Databases
StackOverflow2013
Postsdbo
POFormsAuthentication not working
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POFormsAuthentication not working
    text
    copied!<p>I have a site that works as expected on my development box. That is, the formsauthentication ticket expires after 30 days. This is achieved through the following code</p> <pre><code>string roles = UserManager.getAuthenticationRoleString(txtUsername.Text); HttpCookie formscookie = FormsAuthentication.GetAuthCookie(txtUsername.Text, true); FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(formscookie.Value); FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(1, ticket.Name, DateTime.Now, DateTime.Now.AddDays(30), true, roles, ticket.CookiePath); HttpCookie newCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newticket)); newCookie.Expires = DateTime.Now.AddDays(30); Response.Cookies.Add(newCookie); </code></pre> <p>I used fiddler to check that the expiration is set properly and I get this </p> <pre><code>.ASPXAUTH=84AB5430CF4B1C5F9B59C9285288B41F156FCAFA2A169EACE17A7778A392FA69F66770FD8A08FFD06064B00F0BD788FEEC4A5894B7089239D6288027170A642B3B7EB7DB4806F2EBBCF2A82EE20FD944A38D2FE253B9D3FD7EFA178307464AAB4BCB35181CD82F6697D5267DB3B62BAD; expires=Thu, 21-Jan-2010 18:33:20 GMT; path=/; HttpOnly </code></pre> <p>So I would expect it to expire in 30 days...But it only makes it about 30 minutes.</p> <p>I have 3 other interesting tidbits about my environment / code</p> <ol> <li><p>On the production box there are two sites pointing at the same code one for external access and one for internal access</p></li> <li><p>When the I do get the login page because of premature expiration, the .ASPAUTH cookie is still there and sent to the browser</p></li> <li><p>There is some role checking in the global.asax that looks like this</p></li> </ol> <p>-</p> <pre><code>protected void Application_AuthenticateRequest(Object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string userData = ticket.UserData; string[] roles = userData.Split('|'); HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles); } } } } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload