way.
I would like to have a different authentication timeout value for each. I
want 720 minutes for internal users, so they can leave the app open all day
and only have to log in once. I want 30 minutes for external users.
I know I can set session timeout values to be different for each user by
setting Session.Timeout. Can I do something similar with the authentication
cookie? I surmise I could then force an external user to have a shorter
value, or cause an internal user to have a longer value. If I can set it this
way, where would I do it?
I considered deploying the app twice, but all other aspects of security are
working and I'd rather not have the extra maintenance.
Thanks in advance,
Ray