Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms Authentication Timeout

Reply
Thread Tools

Forms Authentication Timeout

 
 
Stu
Guest
Posts: n/a
 
      08-03-2005
Hi all,

I have a forms authentication protected application that doesn't seem to
redirect back to the login page when the ticket expires. I have the
web.config set up (for testing purposes) as such:
<authentication mode="Forms">
<forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All"
timeout="1" path="/" slidingExpiration="false"/>
</authentication>

And after 1 minute has rolled around, the page displays this error and
doesn't redirect back to the login page as expected:
Server Error in '/FormsAuthenticationTest' Application
--------------------------------------------------------------------------------

Access is denied.
Description: An error occurred while accessing the resources required to
serve this request. The server may not be configured for access to the
requested URL.

Error message 401.2.: You do not have permission to view this directory or
page using the credentials you supplied. Contact the Web server's
administrator for help.


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET
Version:1.1.4322.2032

Appreciate any light anyone can shed on this for me.
--
Cheers,
Stu
 
Reply With Quote
 
 
 
 
Joseph Bittman MCSD
Guest
Posts: n/a
 
      08-06-2005
August 6, 2005

That sounds strange. Are you in a sub folder when you get the error? Maybe
it is saying ./login.aspx of the page you are CURRENTLY on, and not from the
web.config's folder. Maybe try a absolute url path in the web.config? Hope
this helps!

--
Joseph Bittman
Microsoft Certified Solution Developer

Web Site: http://71.39.42.23
Static IP




"Stu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all,
>
> I have a forms authentication protected application that doesn't seem to
> redirect back to the login page when the ticket expires. I have the
> web.config set up (for testing purposes) as such:
> <authentication mode="Forms">
> <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All"
> timeout="1" path="/" slidingExpiration="false"/>
> </authentication>
>
> And after 1 minute has rolled around, the page displays this error and
> doesn't redirect back to the login page as expected:
> Server Error in '/FormsAuthenticationTest' Application.
> --------------------------------------------------------------------------------
>
> Access is denied.
> Description: An error occurred while accessing the resources required to
> serve this request. The server may not be configured for access to the
> requested URL.
>
> Error message 401.2.: You do not have permission to view this directory or
> page using the credentials you supplied. Contact the Web server's
> administrator for help.
>
>
> --------------------------------------------------------------------------------
> Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
> ASP.NET
> Version:1.1.4322.2032
>
> Appreciate any light anyone can shed on this for me.
> --
> Cheers,
> Stu



 
Reply With Quote
 
 
 
 
Stu
Guest
Posts: n/a
 
      08-07-2005
Hi Joseph,

Nah, I'm not in a sub folder. I do use the <location> elements of the
web.config file though so perhaps there is something to do with that??? I
can't attribute the working/not working of the redirect to either of the
paths specifically set in the web.config but it is just a thought. I have
included the whole web.config...

<system.web>
<compilation defaultLanguage="c#" debug="true"></compilation>
<authentication mode="Forms">
<forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All"
timeout="30" path="/" slidingExpiration="true"/>
</authentication>
<authorization>
<deny users="?"/> <!-- Deny access to all unauthenticated users -->
</authorization>
<customErrors mode="Off"/>
</system.web>

<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/> <!-- Allow all users -->
</authorization>
</system.web>
</location>
<location path="logout.aspx">
<system.web>
<authorization>
<allow users="*"/> <!-- Allow all users -->
</authorization>
</system.web>
</location>
<location path="error.aspx">
<system.web>
<authorization>
<allow users="*"/> <!-- Allow all users -->
</authorization>
</system.web>
</location>
<location path="scripts/">
<system.web>
<authorization>
<allow users="*"/> <!-- Allow all users -->
</authorization>
</system.web>
</location>
--
Cheers,
Stu


"Joseph Bittman MCSD" wrote:

> August 6, 2005
>
> That sounds strange. Are you in a sub folder when you get the error? Maybe
> it is saying ./login.aspx of the page you are CURRENTLY on, and not from the
> web.config's folder. Maybe try a absolute url path in the web.config? Hope
> this helps!
>
> --
> Joseph Bittman
> Microsoft Certified Solution Developer
>
> Web Site: http://71.39.42.23
> Static IP
>
>
>
>
> "Stu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi all,
> >
> > I have a forms authentication protected application that doesn't seem to
> > redirect back to the login page when the ticket expires. I have the
> > web.config set up (for testing purposes) as such:
> > <authentication mode="Forms">
> > <forms name=".RENOWNSUPPORTAUTH" loginUrl="login.aspx" protection="All"
> > timeout="1" path="/" slidingExpiration="false"/>
> > </authentication>
> >
> > And after 1 minute has rolled around, the page displays this error and
> > doesn't redirect back to the login page as expected:
> > Server Error in '/FormsAuthenticationTest' Application.
> > --------------------------------------------------------------------------------
> >
> > Access is denied.
> > Description: An error occurred while accessing the resources required to
> > serve this request. The server may not be configured for access to the
> > requested URL.
> >
> > Error message 401.2.: You do not have permission to view this directory or
> > page using the credentials you supplied. Contact the Web server's
> > administrator for help.
> >
> >
> > --------------------------------------------------------------------------------
> > Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
> > ASP.NET
> > Version:1.1.4322.2032
> >
> > Appreciate any light anyone can shed on this for me.
> > --
> > Cheers,
> > Stu

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Timeout::timeout and Socket timeout Mark Probert Ruby 1 10-06-2004 09:30 AM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM
web.config session timeout and forms authentication timeout Do ASP .Net 2 11-23-2003 02:27 PM



Advertisments