need two authentication timeouts for internal and external users

G

Guest

I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET
Membership database. Internal users access the app from the intranet, but
they are authenticated by the membership module. External users access the
app over SSL from the internet and are also authenticated the same way.

I would like to have a different authentication timeout value for each. I
want 720 minutes for internal users, so they can leave the app open all day
and only have to log in once. I want 30 minutes for external users.

I know I can set session timeout values to be different for each user by
setting Session.Timeout. Can I do something similar with the authentication
cookie? I surmise I could then force an external user to have a shorter
value, or cause an internal user to have a longer value. If I can set it this
way, where would I do it?

I considered deploying the app twice, but all other aspects of security are
working and I'd rather not have the extra maintenance.

Thanks in advance,
Ray
 
G

Guest

To set the cookie timeout, IIS Manager can be used. However, It is not
possible to set different cookie timeouts using IIS Manager. To solve your
problem, I will advise you to generate the tickets manually using
FormsAuthenticationTicket class.

Depending on the domain from where users are logged in, you can set
different timeouts using Expiration attribute of the
FormsAuthenticationTicket class.

Hope it helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top