Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Why authentication Ticket expires

Reply
Thread Tools

Why authentication Ticket expires

 
 
Tony
Guest
Posts: n/a
 
      11-13-2003
Can anybody tells if I'm doing something wrong in this code
and why the user authentication ticket always expires 30
minutes later, even though I set the cookie expiration
date to the maximum value, and if I'm reading the cookie
back the right way ?


Dim myTicket As New FormsAuthenticationTicket(1, _
myUser_, _
DateTime.Now, _
DateTime.Now.AddMinutes(30), _
myCheckbox.Checked, _
myUserData, _
FormsAuthentication.FormsCookiePath)

Dim hash As String = FormsAuthentication.Encrypt(myTicket)
Dim myCookie As HttpCookie
=New HttpCookie(FormsAuthentication.FormsCookieName, hash)

If (myTicket.IsPersistent) Then myCookie.Expires=
DateTime.MaxValue

Response.Cookies.Add(myCookie)
Dim url As String = FormsAuthentication.GetRedirectUrl
(myUser, true)
Response.Redirect(url)



'THEN I READ THE COOKIE IN THE Global.asax FILE:
If (Not (HttpContext.Current.User Is Nothing)) Then
If (HttpContext.Current.User.Identity.IsAuthenticated ) Then
If (HttpContext.Current.User.Identity.AuthenticationT ype
= "Forms") Then

Dim myID As System.Web.Security.FormsIdentity =
HttpContext.Current.User.Identity
Dim myTicket As
System.Web.Security.FormsAuthenticationTicket = myID.Ticket

Dim userData As String = myTicket.UserData
Dim myRoles As String() = Split (userData, ",")
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(myID, myRoles)
End If
End If
End If


 
Reply With Quote
 
 
 
 
MSFT
Guest
Posts: n/a
 
      11-14-2003
Hi Tony,

In the Constructor of FormsAuthenticationTicket, you have specify the
expiration date:

DateTime.Now, _
DateTime.Now.AddMinutes(30),

If you change it to:

DateTime.Now.AddMinutes(60),

Will the expire date be set to 60 minutes?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)




 
Reply With Quote
 
 
 
 
tony
Guest
Posts: n/a
 
      11-17-2003
Hi Luke,
when I set the Ticket expiration time to :
DateTime.Now.AddMinutes(30)
and then later I set the Cookie expiration time to the
maximum value , isn't that suppose to overwite the
expiration time for the Ticket set in the first statement ?

What I'm doing basically is:
create the ticket and set its expiration time to 30 minutes

then I check if the user checked the Checkbox(remember my
password) and reset the expiration time to the max value.
If (myTicket.IsPersistent) Then taskCookie.Expires =
DateTime.MaxValue



>-----Original Message-----
>Hi Tony,
>
>In the Constructor of FormsAuthenticationTicket, you have

specify the
>expiration date:
>
> DateTime.Now, _
>DateTime.Now.AddMinutes(30),
>
>If you change it to:
>
>DateTime.Now.AddMinutes(60),
>
>Will the expire date be set to 60 minutes?
>
>Luke
>Microsoft Online Support
>
>Get Secure! www.microsoft.com/security
>(This posting is provided "AS IS", with no warranties,

and confers no
>rights.)
>
>
>
>
>.
>

 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      11-18-2003
Hi Tony,

It won't overwite the expiration time in this way. You may create
FormsAuthenticationTicket object with different parameters based on the
myCheckbox.Checked.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
Forms Authentication Ticket Functionality With Windows Authentication jfer ASP .Net Security 3 09-16-2005 06:30 PM
Forms-based authentication expires before timeout Anders Lybecker ASP .Net Security 7 02-18-2004 05:15 PM
forms authentication ticket .userdata vanishing e ASP .Net 1 10-24-2003 06:14 PM
Authentication ticket, cookieless, forms authentication? Lauchlan M ASP .Net Security 0 10-01-2003 12:23 AM



Advertisments