need two authentication timeouts for internal and external users

Discussion in 'ASP .Net' started by =?Utf-8?B?VCBSYXkgSHVtcGhyZXk=?=, May 14, 2007.

  1. I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET
    Membership database. Internal users access the app from the intranet, but
    they are authenticated by the membership module. External users access the
    app over SSL from the internet and are also authenticated the same way.

    I would like to have a different authentication timeout value for each. I
    want 720 minutes for internal users, so they can leave the app open all day
    and only have to log in once. I want 30 minutes for external users.

    I know I can set session timeout values to be different for each user by
    setting Session.Timeout. Can I do something similar with the authentication
    cookie? I surmise I could then force an external user to have a shorter
    value, or cause an internal user to have a longer value. If I can set it this
    way, where would I do it?

    I considered deploying the app twice, but all other aspects of security are
    working and I'd rather not have the extra maintenance.

    Thanks in advance,
    Ray
     
    =?Utf-8?B?VCBSYXkgSHVtcGhyZXk=?=, May 14, 2007
    #1
    1. Advertising

  2. To set the cookie timeout, IIS Manager can be used. However, It is not
    possible to set different cookie timeouts using IIS Manager. To solve your
    problem, I will advise you to generate the tickets manually using
    FormsAuthenticationTicket class.

    Depending on the domain from where users are logged in, you can set
    different timeouts using Expiration attribute of the
    FormsAuthenticationTicket class.

    Hope it helps.
    --
    Vishwajit MCSD, .NET Architect


    "T Ray Humphrey" wrote:

    > I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET
    > Membership database. Internal users access the app from the intranet, but
    > they are authenticated by the membership module. External users access the
    > app over SSL from the internet and are also authenticated the same way.
    >
    > I would like to have a different authentication timeout value for each. I
    > want 720 minutes for internal users, so they can leave the app open all day
    > and only have to log in once. I want 30 minutes for external users.
    >
    > I know I can set session timeout values to be different for each user by
    > setting Session.Timeout. Can I do something similar with the authentication
    > cookie? I surmise I could then force an external user to have a shorter
    > value, or cause an internal user to have a longer value. If I can set it this
    > way, where would I do it?
    >
    > I considered deploying the app twice, but all other aspects of security are
    > working and I'd rather not have the extra maintenance.
    >
    > Thanks in advance,
    > Ray
     
    =?Utf-8?B?VmlzaHdhaml0IFNpbmdo?=, May 14, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SmFzb24=?=

    forms authentication timeouts and session timeouts

    =?Utf-8?B?SmFzb24=?=, Jun 22, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    457
    =?Utf-8?B?SmFzb24=?=
    Jun 22, 2004
  2. ABC
    Replies:
    1
    Views:
    811
    Richard Dudley
    Oct 24, 2005
  3. ABC
    Replies:
    1
    Views:
    411
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN
    Oct 24, 2005
  4. bitshift
    Replies:
    1
    Views:
    563
    bruce barker
    Jun 22, 2007
  5. ABC
    Replies:
    1
    Views:
    371
    Patrick.O.Ige
    Oct 31, 2005
Loading...

Share This Page