formsauthenticationticket

Can a FormsAuthenticationTicket survive an app pool recycle?

不羁的心 提交于 2020-01-01 10:29:30
问题 I am looking for a solution where we can make a FormsAuthenticationTicket (and corresponding cookie) with a very long expiration period. This is possible by setting a high value or using a sliding expiration, but when the application pool of the website is recycled, the FormsAuthenticationTicket disappears (I think), the cookie gets invalid and the user is asked to login again. Is there any way around this? 回答1: Set static machineKeys instead of the auto generated. This way the

Is Forms Authentication Ticket safe enough?

折月煮酒 提交于 2019-12-20 12:37:13
问题 When a user logs in based on default Forms Authentication method, the server creates a cookie containing encrypted data (using Machine Key as key for encryption). It means that if someone find/guess/access Machine Key for the server, he will be logged in to the web application. I've developed some applications which are on 4 servers. So, I hard-coded the same Machine Key for all the servers in machine.config and I can't use Auto Generate mode. Is it possible to brute force the Machine Key? Is

right way to have role based custom auth query database on every request asp.net mvc

戏子无情 提交于 2019-12-19 09:47:13
问题 This may be a slightly ignorant question but Im new to mvc so Im sorry! I studied the nerd dinner auth model but In my app I have a complicated role based authentication. So What I do is this: void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { HttpCookie authCookie = HttpContext.Current.Request .Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { string encTicket = authCookie.Value; if (!String.IsNullOrEmpty(encTicket)) { FormsAuthenticationTicket

Passing a cookie to a wcf service

烈酒焚心 提交于 2019-12-11 07:35:32
问题 I have a bunch of wcf webhttp (rest) services that expect an auth cookie. Question is - How do I pass the formsauth ticket to the wcf service? Flowing authentication works for get requests through the browsers just fine (as it should) but I am not sure how to set the cookie during my calls using httpclient or webchannelfactory. At this point the authentication is done and the cookie is available. I am not sure of where to insert the cookies while invoking the service through a HttpClient.

Check authentication ticket expiration without affecting it

冷暖自知 提交于 2019-12-10 14:29:35
问题 I am trying to implement a Web Application Project where my web pages can check the server for the Authentication ticket expiration date/time using AJAX. I am using Forms Authentication with slidingExpiration. The problem I run across is I can't figure out how to check the value without resetting it. I created a simple page - CheckExpiration.aspx - below is the code behind: private class AjaxResponse { public bool success; public string message; public string expirationDateTime; public string

Sharing Owin Cookie Authentication and legacy Forms Authentication cookie based

微笑、不失礼 提交于 2019-12-10 13:44:47
问题 In our company, we have a large base of application built with Asp.net Web Forms 4.0 that use forms authentication as a single-sign-on authentication. Configured something like this: <machineKey decryptionKey="..." validationKey="..." /> <authentication mode="Forms"> <forms cookieless="UseCookies" loginUrl="/url/to/login" /> </authentication> Last times we are working on some projects that use Owin Cookie authentication. According to the searches I did, both methods are not compatible.

Can a FormsAuthenticationTicket survive an app pool recycle?

时光怂恿深爱的人放手 提交于 2019-12-04 05:52:06
I am looking for a solution where we can make a FormsAuthenticationTicket (and corresponding cookie) with a very long expiration period. This is possible by setting a high value or using a sliding expiration, but when the application pool of the website is recycled, the FormsAuthenticationTicket disappears (I think), the cookie gets invalid and the user is asked to login again. Is there any way around this? Set static machineKeys instead of the auto generated. This way the FormsAuthenticationTicket will survive app pool recycling. 来源: https://stackoverflow.com/questions/3676995/can-a

FormsAuthenticationTicket.expiration v web.config value timeout

梦想的初衷 提交于 2019-12-03 09:13:04
问题 This is an MVC2 website, I am having a problem with a FormsAuthentication ticket. A user timeouts after 30 minutes cannot re-login. During testing, the DateTime.Now.AddMinutes(30) value was set to 5000 and everything was ok, but it has now changed to 30 and that is when then the problem started From cookie creation FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, user.UserID, DateTime.Now, DateTime.Now.AddMinutes(30), false, "user,user1", FormsAuthentication

Is Forms Authentication Ticket safe enough?

*爱你&永不变心* 提交于 2019-12-03 03:05:54
When a user logs in based on default Forms Authentication method, the server creates a cookie containing encrypted data (using Machine Key as key for encryption). It means that if someone find/guess/access Machine Key for the server, he will be logged in to the web application. I've developed some applications which are on 4 servers. So, I hard-coded the same Machine Key for all the servers in machine.config and I can't use Auto Generate mode. Is it possible to brute force the Machine Key? Is there any other methods? (I don't want to use Windows and Passport) And is Forms Authentication Ticket

FormsAuthenticationTicket.expiration v web.config value timeout

▼魔方 西西 提交于 2019-12-03 00:46:15
This is an MVC2 website, I am having a problem with a FormsAuthentication ticket. A user timeouts after 30 minutes cannot re-login. During testing, the DateTime.Now.AddMinutes(30) value was set to 5000 and everything was ok, but it has now changed to 30 and that is when then the problem started From cookie creation FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, user.UserID, DateTime.Now, DateTime.Now.AddMinutes(30), false, "user,user1", FormsAuthentication.FormsCookiePath); Web.config file <authentication mode="Forms"> <forms loginUrl="~/Account.mvc/LogOn" timeout="2880"