i need add session timeOut in my web.config, but dont work.
I write in the tag of my web.config for set the timeout to be a 30 minutes, (its wrong?)
'<sessionState timeOut="30"/>'
i'm using VS 2008 and framework .net 3.5.
Can i help me ?
Are you using forms authentication? This would be proper for forms authentication.
<authentication mode="Forms">
<forms timeout="40"/>
</authentication>
Also, ensure you are matching proper case within your web.config.
'<sessionState timeOut="30"/>'
should be
<sessionState timeout="30"/>
Related
I am working on WEB API Windows Authentication. I have added below config in web.config
Getting this issue:
This configuration section cannot be used at this path.
This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
Please help me on this. Please provide steps how to achieve window authentication in web api
The reason why this error encounters is probably because of the
settings to enable windowsauthentication in IIS via the
web.config file. To resolve this you have to adjust the applicationhost.config file of the IIS server. You need to tell IIS that his own configuration may be overwritten:
For IIS Express follow these instructions
For IIS Server follow 'section applicationhost.config'
Below steps (simple scenario) to allow windows authentication
Assure the webapi project is using windows authentication.
<system.web>
<authentication mode="Windows"></authentication>
</system.web>
Set IIS to windowsAuthenthication and nothing else by configuring the config file
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false"/>
</authentication>
</security>
</system.webServer>
Adjust the applicationhost.config of IIS like described above.
We had the following issue in our Production Environemt:
When we disabled some weak crypto in our IIS Server 8.5 (Using IISCrypto) the server, after we try to login on the webpage, shows a 401 error
The crypto and ciphers that we were trying to configure was this
Crypto Enabled
Ciphers Enabled
The error after we applied changes and restarted the server was this
401 error
However, when we applied the same changes in our QA Enviroment and we didn't had that issue, as a matter of fact, we checked if IIS in both enviroments had a different configuration, still, the configuration was the same in both enviroments. If we reverse the change and enable all of the Crypto algorithms, the problem dissappears
IIS Authentication
We also checked our Web.config in order to check if the authentication methods on both environments was different, however, both lines are exactly the same
<authentication mode="Forms">
<forms timeout="20" loginUrl="Login.aspx" defaultUrl="Login.aspx" requireSSL="true" />
</authentication>
<authorization>
<deny users="?" />
<allow roles="Admin, User" />
</authorization>
Can anybody help us out here with this issue? none of the workarounds and solutions we have looked for have worked or they don't apply (Mainly because we do not use Windows Authentication in our website)
Thanks in advance
EDIT: Anonymous Authentication has the same configuration on both sides
I solved the issue, I needed to first update the servers to the last Windows security update! after that, everything worked fine!
I have an MVC 4 web application that log off some users quickly. The authentication cookie seem stetted up correctly (I also setted timeout to 720 (12 hours)). I also setted session timeout on config file and in IIS. The issue seem's to happen on IE most of the time user get logged off after like 10 minutes. And as usual I can't reproduce the issue on my end.
I am wondering if an ajax call could cause the issue? Or an http header? I searched a lot about that issue and found nothing outside of basic web.config settings.
There is my configs for session, membership and authentication
<sessionState timeout="720" mode="InProc"/>
<membership defaultProvider="SimpleMembershipProvider" >
<providers>
<clear/>
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
<authentication mode="Forms">
<forms requireSSL="false" domain="dpars.com" loginUrl="~/Account/Login" protection="All" name="DPARSAuth" slidingExpiration="true" timeout="720"></forms>
</authentication>
You might be losing the sessions because you're using InProc Session-State mode, which stores sessions in memory. When you use this mode, the sessions will be lost anytime the web server process restarts, which can happen for a variety of reasons.
Try changing the sessionState mode to "SQLServer", or "StateServer" and see if that solves the problem.
More information on configuring these options can be found here: http://msdn.microsoft.com/en-us/library/ms178586(v=vs.100).aspx
I am using the MVC4 Simple Membership Provider. Initially the website logins were timing out prematurely and the user was requested to log back in. After searching, it seemed the solution was to add a "machineKey" element so that if the app pool was recycled, the login token would still be recognized. After adding that element to web.config, now my website is not timing out at all. Any ideas what might be going on?
<machineKey validationKey="D2BCD45AADBB49F1CB3537A1FEA07F93BDFA78A863849E3CC76CDFFAD183FE81BB709EACA8BF3E28BCCE0A5D58A147F4EA68B93B3C9768CA085867D613D14B5C,IsolateApps"
decryptionKey="DD27E5C7B983D2DDDE6371A08F4AEE9A2ECC754593FB4E33,IsolateApps" validation="SHA1" decryption="AES" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="60" protection="All" slidingExpiration="true" />
</authentication>
My previous experience with ASP.NET web application (regarding the timeout) is that it logouts the user every 30 minutes, regardless of what module is running, Is there a way that we can increase the application timeout to an hour or two?
Any help is highly appreciated, thanks in advance.
You can set the Sesion timeout in your web.config file.
<sessionState timeout="60" />
The value is defined in minutes.
I think you can set it programmatically as well from the HttpContext.Current.Session object.
If by application timeout you mean session timeout, then this can be done in the web.config. The timeout attribute on the sessionstate element takes an integer that indicates the number of minutes of inactivity before it times out the user's session.
<configuration>
<sessionstate timeout="20" />
.
.
.
</configuration>
In the web.config , set the value of timeout attribute to the value that you need.
<system.web>
<authentication mode="Forms">
<forms timeout="value in minutes"/>
</authentication>
</system.web>
There is a value in your web.config where you can set the timeout length.
<sessionState
timeout="60"
/>