Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms Authentication and Cookies

Reply
Thread Tools

Forms Authentication and Cookies

 
 
fcs
Guest
Posts: n/a
 
      02-20-2008
Hi,
we have an ASP application under C# talking to MS SQL 2000, it has no
problem with windows authentication for almost 200 users who are registered
in Active Directory. Application has several different folders though.

Now we are going to use a copy wide open in the internet, for more users,
under SSL and Forms Authentication.

based on Microsoft best practice, we have users table having userId and
hashed passwords.
passwords are Hashed using forms salt and encryption. no problem with that,
but cookies are not extended when client is sending posts. I tried to
manually extend it in Global file under:
Application_AuthenticateRequest by using let say myCookie.Expires =
DateTime.Now.AddMinutes(1);

but nothing!

and something else, when cookies are expired, user is sometimes sent to Log
On page, sometime not! and when not, there is a prompt for userid and PW
which doesn't help at all.

any note? or resources in the internet? (found some basic examples but
nothing more)



Thanks,

Vaf





 
Reply With Quote
 
 
 
 
Mark Fitzpatrick
Guest
Posts: n/a
 
      02-20-2008
Which version of ASP.Net are you using?

Did you look at the slidingexpiration attribute of the <form> element in the
web.config? If set to true then it should be extending the timeout value
whenever a new request is made.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP- Expression

"fcs" <(E-Mail Removed)> wrote in message
news:OX55%23K$(E-Mail Removed)...
> Hi,
> we have an ASP application under C# talking to MS SQL 2000, it has no
> problem with windows authentication for almost 200 users who are
> registered
> in Active Directory. Application has several different folders though.
>
> Now we are going to use a copy wide open in the internet, for more users,
> under SSL and Forms Authentication.
>
> based on Microsoft best practice, we have users table having userId and
> hashed passwords.
> passwords are Hashed using forms salt and encryption. no problem with
> that,
> but cookies are not extended when client is sending posts. I tried to
> manually extend it in Global file under:
> Application_AuthenticateRequest by using let say myCookie.Expires =
> DateTime.Now.AddMinutes(1);
>
> but nothing!
>
> and something else, when cookies are expired, user is sometimes sent to
> Log
> On page, sometime not! and when not, there is a prompt for userid and PW
> which doesn't help at all.
>
> any note? or resources in the internet? (found some basic examples but
> nothing more)
>
>
>
> Thanks,
>
> Vaf
>
>
>
>
>


 
Reply With Quote
 
 
 
 
fcs
Guest
Posts: n/a
 
      02-20-2008
thanks Mark! timeout extention is in place now!
Vaf
"Mark Fitzpatrick" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Which version of ASP.Net are you using?
>
> Did you look at the slidingexpiration attribute of the <form> element in
> the web.config? If set to true then it should be extending the timeout
> value whenever a new request is made.
>
> Hope this helps,
> Mark Fitzpatrick
> Microsoft MVP- Expression
>
> "fcs" <(E-Mail Removed)> wrote in message
> news:OX55%23K$(E-Mail Removed)...
>> Hi,
>> we have an ASP application under C# talking to MS SQL 2000, it has no
>> problem with windows authentication for almost 200 users who are
>> registered
>> in Active Directory. Application has several different folders though.
>>
>> Now we are going to use a copy wide open in the internet, for more users,
>> under SSL and Forms Authentication.
>>
>> based on Microsoft best practice, we have users table having userId and
>> hashed passwords.
>> passwords are Hashed using forms salt and encryption. no problem with
>> that,
>> but cookies are not extended when client is sending posts. I tried to
>> manually extend it in Global file under:
>> Application_AuthenticateRequest by using let say myCookie.Expires =
>> DateTime.Now.AddMinutes(1);
>>
>> but nothing!
>>
>> and something else, when cookies are expired, user is sometimes sent to
>> Log
>> On page, sometime not! and when not, there is a prompt for userid and PW
>> which doesn't help at all.
>>
>> any note? or resources in the internet? (found some basic examples but
>> nothing more)
>>
>>
>>
>> Thanks,
>>
>> Vaf
>>
>>
>>
>>
>>

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Give Request.Cookies and Response.Cookies is there any reason to use another method to use cookies? _Who ASP .Net 7 09-18-2008 07:49 PM
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
ASP.NET Forms Authentication and Cookies Jeff ASP .Net 1 04-28-2004 03:23 AM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments