Forms Authentication and Cookies

Discussion in 'ASP .Net Security' started by fcs, Feb 20, 2008.

  1. fcs

    fcs Guest

    we have an ASP application under C# talking to MS SQL 2000, it has no
    problem with windows authentication for almost 200 users who are registered
    in Active Directory. Application has several different folders though.

    Now we are going to use a copy wide open in the internet, for more users,
    under SSL and Forms Authentication.

    based on Microsoft best practice, we have users table having userId and
    hashed passwords.
    passwords are Hashed using forms salt and encryption. no problem with that,
    but cookies are not extended when client is sending posts. I tried to
    manually extend it in Global file under:
    Application_AuthenticateRequest by using let say myCookie.Expires =

    but nothing!

    and something else, when cookies are expired, user is sometimes sent to Log
    On page, sometime not! and when not, there is a prompt for userid and PW
    which doesn't help at all.

    any note? or resources in the internet? (found some basic examples but
    nothing more)


    fcs, Feb 20, 2008
    1. Advertisements

  2. Which version of ASP.Net are you using?

    Did you look at the slidingexpiration attribute of the <form> element in the
    web.config? If set to true then it should be extending the timeout value
    whenever a new request is made.

    Hope this helps,
    Mark Fitzpatrick
    Microsoft MVP- Expression
    Mark Fitzpatrick, Feb 20, 2008
    1. Advertisements

  3. fcs

    fcs Guest

    thanks Mark! timeout extention is in place now!
    fcs, Feb 20, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.