A
AM
Hi All,
I know this question has been posted many times in this group and I did went
through and implemented the solution in my ASP.Net 2.0 Internet facing
application
I am using
IIS for integrated authentication
and ASP.NET for Windows authentication (<authentication mode="Windows" />)
as Dominick Suggested.
It works as expected, I sign into one app and I can go to my app2 and I am
already logged in
My Apps are set as follow
www.mydomain.com/app1
www.mydomain.com/app2
www.mydomain.com/app3
I am able to navigate to all 3 apps, back and forth without any issue.
The problem is my data is very sensitive, I want to make sure that once
users session times out after 15 minutes of inactivity the authentication
should be timed out too, meaning after 15 minutes of inactivity all my
session are cleared and I want user to be asked to re-login after sesson
expires.
In this case even after one hour of inactivity user can click on menu and it
will not ask him to relogin.
Is there any setting at AD level that I can set?
I am open for any other suggestion which does not require any form of cookies.
Thanks
AM
I know this question has been posted many times in this group and I did went
through and implemented the solution in my ASP.Net 2.0 Internet facing
application
I am using
IIS for integrated authentication
and ASP.NET for Windows authentication (<authentication mode="Windows" />)
as Dominick Suggested.
It works as expected, I sign into one app and I can go to my app2 and I am
already logged in
My Apps are set as follow
www.mydomain.com/app1
www.mydomain.com/app2
www.mydomain.com/app3
I am able to navigate to all 3 apps, back and forth without any issue.
The problem is my data is very sensitive, I want to make sure that once
users session times out after 15 minutes of inactivity the authentication
should be timed out too, meaning after 15 minutes of inactivity all my
session are cleared and I want user to be asked to re-login after sesson
expires.
In this case even after one hour of inactivity user can click on menu and it
will not ask him to relogin.
Is there any setting at AD level that I can set?
I am open for any other suggestion which does not require any form of cookies.
Thanks
AM