Authentication Ticket expiration

From: Mike Forman (ec-nospam@microsoft.com)
Date: 04/14/03

Next message: Michael Leung: "UNC file share and NTLM user identity"
Previous message: Allison Sutherland: "ASPNET permissions and rights on Locked down IIS"
Next in thread: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
Reply: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Mike Forman <ec-nospam@microsoft.com>
Date: 13 Apr 2003 16:40:48 -0700

I'm, using the following example from

http://support.microsoft.com/?id=308157

and am having a few problems.

The following snippet works great for creating a persistant/non-persistant
ticket

============
tkt = New FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now(), _
dateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data")
      cookiestr = FormsAuthentication.Encrypt(tkt)
      ck = new HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
      if (chkPersistCookie.Checked) then ck.Expires=tkt.Expiration
      Response.Cookies.Add(ck)
============

HOWEVER, the ticket seems to get renewed every time I post back to the server.
What I really want to do is force the Authentication to expire after X minutes
if the does/doesn't post back to the server.

The only exception to this is I want the authentication to expire immediatly if
the user closes the browser, but this seems to be working.

What I want is something like what Yahoo mail uses. When you login, you enter
your username/password and can either "Remember my ID and Password". If the
user says no, then when they close their browser, they have to login again. If
the user checks yes, they don't have to login again UNLESS 8 hours pass from
since the time they log in.

Any suggestions?

-Mike

Next message: Michael Leung: "UNC file share and NTLM user identity"
Previous message: Allison Sutherland: "ASPNET permissions and rights on Locked down IIS"
Next in thread: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
Reply: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Force Relogin. IIS6, ASP.NET app, IE6+ browser
... now it appears you are suggesting I either write a custom authentication ... not prompt with a login dialog. ... The problem you face is that a browser will automatically attempt ... If you can control the browsers to not auto-login to your website, ...
(microsoft.public.inetserver.iis.security)
Re: Force Relogin. IIS6, ASP.NET app, IE6+ browser
... now it appears you are suggesting I either write a custom authentication ... cookies/tokens involved; IIS has no idea what a session is; IIS does ... not prompt with a login dialog. ... The problem you face is that a browser will automatically attempt ...
(microsoft.public.inetserver.iis.security)
RE: Forms authentication cookie handling question (C#)
... programmatically generate forms authentication ticket and set it in ASP.NET ... You use the Login control's "Authentication" event to do the user ... LoginControl's default code logic to generate authentication cookie. ...
(microsoft.public.dotnet.framework.aspnet)
Re: KERBEROS+SASL+OPENLDAP : login but no ticket
... I can login in with pam_ldap ... and the authentification is make with kerberos via SASL, ... a kinit to have a ticket. ... for authentication, and you might like to use openldap as directory ...
(comp.protocols.kerberos)
Re: HttpWebRequest and posting login data
... > How can I post data to an ASP.NET login page and pass authentication? ... You are attempting to substitute code for a browser. ... and a Location header pointing to the login page. ...
(microsoft.public.dotnet.framework.aspnet.security)