I have an MVC 4 web application that log off some users quickly. The authentication cookie seem stetted up correctly (I also setted timeout to 720 (12 hours)). I also setted session timeout on config file and in IIS. The issue seem's to happen on IE most of the time user get logged off after like 10 minutes. And as usual I can't reproduce the issue on my end.
I am wondering if an ajax call could cause the issue? Or an http header? I searched a lot about that issue and found nothing outside of basic web.config settings.
There is my configs for session, membership and authentication
<sessionState timeout="720" mode="InProc"/>
<membership defaultProvider="SimpleMembershipProvider" >
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
<authentication mode="Forms">
<forms requireSSL="false" domain="dpars.com" loginUrl="~/Account/Login" protection="All" name="DPARSAuth" slidingExpiration="true" timeout="720"></forms>
</authentication>
You might be losing the sessions because you're using InProc Session-State mode, which stores sessions in memory. When you use this mode, the sessions will be lost anytime the web server process restarts, which can happen for a variety of reasons.
Try changing the sessionState mode to "SQLServer", or "StateServer" and see if that solves the problem.
More information on configuring these options can be found here: http://msdn.microsoft.com/en-us/library/ms178586(v=vs.100).aspx
Related
I'm configuring the Active Directory Module 1.2 for CMS 7.2-8.0 and despite the fact that everything works great, I prefer to use integrated security (following the customer's policy). However, the manual does not say anything about using integrated security for the role provider. The LightLDAP.SitecoreADRoleProvider has username and password properties and doesn't use a connectionstring for this:
<roleManager defaultProvider="switcher" enabled="true" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add name="ad" xdt:Transform="Insert" xdt:Locator="Match(name)"
type="LightLDAP.SitecoreADRoleProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
attributeMapUsername="sAMAccountName" cacheSize="2MB" />
</providers>
</roleManager>
<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel" xdt:Transform="SetAttributes" xdt:Locator="Match(enabled)">
<providers>
<add xdt:Transform="Insert" xdt:Locator="Match(name)" name="ad" type="LightLDAP.SitecoreADProfileProvider"
connectionStringName="ADSitecoreUsers"
applicationName="sitecore"
username="usr"
password="pass"
sitecoreMapDomainName="ad" />
</providers>
</profile>
looking this question up in Google is quite hard, because of course, Integrated Security is part of the functionality the AD module delivers, so each hit is about integrated security as well, but I'm looking for the provider to configure with integrated security (my app pool user is a service account that has been logged in via the app pool and that user has the correct rights on AD and databases).
Just finished setting up AD integration without username and password.
From my experience, if the server is joined to the domain or a domain that has trust with the users domain it should not require a username and password. I just omitted the connectionUsername and connectionPassword attributes from the config.
However, we do not allow changing username and passwords (that writes back to AD) in our setup, so your mileage may vary based on your setup.
i need add session timeOut in my web.config, but dont work.
I write in the tag of my web.config for set the timeout to be a 30 minutes, (its wrong?)
'<sessionState timeOut="30"/>'
i'm using VS 2008 and framework .net 3.5.
Can i help me ?
Are you using forms authentication? This would be proper for forms authentication.
<authentication mode="Forms">
<forms timeout="40"/>
</authentication>
Also, ensure you are matching proper case within your web.config.
'<sessionState timeOut="30"/>'
should be
<sessionState timeout="30"/>
I am using the MVC4 Simple Membership Provider. Initially the website logins were timing out prematurely and the user was requested to log back in. After searching, it seemed the solution was to add a "machineKey" element so that if the app pool was recycled, the login token would still be recognized. After adding that element to web.config, now my website is not timing out at all. Any ideas what might be going on?
<machineKey validationKey="D2BCD45AADBB49F1CB3537A1FEA07F93BDFA78A863849E3CC76CDFFAD183FE81BB709EACA8BF3E28BCCE0A5D58A147F4EA68B93B3C9768CA085867D613D14B5C,IsolateApps"
decryptionKey="DD27E5C7B983D2DDDE6371A08F4AEE9A2ECC754593FB4E33,IsolateApps" validation="SHA1" decryption="AES" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="60" protection="All" slidingExpiration="true" />
</authentication>
Hoping you may be able to help with a peculiar issue I'm facing with my SimpleMembershipProvider.
I have an MVC4 application that uses the SimpleMembership feature to store user and role information. This all works perfectly from the front end MVC4 application.
We also have a web service which will call the same SimpleMembershipProvider to validate the user credentials from a mobile app using the standard ValidateUser() method.
However, before I get to my ValidateUser() method I need to initialise my WebSecurity object using the WebSecurity.InitializeDatabaseConnection method. This is causing the below error:
"The Role Manager feature has not been enabled."
I'm initialising the WebSecurity object within the services startup, using the same code pulled from my Portal:
if (!WebSecurity.Initialized)
{
WebSecurity.InitializeDatabaseConnection("PortalContext", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
I've checked that my web.config of my web service contains the appSettings key
<add key="enableSimpleMembership" value="true" />
I've also included the rolemanager and membership details within my system.web section of my web.config.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear />
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear />
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
I'm now completely at a loss and have spent all morning googling for a possible solution.
Can anyone think of a reason why this might be occurring?
If you have multiple projects in the same solution and are using migrations, make the as the startup project the one containing the migrations (in Solution Explorer, Right click Project name > "Set as startup project") before running database-update.
I have a maddening situation here with an MVC4 site. At the outset, you need to know it uses Windows authentication, and I also want to use simplemembership roles (but I don't think this is working--but this is not the focus of my question). Basically, the site works on my dev machine (with IIS Express) and a test machine (with regular IIS). But it doesn't work in production environment. We get an error "could not load file or assembly WebMatrix.WebData, version=2.0.0.0.
The WebMatrix.WebData reference has CopyLocal = False. (This works in dev and test.) If I set CopyLocal = True, then the authentication goes haywire. Specifically, when you visit the site, it attempts a redirect to login.aspx (obviously not an MVC component). So, my question is Why is this happening? How do I fix?
Here's what I've got under my system.web element in the config:
<roleManager enabled="true">
<providers>
<clear/>
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership>
<providers>
<clear/>
</providers>
</membership>
<authentication mode="Windows" />
I've played around with this quite a bit trying to understand the problem, but I don't really know what I'm doing with this config section/what all can be done. I wonder if there's a problem clearing all the membership providers.... while trying to use the SimpleRoleProvider. (I tried cutting out SimpleRoleProvider, but this had no effect on problem.)